Police bust $24m hack
CYBER crooks selling access to Australian superannuation accounts on the dark web have been blocked by Australian Federal Police, saving $24m from being siphoned off into criminals’ pockets.
The operation was one of several this year that have resulted in eight people being charged with 21 cybercrime offences.
Home Affairs Minister Karen Andrews will on Monday announce details of three AFP cybercrime operations, which include 163 disruption activities in the last year to stop hackers, ransomware gangs, and criminals selling people’s identification and account details on the dark web.
These included Operation Zinger, where the AFP and an overseas law enforcement agency identified a dark web site selling cybercrime software to other crooks. The site was also selling 500,000 compromised credentials, including of Australians, which would have allowed the crooks access to such things as superannuation accounts.
In May, the AFP and other agencies were able to block access to the funds, worked with 20 superannuation funds to protect 681 members’ accounts and 35 employer accounts, and prevented the theft of $23.9m from the accounts.
A joint AFP, state and territory task force also intervened in several instances where business emails had been compromised, and stopped $8.5m making its way into the hands of cyber criminals.
A Canberra woman who was purchasing property fell victim to a scam and mistakenly transferred $1.03m to a criminally controlled bank account. However, the AFP and the bank were able to withhold the money before it could be sent offshore.
In another case, an elderly woman finalising payment for settlement of property transferred $500,000 into a domestic bank account after she received an email from a cyber criminal she believed was her solicitor. When her solicitor told her the money had not been received, her case was reported to the government’s ReportCyber portal, and more than 80 per cent of her money was retrieved.
In a third instance, a medical research company that had a contract with a foreign company made three payments worth a total of $3.5m to what it thought was its supplier, before it was discovered the invoices were a scam.
The AFP and Interpol in Hong Kong were able to claw back $1.9m. A Canadian man was arrested in relation to the business email compromise.
Another ongoing operation is investigating a large scale, sophisticated syndicate using malware to compromise the financial details of bank account holders.
In 2020, the AFP identified 27,000 potential victims and alerted Westpac, CBA, NAB and ANZ of potential compromises so preventive measures could be put in place.
Ms Andrews said the Morrison government was taking tough actions against cybercriminals.
“Our approach is getting results, putting offenders behind bars, recovering victim’s cash, and enhancing Australia’s cyber security,’’ she said.