A 19-year-old Sydney man has been charged with allegedly attempting to misuse stolen Optus customer data in an SMS blackmail scam.
The Rockdale man is due to appear in Sydney Central Local Court later on to face two offenses which carry a maximum sentence of 10 and 7 years in prison.
The investigation was triggered when the AFP-led Operation Guardian became aware of a number of text messages asking some Optus customers to transfer $2,000 to a bank account or see their personal details. used for financial crimes. The data used by the alleged infringer to identify these customers came from the 10,200 stolen records published online after the Optus breach last month.
AFP identified a bank account, which was in the name of a minor, and alleges it was being used by the man.
A search warrant was executed at a Rockdale home earlier today (Thursday October 6) where a cell phone allegedly linked to the text messages was seized.
It will be alleged in court that text messages were sent to 93 Optus customers whose data was exposed on an internet forum. At this point, it appears that none of the people who received the SMS have transferred any money to the account.
The Rockdale man was charged with two offences:
a. Use of a telecommunications network with intent to commit a serious offence, contrary to Section 474.14(2) of the Criminal Code Act 1995 (Cth), where the serious offense is blackmail, contrary to Section 249K of the Crimes Act 1900 (NSW). This offense is punishable, on conviction, by a penalty not exceeding that of the serious offence, ie a maximum penalty of imprisonment of 10 years; and
b. Dealing with identifying information contrary to Section 192K of the Crime Act 1900 (NSW). This offense carries a maximum penalty of imprisonment of 7 years.
Cyber Command Deputy Commissioner Justine Gough said the man was not suspected to be the individual responsible for the Optus breach, but allegedly tried to benefit financially from the stolen data which were dumped on an online forum.
“Last week, AFP and our state and territory partners launched Operation Guardian to protect the most vulnerable customers impacted by the Optus breach and we have been absolutely clear that it there would be no tolerance for the criminal use of this stolen data,” Assistant Commissioner Gough said. said.
“I want to be very clear – and there are two messages today that I want to highlight.
“The AFP-led JPC3 has diverted significant resources to protect at-risk customers from identity fraud. We understand how concerned some members of the community are, and I want to reassure the community that AFP and our partners are working around the clock to help protect your personal information.
“Second, the warning is clear. Do not test the ability or dedication of law enforcement. AFP, our state partners and the industry relentlessly scour forums and other online sites for criminal activity related to this violation Just because there has been one arrest does not mean there will not be others.
Assistant Commissioner Gough said Operation Hurricane, AFP’s investigation into the alleged offender, was continuing.
“The hurricane investigation is a high priority for AFP and we are aggressively pursuing all avenues of investigation to identify those responsible for this attack.”
Operation Guardian is:
- Identify the 10,000 people across Australia who are now at risk of identity theft and work with industry to enable better protection for these members of the public,
- Monitor online forums, the internet and the dark web for other criminals trying to exploit personal information posted online,
- Work with the financial services industry to detect criminal activity associated with the data breach, and
- Analyze ReportCyber trends to determine if there are any links between individuals who have been exploited.
The public is invited to:
- Look for suspicious or unexpected activity in your online accounts, including your telecommunications, banking, and utility accounts. Be sure to immediately report any suspicious activity in your bank account to your financial institution;
- Do not click on any link in an email or text message claiming to be from Optus;