Author: Jonathan J. Rusch

On August 27, Gulf News reported that the Dubai Public Prosecutor has ordered the police in the Jebel Ali district of Dubai to investigate possible fraud in the disappearance of 6,000 tons of rice that Indian exporters had shipped into Dubai.  According to Gulf News, a company with offices in Dubai, Al Rawnaq Al Thahbhi General Trading (Al Rawnaq), ordered around 6,000 tons of rice, as well as spices and coconut,  from 20 or so exporters in India between March and April 2019.

In a pattern characteristic of other recent trading fraud schemes in the United Arab Emirates (UAE), Al Rawnaq was ostensibly run by a man who identified himself as Shaikh Tariq Awais, a Pakistani national.  Tariq rented a warehouse in the Al Quoz locality in Dubai, and Al Rawnaq ordered merchandise from the Indian exporters.

One of the exporters stated that they had done due diligence on Al Rawnaq by visiting the Al Rawnaq office, checking its trade license, meeting its general manager, and receiving telex transfer (TT) receipts from a Dubai money exchange that they believed confirmed the acceptance of the remittance request and the initiation of the transaction.  When that exporter saw that there was a gap of 10-15 days between the issue of the TT receipts and the transfer of funds, he said, “We found this odd as such transactions don’t take more than 2-3 working days. When we brought this to Tariq’s attention, he blamed the delay on banks.”

Ultimately, however, each of the 23 TTs, which totaled AED 15.38 million (US $4.18 million), were cancelled after checks issued against them bounced because of insufficient funds.  By the time that exporter representatives arrived in Dubai to inquire further, the Al Rawnaq warehouse where the 6,000 tons of rice had been stored, in some 250 shipping containers, had been emptied, the Al Rawnaq office had been vacated, and Tariq and others supposedly connected with Al Rawnaq had disappeared.  In addition, the post-dated check that Tariq had used to rent the warehouse also bounced, as did a check to a Dubai travel firm that had sold airplane tickets and arranged visit visas for Al Rawnaq.

The Public Prosecutor has now directed the police to investigate accusations of fraud against six men and two companies, including the money exchange house that allegedly handled the TTs, for their “role and alleged complicity in the scam.”

Note:  Fraud schemes involving the use of postdated checks are commonplace in the United States and other countries, and have resulted in losses of as much as $100 million in a single scheme.  In this case, what is more striking is not the amount of money fraudulently taken (though even those losses are proving ruinous to some exporters), but the sheer volume of goods that presumably were resold and reshipped quickly before the exporters recognized that they had been defrauded.  Exporters everywhere should take note of this scheme and treat the offer of postdated checks by a purported buyer anywhere as a red flag indicative of grave risk, if not fraud.

On August 29, cybersecurity firm Kaspersky Lab issued its Incident Response Analytics Report for 2018.  The report, which covers Kaspersky’s own incident response practices for the year, covers in just eight pages a broad range of facts and findings indicating the breadth and depth of cybersecurity challenges:

• General Data on Incident Responses: For regional distribution of incident responses, the Commonwealth of Independent States (including Russia) has by far the highest percentage (48 percent), followed by Latin America (19 percent), Europe (16 percent), the Middle East (6 percent), and Africa, Asia-Pacific, and North America (3 percent each). For industry distribution of incident responses, financial institutions represented the largest segment (33 percent), followed closely by government bodies (30 percent) and industrial companies (22 percent).  The remaining 15 percent of industries included miscellaneous (7 percent) and retail and transport (4 percent each).
• Reasons for Requesting Incident Response: The report stated that “[m]ore than half of the requests for investigation were initiated by customers after detecting an attack that had visible consequences, such as unauthorized money transfers, workstations encrypted by ransomware, service unavailability, etc.” The most common reasons for incident responses were ransomware (26 percent), detection of a suspicious file (22 percent), detection of a suspicious network activity (22 percent), monetary theft (11 percent), and spamming from a corporate account (7 percent).  For ransomware attacks, Wannacry, associated with North Korea since 2017, accounted for by far the largest percentage of victims (40.64 percent), with Cryaki (7.37 percent) and GandCrab (5.15 percent) a distant (though still noteworthy) second and third.
• Relative Infrequency of Incident Response Requests: While 81 percent of organizations that provided data for analysis “were found to have indicators of malicious activity in their internal network,” only 22 percent of companies “where evidence of malicious activity was detected requested an Incident Response service.”
• Industry-Specific Variations in Threat Frequency: For financial institutions, indications of advanced persistent threat (APT) attacks “appeared in the infrastructure of financial institutions one and a half times more often (54%) than in other organizations.” Only 12 percent of financial organizations showed indications of ransomware, and only 8 percent showed indications of banker Trojans.  For government bodies, malicious activity was detected in 95 percent of government bodies – 14 percent greater than across all organizations in general.  By contrast, industrial companies “are more likely to be victims of bankers.” Banker Trojan activity was detected in 27 percent of companies, and APT attacks were detected in 15 percent and ransomware attacks in 25 percent of manufacturing companies.
• Attack Vectors: Cyberattackers used the remote management interface of the Microsoft Remote Desktop Protocol (RDP) in the initial attack vector in one out of three incidents. “In the majority of cases, an adversary successfully obtained a valid user’s credentials as a result of a brute-force attack on the RDP service.”  Notably, in one-third of attacks through remote management interfaces, “the valid credentials were known to the intruder in advance (no brute-force attempts were detected).”   In a finding that should surprise no one, one-third of attacks “occurred due to a lack of security awareness among employees. An employee downloaded a malicious file from untrusted sources and launched it, allowing an adversary to gain control over the workstation.”

The report also includes a discussion of attack durations for various cyberattacks, and a detailed table of attack tactics and techniques.

Note:  Cybersecurity teams at companies of all sizes should read the Kaspersky report in its entirety.  While the data on regional distribution of incident responses may be skewed if Kaspersky, headquartered in Moscow, has a greater percentage of its clients in the CIS, the data are nonetheless instructive.  The report includes a variety of recommendations for improving incident responses, but adds an appropriate cautionary note:

[W]e can see that humans are still the weakest link in the security chain. Even with a high-level security policy and security controls in place, a single employee uneducated in information security can trigger a major compromise of the internal environment and assets.

On August 19, the Hong Kong Independent Commission Against Corruption (ICAC) and the Hong Kong Securities & Futures Commission (SFC) issued a Memorandum of Understanding (MOU) that “sets out the framework for cooperation and collaboration” between the two agencies “in the performance of their respective regulatory and/or enforcement functions.”

The MOU contains the following key provisions:

• Purpose – “The parties have a mutual interest and respective duties in combating corruption, crimes and/or illicit activities relating to the securities and futures industry in Hong Kong and they recognize the need for the fullest cooperation and collaboration in order to perform their Functions effectively.:
• Overriding Principles – The MOU lists six principles:
  • “the parties will use their best endeavours to meet the terms of this MoU;
  • “this MoU does not modify or supersede any laws or regulations;
  • “this MoU does not amount to a delegation of any of the powers, duties or obligations of the parties;
  • “this MoU does not create, directly or indirectly, any legal rights, obligations or liabilities, enforceable by the parties or any other person;
  • “if a matter is not dealt with explicitly in this MoU, the parties agree to work together to resolve it quickly in accordance with the principles of cooperation and collaboration; and
  • “this MoU does not affect any arrangements under any other MoU that the parties have entered into or may enter into with any other person.”
• Referral of Cases – The MOU specifies the circumstances in which each agency may refer a matter involving suspected criminality or misconduct to the other, conduct a referral evaluation, and advise the other agency about the results of such an evaluation.
• Joint Investigations – The MOU provides that if a case falls within both agencies’ functions, the agencies “may agree to commence a joint investigation in order to minimize the duplication of effort, and enhance the efficient use of their respective resources as well as the effectiveness of the investigation.” It also address the establishment and operation of a joint task force involving both agencies.
• Early Involvement of the Department of Justice – The MOU states that when there is a joint or parallel investigation on the same subject matter, “the parties will consider whether to consult the Department of Justice at an early stage about whether only one party should continue with the criminal investigation or each party should focus on particular suspected offences.”
• Exchange and Use of Information – The MOU contains broad provisions for interagency exchange of information, as well as for use and treatment of information exchanged.
• Investigative Assistance – The MOU states that when the ICAC “reasonably believes that it is necessary to have the opinion of a market expert during the conduct of its investigation, it may request the SFC to assist.” For other categories of investigative assistance, it provides that either agency “will consider requests from the other party for investigative assistance.”

The MOU also contains provisions addressing communications and media strategy, capacity-building, and designation of agency contacts.

Note:  While the ICAC and the SFC have shown their willingness to conduct joint investigations in significant cases – most recently in last year’s Operation “Cold Mountain,” directed at several employees of Hong Kong Exchanges & Clearing Limited – this MOU represents a significant step forward for both agencies in operationalizing their commitment to closer collaboration and cooperation.  The fact that the agencies took prompt steps to make the MOU public also indicates that the agencies are sending a strong signal to Hong Kong businesspeople and government officials about the strength of that commitment.

On August 31, The Times reported that the United Kingdom Government admitted that it had yet to apply to the European Commission (EC) for regulatory clearance that would be required for selling animal products to the European Union (EU) should the United Kingdom follow through on an October 31 deadline should a “no-deal” Brexit take place.  According to The Times, countries that wish to export live animals and animal products to the EU must obtain “listed status” from the EC “and can take as long as six months to secure.”

The United Kingdom was last granted in April 2019, five months after applying for it, but that status lapsed after the Brexit deadline was moved to October 31.  A spokeswoman for the United Kingdom Department for Environment, Food and Rural Affairs stated that “we are confident the UK will continue to meet the [EC’s] requirements,” but admitted that the government had not yet reapplied for listed status.

Note:  Regardless of one’s position on the virtues or vices of Brexit in any form, this failure by government under two Prime Ministers to reapply in timely fashion for listed status could lead to substantial, if not catastrophic, harm to Britain’s food and drink producers.  According to The Times, “Britain’s food and drink exports to the EU are worth £22 billion. The biggest include chocolate, cheese, salmon and beef, all of which would be affected.”

With less than two months to October 31, the government needs to reapply for listed status immediately, and hope that the EC and the EU are willing to expedite consideration and approval of that application.  Given the continuing turmoil stemming from Prime Minister Boris Johnson’s efforts to suspend Parliament and his promise to intensify negotiations with the EU for a new Brexit agreement, it is far from clear that the EC will be so accommodating.

On August 28, the South Korean Supreme Court, in a highly anticipated ruling, partially overturned the decision of the Seoul High Court in the bribery prosecution of Samsung Vice-Chairman Lee Jae-yong, and remanded the case for retrial.  The ruling means that Lee, who initially received a five-year prison sentence before having it modified to a two and a half-year suspended sentence, could face an even longer prison sentence after retrial.

Lee’s 2017 trial and conviction stemmed from a request that then-South Korean President Park Gyeun-hye had made of Lee to help the daughter of Park’s longstanding confidante of Choi Soon-Sil.   As the daughter was reportedly a competitive equestrian, Park, with funds that prosecutors said he embezzled from Samsung, gave her three horses worth an estimated $3 million and paid her fees at a dressage school in Germany.

Lee’s original conviction was based on his offering a total of $7 million in bribes to Park and Choi during Park’s tenure as President because he “sought government support to solidify his control over the company.”  On appeal, the Seoul High Court overturned some of Lee’s convictions and reduced the amount of Lee’s bribery to $3 million, which led to its reducing and suspending his sentence.

Supreme Court Chief Justice Kim Myeong-su, however, stated that the High Court’s ruling “was based on the premise that the horses defendants gave to Choi Seo-won [the daughter] were not to be considered bribes, misinterpreting the principle of law regarding bribery and mistakenly affecting the ruling.” Consequently, the Supreme Court concluded that the High Court had undervalued the amount of Lee’s bribes.

South Korean sentencing guidelines indicate that if Lee, on retrial, is found to have embezzled more than $4 million of corporate funds, he would receive a sentence between four and seven years’ imprisonment.  Under South Korean law, a court may not suspend a sentence of longer than three years.

Note: This decision has more than passing significance in South Korea, for two reasons.  First, the prospect that Lee could face resentencing and imprisonment is a cause for concern in the country’s business community, given the extent to which Samsung is deeply entrenched in the country’s economy and Lee’s role as de facto chief executive at Samsung.  Second, the Supreme Court’s decision establishes that South Korean bribery law applies not only to monetary bribes but to non-monetary things of value, such as the million-dollar horses.