Australian man charged over alleged spyware operation after global investigation involving AFP

An Australian man who sparked a worldwide investigation into spyware he allegedly created and sold to domestic violence perpetrators and other criminals, has been charged by the Australian Federal Police (AFP).

The 24-year-old from Frankston, in Victoria, was just 15 years old when he allegedly developed the Remote Access Trojan (RAT).

Police allege the man sold the spyware, named Imminent Monitor (IM), to more than 14,500 people in 128 countries.

During a press conference in Canberra today, AFP Commander Cybercrime Operations Chris Goldsmid said the key feature of the IM software was its “covert nature”.

“It could be installed on a victim’s device without their knowledge and allow an offender to monitor their device, gain access to their files, access to their webcam, without the victim’s knowledge,” he said.

“It is a really insidious tool that can really support a range of criminal activity, from identify theft and financial crime all the way through to stalking and domestic violence.”

Male police officer wearing uniform.
Commander Goldsmid says malware such as Imminent Monitor is “so nefarious” because it gives offenders “virtual access into a victim’s bedroom”. (ABC News: David Sciasci)

The software could also log key strokes, meaning users could see what was being written in emails and other documents, such as the home address of a victim.

There were a variety of ways it could be installed, including through phishing, whereby a victim is tricked into opening an email or text message containing the software.

The RAT cost about $35 and was allegedly advertised on a forum dedicated to hacking.

Police allege the man made between $300,000 and $400,000 from selling the malware and that most of the money was spent on food delivery services and other consumable items.

Computer monitors on a desk.
Police believe more than 14,500 people purchased the Imminent Monitor software. (Supplied: Australian Federal Police)

Australian purchasers, victims identified

Commander Goldsmid said the AFP was able to identify both the Australian offenders who bought the RAT and their Australian victims, “a world-first for any law enforcement agency”.

He said about 200 purchases were made in Australia, with 100 of the buyers identified through their PayPal records.

“Unfortunately, 14 of those had domestic violence orders against them,” he said.

A bedroom with a bed and comuter and TV.
The AFP conducted raids in Australia as part of Operation Cepheus. (Supplied: Australian Federal Police)

One of the purchasers was also registered on the Child Sex Offender Register.

The AFP believes the number of victims globally was in the tens of thousands, with 44 victims identified in Australia.

“Cybercrime isn’t just a crime against computers or computer networks. These crimes have real-world impacts, including facilitating stalking and domestic violence offending,” Commander Goldsmid said. 

AFP tipped off by FBI, private security firm

The AFP’s investigation — dubbed Operation Cepheus — began in 2017 after a tip-off from the FBI and cyber security firm Palo Alto Networks.

A global investigation — that has included more than a dozen law enforcement agencies in Europe — led to the AFP being able to shutdown the software in June 2019.

In November that year, police across the world swooped on users, with 85 search warrants resulting in 13 people being arrested for using the RAT for alleged criminality.

The man’s then home in Brisbane was raided at the time, but he was not summonsed to court until earlier this month.

“This operation is a testament to the importance of working together with the private sector and our law enforcement partners, both internationally and domestically, to tackle cybercrime in an increasingly digital world,” Commander Goldsmid said.

Person photographing a computer.
Once the RAT was installed on a victim’s computer, users could control the device. (Supplied: Australian Federal Police)

He said police were seeing a rise in cybercrime service providers.

“These are people who have high-level IT skills, who can develop these tools and sell them and provide them to other criminals,” he said.

“What that means is that’s lowering the barrier of entry.

“So, the people using this tool against victims … don’t need to have high-level IT skills, they’ll use the skills that are provided by cybercrime services, like the individual that we’ve charged in this particular matter.”

The man is facing six charges for his alleged role in creating, selling and administering the RAT between 2013 and 2019.

He has been charged both as a juvenile and as an adult, and is subsequently not being named by the ABC.

His 42-year-old mother has also been charged with dealing with the proceeds of crime. 

Both were due to faced the Brisbane Magistrates Court yesterday but the matter was adjourned until next month.

Infographic showing computer operation.
An AFP infographic showing how Imminent Monitor operated.  

Leave a Comment