The individual, Evaldas Rimasauskas, is believed to have deceived Facebook and Google. Although the U.S. indictment didn’t mention the companies by name, Rimasauskas’ attorney, Snieguole Uzdanaviciene, said the firms were mentioned in the U.S. extradition request.
The court ruled Rimasauskas, who denies the accusations, must stand trial in the United States. Uzdanaviciene said his client will appeal against the extradition to a higher court.
Rimasauskas, 48, was detained in March for deceiving the companies from at least 2013 until 2015through a phishing scam, the the Justice Department announced at the time. He allegedly tricked the firms by carrying out a business email compromise scheme targeting the two tech companies. Rimasauskas is said to have posed as an Asian-based company and sent phishing emails to company employees that regularly conducted multimillion-dollar transactions with the Asian firm, according to the Justice Department.
The companies ended up wiring $100 million to bank accounts in Latvia and Cyprus that were controlled by him. After the money was transferred, he wired it to various other bank accounts across the world, including in Latvia, Cyprus, Slovakia, Lithuania, Hungary and China. Rimasauskas allegedly also forged invoices, contracts and letters, the Justice Department said.
Officials announced in March Rimasauskas was charged with one count of wire fraud and three counts of money laundering, which each carry a maximum prison sentence of 20 years, and one count of aggravated identity theft, which has a mandatory minimum sentence of two years.
"Material presented to the court provides enough evidence to think that Rimasauskas could have committed the deeds that he is accused of," the judge, Aiva Surviliene, said during the verdict on Monday
In the Justice Department’s announcement, the names of the companies were not revealed, and were described as “multinational internet companies” and referred to as the “Victim Companies” by the U.S. Attorney’s Office for the Southern District of New York. One firm was described as a “multinational technology company,” which could be Google, and the other a “multinational online social media company,” which could be Facebook.
Most of the money Rimasauskas stole has been recovered, but the attack shows big tech companies can be victims of scams.
“This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals,” said U.S. Attorney Joon H. Kim in astatement in March. “And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable.”