Last week, we covered a so-called Nigerian scam in which a group of thieves eschewed the standard approach of pretending to be your great-grandmother's sister's former roommate, and instead went directly after state coffers. Now there's news that some would-be fraudsters are turning up their collective noses at the thought of robbing a mere state, and are instead going after entire countries. Given the severity of jail sentences and the dim view federal judges take of those who would steal the wealth of nations, the grand-scale carnival shysters are playing an extremely high-stakes game.

For a group of men currently accused of attempting to illegally steal Ethiopian assets, it's a game they lost. According to The New York Times, the scam was masterminded and led by Paul Gabriel Amos, a native-born Nigerian then living in Singapore. Over time, Amos and his cohorts created a series of official-looking documents that instructed Citibank to wire the sum of $27 million from the National Bank of Ethiopia to a series of puportedly legitimate bank accounts. These accounts were actually controlled by the thieves, who presumably intended to empty them immediately once all 24 of the specified wire transactions had been completed. The exact amount of money intended for each account is not given, but I'm assuming the group settled on an amount of cash that, while sizable, could be moved from Point A to Point B without arousing too much suspicion.

The scheme fell apart when the target banks could not process the transactions. At that point, either Citibank or the target bank attempted to contact the Bank of Ethiopia, which could not verify the transactions as valid. A warrant for Mr. Amos was issued; the man was arrested last month when he attempted to enter the US. The FBI, Citibank, and Ethiopia are obviously pleased with having caught the theft-in-progress, the ringleader is now in jail, and Citibank returned the complete amount of money that had been transferred from the National Bank of Ethiopia.

Officials may have succeeded in stopping this particular heist, but the attack was only discovered late in the process. Amos' plan was complex, elaborate, and took place over several months. First, Citibank was instructed in September (via letter) to accept instructions by fax. That order also gave a list of officials who could be contacted in the event of a problem; Citibank's signature analysis (however cursory it may have been) indicated that the forged signatures matched the actual ones the bank had on file. One month later, Citi received requests to transfer funds to accounts held in Japan, South Korea, Australia, China, Cyprus, and the United States. The NYT story implies that at some point in this process, Citibank officials attempted to contact the appropriate Nigerian authorities, but were headed off by the conspirators who then "approved" the transactions.

The fact that Amos and his men were able to carry their plan as far as they did is a demonstration of how much modern technology has changed the financial industry. The first bank in history, The Bank of St. George (Banco di San Giorgio if you prefer the Italian), was founded in Genoa in 1406. In the 603 years since its founding, bank robbery has virtually always been understood as a physical crime that required the presence of the perpetrator. In this case, we don't know if Amos entered the United States with the intent to further his deception by showing up in New York in person, but regardless, the vast majority of the theft was carried out remotely.

Fake wire transfers, of course, are nothing new—they've been a core component of classic Nigerian 419 scams for the past 25 years—but the degree of foreign sophistication that was brought to bear on the New York operation is startling. Not so very long ago, the technology to create high-quality counterfeit paper, official letterhead, and even appropriately written documents was scarce enough that major banks in the US or Europe had nothing to fear from thieves in the remote reaches of the world. Amos' group, in contrast, was able to communicate through fax and telephone, obtain handwriting samples from the necessary officials (probably through the use of scanned documents) and was even able to provide a proper list of contacts with corresponding phone numbers. In the US, it's no accomplishment to spend a few hours on Google and assemble a list of public information on a given individual but such opportunities are relatively new (or have not yet arrived) in many countries.Nigeria, meanwhile, is scarcely a beacon of development and hope; fraud, poverty, and corruption continue to dominate the country and its political process.

I don't expect we'll hear much about the specifics of the case, if for no other reason than because other malcontents are eager for details on what, exactly, tipped off officials investigating Amos. Whether it was the timing of the transactions, the fact that they arrived as a group, or the ommission of other information that would have allowed the transactions to complete successfully, it's all data the black hats want and the banks shouldn't publicly disclose.

It's doubtful that we'll ever see these types of specialized, focused attacks become a dominant force in the malware industry but the recent cases coming out of Utah and now Citibank could mark the beginning of a trend. The theoretical payout from robbing a bank, state, nation, or other major source is far greater—possibly an order of magnitude greater—than what might be available from a single individual. Even if these plans take months or more to conceive and execute, there are clearly thieves willing to take the risk.