Dan Gavin
Butch Cassidy, the Sundance Kid, and the Money Mules 

On a dry and pitch-dark night in early June of 1899, the tired old engineer of the Union Pacific Railroad train thought he saw a flicker up ahead. Since he was just outside of Wilcox, Wyoming, he assumed those two lanterns meant that the bridge ahead was washed out. He rolled the engine to a stop to find two masked men held the lanterns. With the “Hole-in-the-Wall” gang led by the famous duo of Butch Cassidy and the Sundance Kid running loose in these parts, he knew this was trouble. Soon four more bandits joined the first where they found the safe. When the security guard refused to open the safe, they laid dynamite and blew it open. The team of bandits made off with $50K in cash plus jewelry, gold, and diamonds.  

Executing the heist was one thing, but getting away with it was another. Sundance handled the heist, and Butch handled the get-away. While Sundance’s team was busy cold-cocking engineers and blowing up safes, Butch was setting up a chain of horses to get the gang out of danger. They ran the horses until exhausted and picked up fresh horses, so they were far out of reach of any possible pursuing posse.  

Cybercrime today is a lot like the Wild West. The hackers are experts at executing the modern-day bank heist via the cyber realm. They skillfully slip into critical computers, crack passwords, and open up the victim’s bank account. Now how do they get the money out without being tracked? I’m glad that you asked. They use money mules. 

A money mule is someone who transfers the money from the victim’s account and wires the money into the hacker’s account. They are the middlemen of the operation. The money mules have no idea that they are actively participating in a criminal activity. They think they have a part-time job that pays well. Sometimes they call themselves transfer agents. Money mule recruiters tend to target people looking for part-time, remote employment, and the jobs usually involve little work other than receiving and forwarding bank transfers. They advertise just like any other recruiter. Initially the mules are given busy-work, menial tasks for the first week where the criminals weed out the bad workers. If they are late to work or lazy, they are fired. A money mule must be reliable. It could cost the organization a large amount of money.  

On a given day the mule would watch the “company’s” message board for instructions. It would say something like: “Good morning. Our client, Acme Corp, is sending you some money today. Please visit your bank, withdraw this payment in cash, and then wire the funds in equal payments, minus your commission, to these three individuals in Eastern Europe.”  

Evil Corp, a Russian hacker group, used money mules in their operations and is in the news again. There have been multiple arrests in the United Kingdom, France, and Spain. Some of the arrests were the unwitting money mules. The United States Department of Justice worked with European authorities as many of the Evil Corp victims were located in the United States.  

Evil Corp’s leader, Maksim Yakubets, is still on the loose. Just like the Wild West, there is a bounty on his head, $5M. His father-in-law, Eduard Benderskiy was named and sanctioned by Western authorities recently describing him as a protector of the Evil Corp crime organization.  

If you see a post on social media or an unexpected direct message with a promise of easy money by being a money transfer agent, you may want to reconsider that opportunity. It could land you in jail. If you are like Butch and Sundance, you could end up surrounded by the Bolivian army in South America. Don’t take the bait.