A computer hacker transferred more than Dh1 million from the bank account of an American in Seattle to a financial services company in Dubai to invest the money in the stocks markets, it is claimed.
The hacker allegedly gained access to the American’s account in March 2013 and transferred US$500,000 (Dh1.84m) in three installments to the company’s bank account in Dubai. An unidentified man later managed to withdraw some of the amount in the UAE by claiming to be the American.
Upon discovering what happened, the account holder contacted the company to retrieve the money, arguing that he did not sanction the transfers or sign any agreements, nor was he the person who withdrew the money. The company acknowledged its receipt of the amount but refused to return the money, which prompted the American’s legal consultant, Hassan Elhais, from Al Rowaad Advocates, to file a civil case against the company.
Mr Elhais proved to Dubai Civil Court that both his client and the financial services company have not committed any criminal act and that a cyber attack on the client’s account caused the problem.
The court assigned an auditor to investigate the case. The subsequent report confirmed that the American did own the money and did not authorise the transfer of $250,000 from the total transferred amount of $500,000.
The report found that the other $250,000 was transferred in two installments to the company and that a third party, who remains unknown, used a power of attorney (PoA) allegedly given to him by the American to withdraw the cash.
However, Mr Elhais argued that the PoA was not given to the third party. He said that the PoA used did originate from the American but it was for use in another country, not for the US or UAE.
The report also stated that a cyber crime had taken place and the victim [the American] should lodge a criminal case related to charges of impersonation and forgery.
Mr Elhais told the court that it was not clear if one or more hackers were at play.
The financial company presented documents to court showing an agreement with the American, which included a transfer letter and a withdrawal application for Dh90,000, all signed in his name.
However, Mr Elhais told the court that the documents, including the passport copy and the identification card, were different from his client’s. He presented copies of his client’s original passport, which showed a difference in name to that offered by the financial company.
Dubai Civil Court ordered the company to repay an amount of $250,000, which according to the auditor’s report was not transferred using the American’s authorisation. They were also ordered to pay the man 9 per cent interest on the amount from the date of his legal claim in September 2016. However, the court decided that the rest of the amount could not be returned as there was evidence to suggest that he did sanction the transfer of it.
The American appealed the case but the ruling was upheld. He, as yet, has not filed a criminal case.
The hacker remains at large.
