Barclays Logo
Barclays confirmed its staffer 'deliberately exploited' its systems Reuters

A "corrupt banking insider" working for Barclays, along with four other men, have admitted laundering at least £16m ($21m) for a gang of international cybercriminals.

Between 2013 and 2016, the group used roughly 400 bank accounts in a conspiracy that involved receiving stolen money into one account and then dispersing it into smaller sums across multiple other accounts, the National Crime Agency (NCA) said Tuesday (19 September).

The process, investigators found, would be repeated several times – to disguise the source of the money – before being sent back to cybercriminals.

The hackers were reportedly traced back to a location in Eastern Europe, which has not been revealed.

Nilesh Sheth, 53, a personal banking manager at Barclays, opened a large number of so-called "mule accounts" using fake IDs and address documents.

And he was not alone, the NCA quickly concluded.

Iurie Mereacre, a 37-year-old Moldovan national, ran the money laundering service from his home in London, along with three associates, brothers Iurie Bivol (36) and Serghei Bivol (31) along with Ryingota Gincota (28).

"Sheth abused his position of trust at the bank to knowingly open sham accounts for the network, providing a vital service which enabled them to launder £16 million worth of stolen cash," said Mike Hulett, head of operations at the NCA's cybercrime unit.

The "step-by-step" guide

Prior to their arrests, on 3 November 2016, the laundering group was seen meeting with Sheth on numerous occasions at his bank, and in public places including restaurants and car parks.

On the day of the arrests, NCA officers recovered multiple mobile phones, financial ledgers and 70 mule packs from Mereacre's flat.

The mule packs contained ID and banking documents, bank cards and security information that enabled the group to obtain access to the accounts.

In a move that was surely pivotal to the investigation, officers also seized a hand-written "step-by-step guide to money laundering", which contained instructions on how to move money to accounts at various banks and notes on which accounts had been blocked by bank security.

National Crime Agency
The National Crime Agency building in Westminster on October 7, 2013 in London Dan Kitwood/Getty Images

In a search of Sheth's home in Redwoods Close, Buckhurst Hill, officers recovered over £16,000 in cash and nine mobile phones hidden around his house, including under the kitchen sink.

A number of the phones, the NCA discovered, had been used to communicate with Mereacre and contained text messages sent between the pair, organising meetings and payment.

On Thursday 15 June 2017, at the Old Bailey, Mereacre, Sheth and both Bivol brothers pleaded guilty to roles in the conspiracy.

Gincota opted to take the case to trial but later pleaded guilty to fraud offences on 19 September, authorities said.

A Barclays spokesperson said: "This is a rare occasion where an individual deliberately exploited our systems. We have worked with and supported the NCA with this investigation and welcome the outcome of proceedings.

"Barclays will always support law enforcement in identifying criminal activity and bringing prosecutions."

"Abused his position"

Rose-Marie Franton, from the Crown Prosecution Service's (CPS) International Justice and Organised Crime Division, said: "These men deliberately and persistently set about transferring millions of pounds of stolen money out of the UK to Eastern Europe.

"Working closely with NCA investigators, the CPS presented a strong case with the result that today all the defendants have admitted their guilt.

"The evidence we gathered showed how Nilesh Sheth abused his position as a bank employee for personal gain by facilitating the laundering the criminal proceeds of an organised crime group both within the UK and across borders."

The NCA could not elaborate on the identity of the foreign cybercriminal gang.

Back in 2008, the Northampton Chronicle and Echo reported that Mereacre was linked to an "international card cloning and skimming scam" that was using more than 100 bank accounts and pin numbers were used to net approximately £105,000 in illegal profit.

At the time, the regional newspaper reported he was caught by a Tesco security guard.