According to the Australian Federal Police, a man from Sydney has been charged over an alleged blackmail scheme in which he reportedly exploited information stolen from the Optus data breach.
A 19-year-old man was detained by police on Thursday at a house in Rockdale with a cellphone that was reportedly connected to the texts confiscated.
He faces charges of dealing with identity information and using a telecommunications network with the aim to commit a severe offense, both of which are punishable by up to 10 and 7 years in jail, respectively.
According to police, texts were sent to 93 Optus users whose data was compromised in the Optus attack.
It seems that none of the recipients of the SMS message made any deposits to the account.
Following the text messages requesting that certain Optus users pay $2000 to a specific bank account, or risk having their personal information exploited for financial crimes, an AFP-led investigation was started.
The 10,200 stolen documents that were put online after the Optus hack last month are where the accused criminal obtained the data from.
Police claim that the man was actively using the bank account, which was detected by the AFP as being in the name of a minor.
The 19-year-old male will show up in court at a later time at Sydney Central Local Court.
In Australia’s largest data breach in history, hackers stole the personal information of 9.8 million Optus customers last month, including their names, passport numbers, license plate numbers, residences, email addresses, dates of birth, and phone numbers.
Following the incident, a number of victims claimed to have received “extremely targeted” scam messages and emails.
The man reportedly attempted to use the stolen data for financial gain, but he is not thought to be responsible for the extensive Optus intrusion, according to Assistant Commissioner Cyber Command Justine Gough.
According to Assistant Commissioner Gough, “Last week, the AFP and our state and territory partners launched Operation Guardian to protect the most vulnerable Optus customers affected by the breach, and we were absolutely clear that there would be no tolerance for the criminal use of this stolen data.”
The AFP has dedicated “substantial resources to defend those consumers at danger from identity theft,” according to Assistant Commissioner Gough.
“We recognize the concern some community members may be feeling, and I want to reassure them that the AFP and our partners are working around the clock to assist safeguard your personal information,” Gough, the assistant commissioner, said.
‘Never question the competence or commitment of law enforcement. The AFP, our state partners, and the business community are constantly searching forums and other online spaces for illegal conduct connected to this incident. There may yet be other arrests even if there has already been one.
Operation Hurricane, the AFP investigation into the purported perpetrator of the breach, is still underway, according to Assistant Commissioner Gough.
“The AFP is diligently following all avenues of inquiry to identify those behind this assault,” she added. “The Hurricane investigation is a major priority for the AFP.”
Gridware, a cyber security consulting firm, previously informed Daily Mail Australia that Optus’s stolen data will be sold to criminals on the dark web and used to make phishing schemes that seemed genuine.
Cybercriminals who purchase the data, according to Gridware CEO and cybersecurity expert Ahmed Khanji, may produce convincing-looking SMS messages and emails since they already have access to so much personal data.
According to Prof. Khanji, “These communications will be sophisticated, targeted phishing efforts aiming to persuade you click a link to pay a charge or a fake invoice, or fill out additional information.”
Compared to random texts that read, “I’m from the ATO, you owe money,” they are far more credible.
Most obviously, the mails could attempt to solicit money from current Optus customers.
Because any mails would repeat their personal information back to them, including residence address and date of birth, anyone who were unaware that their information had been stolen may easily fall for the frauds.