A West Australian man has been sentenced to two years' imprisonment for using stolen personal data purchased from the darknet and illegal online marketplaces to defraud victims of tens of thousands of dollars.
The man, 36, was sentenced by the Perth District Court this week (16 April, 2024) after previously pleading guilty to six offences.
An AFP Cybercrime investigation found he stripped more than $17,500 from a couple's superannuation and other financial accounts using their stolen credentials, which he had obtained illegally online.
He also used stolen details to assume the identity of another innocent man, opening several bank accounts using his details, naming him as the driver of a car that received four traffic infringements and incurring debts for mobile phones that went unpaid.
Police found the man, 36, was accessing about 20,000 compromised credentials on an illegal online marketplace called Genesis Market - which sold login credentials, browsing history, passwords and other sensitive data from compromised devices.
He repeatedly requested specific stolen personal details from Genesis Market that would enable him to access websites of Australian financial institutions and government agencies.
The man was also in possession of customer information that was stolen from a major Australian business in a ransomware attack.
AFP cybercrime investigators charged the man in May 2023 after he was identified as a customer of Genesis Market by the multi-agency international investigation, Operation Zinger.
Genesis Market was shut down following the FBI-led investigation, which was assisted by the AFP, NSW Police Force, Victoria Police, Queensland Police Service and Western Australia Police Force.
Before the takedown Genesis Market offered access to more than 1.5 million compromised computers - each containing information for dozens of accounts.
The man pleaded guilty in October, 2023 to:
- Two counts of possessing or controlling data, intending that data to be used by him or another person to commit or facilitate the commission of an offence, contrary to section 478.3(1) of the Criminal Code Act 1995 (Cth); and
- Two counts of causing a detriment by fraud, contrary to section 409(1)(d) of the Criminal Code 1913 (WA).
The maximum penalty for these offences is three years and seven years' imprisonment, respectively.
The man also pleaded guilty to two charges relating to false information submitted in a passport application for an assumed identity, which were laid after an investigation by the Department of Foreign Affairs and Trade.
He was sentenced to two years' imprisonment for all six offences and has been ordered to serve a non-parole period of 17 months. He was already in custody on unrelated matters.
AFP Detective Inspector Andrea Coleman said cybercrime was just as violating as a traditional break and enter.
"People who have their identity stolen can have their hard-earned savings stolen but it can also take years for them to regain control of their personal information," Detective Inspector Coleman said.
"It can damage their credit ratings, impacting their ability to apply for loans or employment.
"Today's outcome is a reminder that the darknet is not anonymous and those who use it to profit at the expense of other innocent members of our community will be caught and prosecuted.
"The AFP, with the support of our national and international partners, is working tirelessly to stay a step ahead of cybercriminals."
If you believe you've been a victim of cybercrime you should report it to police using Report Cyber.