Reality is the working paradox that defies control

Cloudular Network Tasks - Identify, Map & Monitor

Ultrascan have extensive experience with identifying, locating, mapping, monitoring, analysing and predicting perpetrators of cross border fraud, money laundering and the planning, funding, communications and support of terrorism for local or international religious extremists as fast growing component of ideological struggle, as well as geopolitical.

Intelligence professionals that 'task network', determine and eliminate 'valued' targets by integrating OSINT and HACKING with HUMINT and TECHINT into a 'Cloudular Network'.

Not linear but cloudular, which means one asset will lead to others quickly and efficiently as we pull the various threads of information allowing clients to move in many directions at the same time or follow one specific aspect if required.

Five Level Ultrascan

Five level ultrascans are used for the intelligence gathering phase of all security related work and to determine the relationships and real world links

People, Groups of people (social networks)

Companies, Organizations

Web sites, Internet infrastructure such as: Domains, DNS names, Netblocks, IP addresses, Email

Phone, Phrases, Affiliations, Documents and files

But also hidden or confidential information can be revealed;

Family ties, Health status;

Financial networks, Foreign sales, Financial resources;

Media sources, Disgruntled employees, Imminent threats, Homeland plots, Trade craft, Recruiting tactics.

Level one ultrascan

A general first wide search for the entities as given by client, the outcome differs a lot depending on how common the names of entities are.

If the entity is named "john smith" the outcome will be a lot of information containing "john smith" - "john" and "smith"

When the entity is the outcome will be information containing or connected to

With a combination of entities, for example, XYZ company, London, Cairo,  Washington, phone and green energy, the outcome will be information containing or connected to all entities and links between the entities.

Level two ultrascan

The outcome of the first level scan will value the new found entities in relation to the given one, depending on the value new entities can be scanned for deeper connections to determine relationships with the original given entity.

For example, documents with co-signatures, university records, photographs with location and time stamp, logins and passwords of (email) accounts, additional (email) addresses, company websites, twitter accounts, can link to new entities that have connections with the given entities. Even though some entities are removed of the internet or data set, traces can still lead to new entities (evidence).

Level three, four and five include Humint and are focussed on the desired results

Bank to Bank Treasury ID Theft

Impersonating authorized bank officers of treasury departments, to send payment orders to (National Reserve) correspondent banks, is a specialist wire fraud problem


Between October 2010 and December 2012 Ultrascan-KPO investigated fraudulent payment orders to treasury departments of 26 correspondent banks on 4 continents, of which 21 National Reserve banks.

Amounts varied between $98,000.00 and $530,000.00 in local currency.

Banks confirmed,  that the calls/fax/mails are coming directly into the appropriate officer and are NOT going through the switchboard. This creates  several problems, messages not being recorded, etc.

All contact information is only available to treasury staff, that is on their computer.

Ultrascan Techint and Humint investigations revealed:

The IT service department, Laptops, PC's, personal and business eco systems, Treasurers signatures, current contact lists and signatures of bank division managers are compromised.

The fraudsters researched and confirmed information through HUMINT in conversations with correspondent Banks. Learning the issues and changing their attacks based on what they got on the phone.

Fraudsters impersonated authorized officers from "the Nostro department", called the correspondent bank treasury, explaining that they were experiencing  SWIFT issues at this time.

Minutes later, the fraudster send a fax and/or email attachment - As a result of a swift outage we are experiencing, kindly accept and execute this MT202 payment order for today's value date - on official letterhead, with validated names and signatures.

The technical support for phone/fax numbers, email and IP addresses was covered by anonymity proxy services and paid for by a Nigerian citizen in Lagos.

Money-laundering was coordinated via a global network of (419) Advance Fee Fraud scammers who, either direct or via money mules, operated bank accounts under befitting names in South Africa, Japan, China, Canada and several European countries.

Over 60 beneficiary bank accounts were operated bymoney mules or independent  business associates of the ultimate beneficiaries.

The 3 ultimate beneficiaries originated from Nigeria, West Africa. One of them specialised in ID theft and 'bank to bank wire fraud' since 2003.

For a large part a confidence fraud making use of the culture of confidentiality within Reserve Banks and  bank treasury departments and a high level of trust between correspondent banks.

For several reasons the perfect crime with a veryLow Probability of Detection and an even lower probability of 'public prosecution'.


We recommended both internal and external solutions that led to prevention, mitigation and disruption of the fraud organisation.

First published by Ultrascan-KPO


Central Banks robbed in 2016:

Malware suspected in Bangladesh bank heist: officials

Bangladesh Central Bank Found $100 Million Missing After a Weekend Break

Also read:
- Case: Anti Corporate ID Theft
Corporate business ID email scam costs companies billions

Are 0.5 % of All Nigerians Fraudster!?
419 Advance Fee Fraud Statistics 2005 / 2013
Smart people 'are easier to scam'

More Phishing, Internet banking, Credit Card and Check Fraud
Cybercrime Funding Terrorism