Gal and Marina BARAK's Bulgarian money-laundering organization
On 1 September 2020, the now infamous Wolf of Sofia, Israeli citizen Gal Barak, was found guilty of serious fraud and money laundering. Barak was identified as one of the beneficial owners of a cybercrime organisation, based in Sofia, Bulgaria.
46 shell companies with 82 bank accounts at Bulgarian FIs
During the criminal proceedings, the European authorities opened the Bulgarian bank accounts of more than 46 companies of Gal Barak’s criminal organisation.
Barak’s (46) companies showed the following characteristics:
- They were all shell companies except for the boiler room (call centre) operators and two technology service providing companies.
- Only three of these companies had employees.
- Only 11 of these companies were legally registered in Bulgaria. Most companies originated in the British Virgin Islands, Marshall Islands, Hong Kong, London, SAMOA, Serbia, etc.
- These 46 (shell) companies opened more than 82 bank accounts with Bulgarian banks, 50 of which were held with Investbank (IORTBGSF XXX – INVESTBANK PLC, Sofia), 10 with DSK Bank (STSABGSFXXX BIC/SWIFT code – DSK BANK AD Bulgaria) and 11 with Eurobank (BPBIBGSFXXX BIC/SWIFT code – EUROBANK BULGARIA).
- Between 01.01.2016 and 31.03.2019, a total of €200 million in stolen funds flowed through the accounts of these companies.
- These shell companies had nominees – primarily Eastern European citizens – as managing directors and owners.
- All managing directors of these shell companies issued a power of attorney for all bank transactions to Gal Barak’s wife, Marina (formerly Marina Andreeva)
- Marina Barak’s telephone number showed up in most of these 82 bank accounts as the contact for queries and online banking purposes.
- From the analysis of the Austrian criminal authorities, it was clear from the research of the IP addresses that Marina Barak administered most of the accounts and did the transactions[1]
All accounts administered by Marina Barak
Only the beneficial owners (Barak represented by his wife Marina) of the cybercrime organisation were entitled to do the transactions of all 82 bank accounts.
Graphically, the importance of Marina Barak was resolved by the criminal authorities for the most significant bank accounts as follows:
A functioning money-laundering system as a critical success factor for investment fraud
Essentially, in addition to the successful operation of aggressive boiler rooms, efficient affiliate marketing, and well-managed social channels, the setup and administration of a sophisticated money-laundering system are critical success factors for all online fraud systems.
The essential elements of a functioning money flow and money laundering system in a boiler room fraud include licensed and unlicensed payment service providers to obtain the deposits of unsuspecting victims.
Licensed Payment service providers with interfaces to the online trading platforms
The licensed e-Money Institution (EMI) and/or Payment Services Provider (PSP)[2] specialises in processing payment transactions for webshops, also often referred to as FinTechs or PayTechs. Some are also licensed members of one or more card networks (VISA or MasterCard).
For a high commission per transaction, some are willing to handle credit and debit card payments for business activities that are either prohibited or classified as high-risk by card companies. They acquire and accept European shell companies equipped with European bank accounts as contractual partners and process payments on their behalf. Some of these acquiring organisations even operate an incorporation service for shell companies[3] of their own.
The Dutch FinTech PAYVISION B.V. and the FCA-regulated EMerchantPay Limited and Connectum Ltd have processed all card payments for Gal Barak’s scams (xTraderfx, SafeMarkets, OptionStarsGlobal, etc.) as well as for Uwe Lenhoff’s brands (markets, Option888, Lottopalace, Tradovest).
Illegal payment service providers for bank wires
Some nationalities, such as Germans, Austrians and Swiss, still prefer to wire large deposits. These victims receive beneficiary bank account data by email for the money transfers from the call centre staff. The beneficiaries are pure shell companies equipped with strawmen as the managing directors and the UBOs. The only purpose of these shell companies is to open up bank accounts with European banks to receive the victims’ deposits and transfer the money according to the scammers’ instructions.
The organisers of such illegal payment service providers (Money Mules) sometimes administer hundreds of different shell companies with European bank accounts. These companies receive the victims’ deposits in their bank accounts and forward them to the scammers’ operating companies. They collect commissions of up to 3% per transaction[5] for this service. The “Money Mules as a Service” service providers used by Barak maintained bank accounts with Postbank/Deutsche Bank (Germany) and banks in the Czech Republic.
Shell companies, acting as operators, service companies and offshore owner companies.
Another critical factor in building a money laundering circuit is access to company builders (offshore and in Europe) who can provide and supply a virtually infinite number of shell companies with leads as directors and nominal owners, as well as with appropriate bank accounts.
In Barak’s fraud scheme, companies based in offshore destinations such as the Marshall Islands, the British Virgin Islands, St. Vincent, and the Grenadines, or even Samoa, appeared on the scam websites as the operating companies. All these companies were pre-funded with Bulgarian accounts at the time of acquisition by Gal Barak. Immediately after purchase, Marina Barak’s phone number was registered as the primary contact for both online banking purposes. Some of these offshore operating companies were mirrored by European shell companies, which also held a Bulgarian bank account. The managers of these (offshore – and/or European) shell companies – straw men – signed (on behalf of Gal Barak and without ever having had direct contact with the acquirers) the service contracts with the acquiring organisations. The acquiring companies transfer the processed money to the Bulgarian bank accounts of these shell companies (such as New Markets S.A., SAMOA, or Rockarage Ltd, Marshall Islands). Similarly, the illegal payment service providers transfer the illicit funds received by bank transfer to these Bulgarian omnibus accounts after deduction of their commission.
From the bank accounts collecting the stolen funds from licensed and illegal payment service providers (the licensed PSPs used bank accounts with Deutsche Bank and ING Bank N.V.), the funds are transferred to other shell companies (the service companies) set up mainly offshore, with Bulgarian bank accounts. The beneficial owners of the shell companies expressly set up offshore are Gal Barak and other accomplices. These transfers are done based on fictitious contracts or fictitious invoices with false names or subjects of performance such as “Service Agreement” or “Agreement for Marketing Services”, “Management Services”, “License Fees”, “Marketing Services”, “Management Services.”
If the banks ask for proof of the funds’ origin, the scammers present these fictitious documents.
Why Bulgaria?
Gal BARAK used the following shell companies for his scams:
The extent of the issue is huge
According to the witness statements of Alexander I., a former call centre (boiler room) employee of Gal Barak, there are 60 boiler rooms in Sofia, Bulgaria, similar to the one operated by Barak.
This statement by Alexander I. aligns with our observations, which are based on documents provided by scam victims. Numerous Bulgarian shell companies are listed in the records of various fraud schemes, either as operating or service companies. The conclusion that accounts at Bulgarian Investbank PLC, Sofia, or DSK Bank A.D. Bulgaria are used to transfer millions, if not billions, of stolen savings from mainly Western Europeans to offshore countries on a daily basis is widely acknowledged.
The scammer industry appreciates the following factors, according to the statements of various insiders in Bulgaria:
- Bulgaria is a member of the EU, so it grants access to the European financial market
- Bulgaria has many ambitious young citizens with good foreign language skills
- Bulgaria has a large Israeli (religious) community
- Bulgaria has a judicial system that is not functioning or is susceptible to corruption.
- A non-existent compliance policy of Bulgarian banks.
The advantage of using bank accounts within the EU area is evident. SEPA credit transfers are carried out quickly and efficiently between SEPA member countries, thanks to current regulations.
How critical a good “cooperation” with European banks is becomes evident in understanding the money-laundering organisations of the fraudsters.
[1] This should also have been relatively easy for Bulgarian banks to understand.
[2] New payment service providers (Pay/FinTechs) are constantly emerging, utilising white-label solutions that outsource to licensed payment service providers. Increasingly, both licensed and unlicensed crypto exchanges are becoming integral to the money flow. All these companies serve to process money from illegal sources. The FinTechs maintain joint account connections and work in close consultation.
[3] Incorporation services are also referred to as company builders. These organisations set up shell companies equipped with nominee general managers and owners, and equipped with bank accounts.
[4] The only purpose of these shell companies is to receive the wire transfers and send the money off to the scammers.
[5] There are higher commissions for bank accounts in Germany, as such bank accounts are extremely popular within the scammer industry.
