The Australian Securities and Investments Commission (ASIC) has announced dismantling a major fraud and identity theft syndicate that allegedly profited from the thefts of superannuation and share trading accounts, to the tune of millions of dollars.
ASIC, alongside the Australian Federal Police (AFP), had been investigating the "multi-layered cybercrime activity" for more than a year, resulting in the arrest of a 21 year-old woman from Melbourne.
It is alleged the woman worked as part of a syndicate which used fraudulently-obtained identities to commit large-scale online fraud.
ASIC said in court on Tuesday the syndicate allegedly used stolen identity information purchased from "dark net marketplaces", together with single use SIM cards and fake email accounts, to undertake an "identity takeover".
These fraudulently created identities, ASIC said, were created to mimic real individuals who unknowingly had their identities compromised. ASIC said they were then used to open bank accounts at various Australian banking institutions.
Investigations have uncovered at least 70 bank accounts created using fraudulently-obtained identities to date, ASIC said, alleging that once created, the syndicate stole money from the superannuation accounts of these victims, and from their share-trading accounts in ASX-listed companies.
ASIC and the AFP further allege the syndicate laundered the stolen funds through an overseas contact to purchase untraceable assets such as jewellery. It is believed the money was then transferred back to Australia through cryptocurrency.
"From identity theft, where innocent victims have their personal details stolen and sold online in dark net marketplaces; to hacking and phishing – this investigation has illustrated the devastating impacts that compromise of your identity can have," AFP Manager Cyber Crime Operations, acting commander Chris Goldsmid said.
"Cybersecurity threats such as data breaches and financial system attacks are a major concern for ASIC and we will continue to pursue not only cyber-related market and superannuation offending but also the need for institutions to maintain their obligations to ensure they have adequate cyber resilience," added ASIC deputy chair Daniel Crennan.
The 21 year-old is due to be charged, if found guilty, with a range of offences, including: Multiple offences of conspiring to cause unauthorised access and/or modification of data; multiple offences of conspiring to cause unauthorised modification of data knowing that the modification was unauthorised, and being reckless as to whether the modification will impair the reliability and security of the data; conspiring to dishonestly take or conceal articles in the course of post; conspiring to dishonestly obtain property by deception; multiple offences of dealing in proceeds of crime valued at AU$100,000 or more; multiple offences of dealing in personal identification information; and multiple offences of dealing in personal financial information.
Investigations into the syndicate are continuing, and ASIC said further arrests and charges have not been ruled out.