Damian Williams, the United States Attorney for the Southern District of New York, announced that CHARLES ONUS pled guilty to computer fraud in connection with a scheme to conduct cyber intrusions in order to steal payroll deposits from multiple user accounts maintained by a company that provides human resources and payroll services to employers across the United States. ONUS was previously arrested on April 14, 2021 in San Francisco while traveling to the United States from Nigeria and has been detained since his arrest. ONUS pled guilty today before U.S. District Judge Paul G. Gardephe.
U.S. Attorney Damian Williams said: “Charles Onus admitted to participating in a scheme to steal hundreds of thousands of hard-earned dollars from workers across the United States by hacking into a payroll company’s system and diverting payroll deposits to prepaid debit cards he controlled. Our Office will continue to work with our law enforcement partners to zealously arrest and prosecute those who seek to commit cybercrimes targeting Americans from behind a keyboard abroad.”
According to the Indictment, public court filings, and statements made in court:
From at least in or about July 2017 through at least in or about 2018, ONUS participated in a scheme to conduct cyber intrusions of multiple user accounts maintained by a company that provides human resources and payroll services to employers across the United States (the “Company”), in order to steal payroll deposits processed by the Company.
During the course of the scheme, unauthorized access was obtained to over 5,500 Company user accounts through a cyber intrusion technique referred to as “credential stuffing.” During a credential stuffing attack, a cyber threat actor collects stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies. The threat actor then systematically attempts to use those stolen credentials to obtain unauthorized access to accounts held by the same user with other companies and providers, to compromise accounts where the user has maintained the same password.
After a Company user account was compromised, the bank account information designated by the user of the account was changed so that ONUS would receive the user’s payroll to a prepaid debit card that was under ONUS’s control.
From at least in or about July 2017 through at least in or about 2018, at least approximately 5,500 Company user accounts were compromised and more than approximately $800,000 in payroll funds were fraudulently diverted to prepaid debit cards, including those under the control of ONUS. The compromised Company user accounts were associated with employers whose payroll was processed by the Company, including employers located in the Southern District of New York.
ONUS was arrested on April 14, 2021 at San Francisco International Airport after arriving on a flight from Abuja, Nigeria. According to statements ONUS made to U.S. Customs and Border Protection at the airport, ONUS was traveling to the United States for a two-week vacation in Las Vegas.