Cyber fraud: a court's jurisdiction on asset seizure

It reads like a movie plot with shadowy figures hacking email accounts, sending fraudulent instructions to banks and syphoning money into accounts around the world but how do you stop the money moving if you don’t know who the enemy is?

In the first case of its kind, the High Court has awarded China Molybdenum Company (CMOC) £7m and granted a worldwide freezing injunction against ‘persons unknown’ for the first time^[1].

The fraud

Hackers instructed CMOC’s bank to transfer funds to bank accounts in 19 jurisdictions around the world. The transfers totalled just under $7m and almost €1.3m. In an attempt to recover funds and track down the perpetrators, CMOC sought to freeze the bank accounts into which the money had been transferred. At a preliminary hearing back in 2017, the judge decided there was a good arguable case that the court had jurisdiction to grant a worldwide freezing order (WFO) against ‘persons unknown’, which included any person who had carried out, assisted or participated in the fraud, including the recipients of the funds. That initial decision has now been confirmed as an extension of the law following the conclusion of the trial of the proceedings.

The hackers infiltrated the email account of a CMOC director and sent instructions to the company’s bank to make the payments. The scam was sophisticated in that the instructions mirrored emails the company would regularly send to its bank. The hackers also diverted emails from colleagues to the director when the authenticity of the payments was questioned and impersonated the director in responses to those colleagues.

In addition to the WFO, CMOC was also successful in obtaining disclosure orders against 50 banks, these were classed as ‘no cause of action defendants’ and so were not part of the proceedings other than for disclosure. The disclosure orders allowed CMOC to identify other individuals involved in the fraud and they were then joined to the proceedings.

Action against ‘persons unknown’ is usually seen in libel or trespass cases, but this is a first in a case involving financial fraud. The granting of the WFO in these circumstances was appropriate owing to the hacking element, the unknown identity of the defendants and the severity of the offences committed. Granting a WFO should be an option for victims of cyber fraud where the fraudsters’ identities are unknown. The decision was said to reflect ‘the need for the procedural armoury of the court to be sufficient to meet the challenges posed by the modern electronic methods of communication and of doing business.’

In granting the order, the court emphasised that the defendants should be clearly identified, despite being ‘persons unknown’. The judge was satisfied with the approach taken by CMOC in identifying defined classes of defendant. The company made reference to those involved in the fraud in the claim form, and the particular bank accounts into which money was transferred together with the individual transactions were extensively evidenced and scheduled for the benefit of the court.

Innovative methods of service

The judge allowed service of the defendants through Facebook Messenger and WhatsApp, two ‘innovative’ methods of service. It is not unusual for service to be deemed valid through posting relevant materials on Facebook, but in this case the service occurred through Facebook Messenger, a private service channel.

Service through WhatsApp, which was approved in an earlier case, was also permitted here as the platform allows the sender to see when the message has been both received and read. The judge was happy to consider alternative methods of service where they are justified in a particular case and acknowledged the need to rule in line with modern practices.

Data rooms

The high volume of material relevant to this case, resulting mainly from the number of no cause of action (bank) defendants, meant that service through a secure data room was permissible. CMOC used a court approved form of service, such as email or hard copy, to circulate a link to the data room to all of the relevant parties. An access code would follow in a separate email to ensure the data room was secure and only accessible by the relevant parties. Accessing the data room allowed all parties to see all the relevant documents and any new applications. This also allowed any new defendants, when they joined proceedings, to quickly get up to speed.

In addition to the use of the data room, CMOC had also prepared a summary for each defendant. This contained details of how each defendant had been served, the method of service and where the relevant evidence could be found.

The defendants who did utilise the data room found it a ‘most useful facility’ as they did not require service of documents individually by email or hard copy.

What does the future hold?

This decision can be seen as an extension of the law as it stands currently and will likely pave the way for more victims of cyber fraud to seek similar injunctions in an attempt to recover stolen funds.

The court’s decision was undoubtedly influenced by the increased prevalence of cyber fraud in the UK. Often outdated court procedures need to evolve at the same pace as technology, especially as modern methods of conducting business have given criminals more opportunities to strike.

[1] CMOC Sales & Marketing Ltd and Persons Unknown and 30 others [2018] EWHC 2230 (Comm) (26 July 2018).