Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National

Australian man charged over alleged spyware operation after global investigation involving AFP

The AFP believes the number of victims globally was in the tens of thousands. (Supplied: Australian Federal Police)

An Australian man who sparked a worldwide investigation into spyware he allegedly created and sold to domestic violence perpetrators and other criminals, has been charged by the Australian Federal Police (AFP).

The 24-year-old from Frankston, in Victoria, was just 15 years old when he allegedly developed the Remote Access Trojan (RAT).

Police allege the man sold the spyware, named Imminent Monitor (IM), to more than 14,500 people in 128 countries.

During a press conference in Canberra on Saturday, AFP Commander Cybercrime Operations Chris Goldsmid said the key feature of the IM software was its "covert nature".

"It could be installed on a victim's device without their knowledge and allow an offender to monitor their device, gain access to their files, access to their webcam, without the victim's knowledge," he said.

"It is a really insidious tool that can really support a range of criminal activity, from identify theft and financial crime all the way through to stalking and domestic violence."

Commander Goldsmid says malware such as Imminent Monitor is "so nefarious" because it gives offenders "virtual access into a victim's bedroom".  (ABC News: David Sciasci)

The software could also log key strokes, meaning users could see what was being written in emails and other documents, such as the home address of a victim.

There were a variety of ways it could be installed, including through phishing, whereby a victim is tricked into opening an email or text message containing the software.

The RAT cost about $35 and was allegedly advertised on a forum dedicated to hacking.

Police allege the man made between $300,000 and $400,000 from selling the malware and that most of the money was spent on food delivery services and other consumable items.

Police believe more than 14,500 people purchased the Imminent Monitor software.  (Supplied: Australian Federal Police)

Australian purchasers, victims identified

Commander Goldsmid said the AFP was able to identify both the Australian offenders who bought the RAT and their Australian victims, "a world-first for any law enforcement agency".

He said about 200 purchases were made in Australia, with 100 of the buyers identified through their PayPal records.

"Unfortunately, 14 of those had domestic violence orders against them," he said.

The AFP conducted raids in Australia as part of Operation Cepheus.  (Supplied: Australian Federal Police)

One of the purchasers was also registered on the Child Sex Offender Register.

The AFP believes the number of victims globally was in the tens of thousands, with 44 victims identified in Australia.

"Cybercrime isn't just a crime against computers or computer networks. These crimes have real-world impacts, including facilitating stalking and domestic violence offending," Commander Goldsmid said. 

AFP tipped off by FBI, private security firm

The AFP's investigation — dubbed Operation Cepheus — began in 2017 after a tip-off from the FBI and cyber security firm Palo Alto Networks.

A global investigation — that has included more than a dozen law enforcement agencies in Europe — led to the AFP being able to shutdown the software in June 2019.

In November that year, police across the world swooped on users, with 85 search warrants resulting in 13 people being arrested for using the RAT for alleged criminality.

The man's then home in Brisbane was raided at the time, but he was not summonsed to court until earlier this month.

"This operation is a testament to the importance of working together with the private sector and our law enforcement partners, both internationally and domestically, to tackle cybercrime in an increasingly digital world," Commander Goldsmid said.

Once the RAT was installed on a victim's computer, users could control the device.  (Supplied: Australian Federal Police)

He said police were seeing a rise in cybercrime service providers.

"These are people who have high-level IT skills, who can develop these tools and sell them and provide them to other criminals,” he said.

"What that means is that's lowering the barrier of entry.

"So, the people using this tool against victims … don't need to have high-level IT skills, they'll use the skills that are provided by cybercrime services, like the individual that we've charged in this particular matter."

The man is facing six charges for his alleged role in creating, selling and administering the RAT between 2013 and 2019.

He has been charged both as a juvenile and as an adult, and is subsequently not being named by the ABC.

His 42-year-old mother has also been charged with dealing with the proceeds of crime. 

Both were due to faced the Brisbane Magistrates Court yesterday but the matter was adjourned until next month.

An AFP infographic showing how Imminent Monitor operated.  
Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.