Millions of dollars have allegedly been stolen from personal superannuation and share trading accounts using hijacked identity credentials that were obtained on the dark net.
The Australian Federal Police on Tuesday revealed the “multi-layered cybercrime activity” after a 12-month investigation into a major fraud and identity theft syndicate with the Australian Securities and Investment Commission.
A 21-year-old Melbourne woman, who was due to face court on Tuesday, is expected to be charged with multiple offences, including conspiracy to cause unauthorised access and/or modification of data, for her suspected involvement in the syndicate.
Authorities allege the syndicate used stolen identity information acquired on the dark net, as well as single use SIM cards and fake email accounts, to commit “identity takeover” before siphoning money from the accounts.
“These identities, fraudulently created to mimic real individuals who unknowingly had their identities compromised, were then used to open bank accounts at various Australian banking institutions,” police said.
“Investigations have uncovered at least 70 bank accounts created using fraudulently-obtained identities to date.
“Once the false identities and accounts were established, ASIC and the AFP allege the syndicate committed cybercrime offences to illegally steal money from the superannuation accounts of these victims, and from their share-trading accounts in ASX-listed companies.”
The syndicate also allegedly laundered the stolen funds overseas to buy jewellery and other “untraceable assets”, before transferring the money back to Australia through cryptocurrencies.
Cyber crime operations manager, acting commander Chris Goldsmid, said the investigation had revealed cybercrime occurring on multiple levels.
“The consequences of the breaches we have discovered are far-reaching, and can be traced back to cybercrime offences that impact everyday Australians,” he said.
“From identity theft, where innocent victims have their personal details stolen and sold online in dark net marketplaces; to hacking and phishing – this investigation has illustrated the devastating impacts that compromise of you identity can have.”
Although the number of victims are no yet known, Goldsmid said the syndicate had attempted to steal up to $10 million.
investigators will now continue to work with superannuation companies and market participants to determine the scale of the alleged fraud.Further arrests have not been ruled out.