One of the most anticipated sessions at the annual AusCERT conference is the presentation given by members of the law enforcement community. This year Detectives Ben Johnson and Robert Thomson from the Queensland Police Financial and Cyber Crime Group talked about two cases, one that’s currently in the courts and another that’s heading that way. And while they had to be coy about some of the specific information because of those legal proceedings, they delivered a fascinating insight into two crimes they recently investigated.
The detectives asked the packed room if anyone in the room had a spare ten minutes to make themselves $30,000. Of course, they noted, the returns were significant but the risks were also real.
Using dodgy IDs to steal from banks
Taking us on a quick journey into the Darknet – the underbelly of the Internet most people never see – Thomson showed the audience Dream Market. Looking a lot like Ebay, this site makes it east for a criminal to buy a full set of identity documents that the detectives said would pass scrutiny in most places, as well as an online bank account. Armed with all that, it’s trivially easy for a criminal to go ahead and apply for a loan, get approval and payment within 48 hours and then disappear with the cash.
The person whose ID was stolen and used to create the identity documents might never know that happened until they performed a credit check or found out that they owed a bank thousands of dollars when they applied for their own loans legitimately.
This very technique was used by a small criminal gang that the police officers found and prosecuted. The criminals used stolen identity data they purchased on the Dark Net. They used that data to create a number of false identities which they then used to take out a number of fraudulent loans.
Incredibly, the printers and other equipment they used to create their own credit cards and other documents can be purchased online. And there’s no need to go to the Dark Net for that gear – it’s available through legal channels such as Ebay and Alibaba they said.
Those criminals were able to steal about $250,000 using this technique.
When they were captured, there was no way to recover the funds although one of the detectives said one of the criminals had a nice hat collection. This was the only item of “value’ they could recover from all the stolen money.
The second crime the detectives presented warned the audience of the risks involved with receiving payments using cryptocurrency.
A company in Queensland was facing financial challenges and sold 49% of the company to a third party. That third party was a cryptocurrency developer. In the transaction, about $5 million of company value was traded for crypto-coins. The coins were held in an electronic wallet, as these things are, and things progressed for a short time without incident.
When the Queensland-based owners in the company needed to draw down on the coins, converting them to fiat currency so they could pay down some debt, the wallet was suddenly empty. The company sold almost half their business and now had nothing to show for it as the coin developers had built a backdoor into the wallet software they had developed so they could steal the coins whenever they were ready.
While the detectives were not able to tell us anything further, such as the name of the coin which is still being publicly traded on international cryptocurrency exchanges, it highlights what can happen when business transactions take place like this.
It’s also worth noting the crime here was not the initial transaction where the coins were exchanged for 40% of the company. the crime being investigated is the theft of the coins.
Join the newsletter!