Editor’s note: Arrest Vision and a replay of the press conference with Assistant Commissioner Justine Gough are available through Hightail.
A 19-year-old man from Sydney has been charged with allegedly attempting to use stolen Optus customer details in an SMS extortion scam.
The Rockdale man is scheduled to appear in a Sydney court on October 27 (2022) to face two felonies carrying maximum sentences of 10 and 7 years in prison.
The investigation was sparked when AFP-led Operation Guardian became aware of a series of text messages urging some Optus customers to transfer $2,000 to a bank account or use their personal information for financial crimes. The data the alleged perpetrator used to identify these customers came from the 10,200 stolen records posted online after last month’s Optus breach.
AFP identified a bank account in the name of a youth and will claim it was used by the man.
A search warrant was executed at a house in Rockdale today (Thursday 6 October) seizing a mobile phone said to have been linked to the text messages.
It is alleged in court that text messages were sent to 93 Optus customers whose details were disclosed on an Internet forum. At this point, none of the people who received the SMS appear to have transferred any funds to the account.
The Rockdale man was charged with two offenses:
a. Using a telecommunications network with the intent to commit a serious crime contrary to Section 474.14(2) of the Criminal Code Act 1995 (Cth) where the serious crime is extortion, contrary to Section 249K of the Crimes Act 1900 (NSW). This offense carries a penalty, if convicted, not exceeding the serious offence, up to a maximum of 10 years’ imprisonment; and
b. Dealing with identification information contrary to Section 192K of the Crime Act 1900 (NSW). This offense is punishable by imprisonment for a maximum of 7 years.
Deputy Commissioner Cyber Command Justine Gough said the man was not suspected of being the person responsible for the Optus breach but was allegedly attempting to profit financially from the stolen data, which was revealed in an online forum have been filed.
“Last week, AFP and our state and territory partners launched Operation Guardian to protect the most vulnerable customers affected by the Optus breach and we were absolutely certain there was zero tolerance for the criminal use.” of this stolen data,” Deputy Commissioner Gough said.
“I want to be very clear – and there are two messages I want to underscore today.
“The AFP-led JPC3 has diverted significant resources to protect these vulnerable customers from identity fraud. We understand how concerned some members of the community are, and I want to reassure the community that AFP and our partners are working around the clock to protect your personal information.
“Second, the warning is clear. Do not test law enforcement skills or commitment. AFP, our government partners and industry are relentlessly searching forums and other online sites for criminal activity related to this violation. Just because there has been one arrest doesn’t mean there won’t be more.”
Deputy Commissioner Gough said Operation Hurricane, the AFP investigation into the alleged perpetrator responsible for the breach, is continuing.
“The hurricane investigation is a high priority for AFP and we are aggressively pursuing all lines of investigation to identify those behind this attack.”
Operation Guardian is:
- Identifying the 10,200 people across Australia who are now at risk of identity fraud and working with industry to enable further protection for these members of the public,
- Monitoring online forums, the internet and the dark web for other criminals attempting to exploit personal information posted online,
- Working with the financial services industry to uncover criminal activity related to the data breach, and
- Analysis of trends from ReportCyber to determine if there are links between exploited individuals.
The public is asked to:
- Be alert to suspicious or unexpected activity in your online accounts, including your telecom, banking, and utility accounts. Make sure you report suspicious activity on your bank account to your financial institution immediately;
- Do not click on links in emails or text messages claiming to be from Optus;
- If someone calls and claims to be from Optus, the police, a bank, or any other organization and offers to help you with the data breach, you should hang up and contact the organization using their official contact details. This may be a scammer using your personal information;
- Never click on suspicious-looking links and never give out your passwords, one-time use PINs from your bank, or personal or financial information;
- When people call impersonating a credible organization and request access to your computer, always say no.
AFP Media: (02) 5126 9297