The Australian Federal Police AFP worked with many other investigative agencies
Photo: Lukas Coch / AAP / IMAGO
Australian law enforcement authorities have filed charges against a suspected spyware programmer who is said to have used a criminal network to sell a spy tool to around 14,500 customers in 128 countries.
The 24-year-old is said to have earned up to 270,000 euros with the Trojan.
This was announced by the Australian federal police at the weekend.
For almost five years, the Australian police have been working with investigators from the USA, Canada and Europe, among others, to snag the network behind malware called "Imminent Monitor".
More than twelve investigative agencies such as the FBI and the European Judicial Cybercrime Network have participated in Operation Cepheus, which now appears to have resulted in the main suspect having to answer to a court.
The software was apparently often used by stalkers.
According to the Australian Federal Police, 14.2 percent of shoppers who paid with PayPal had a previous record of domestic violence.
One is on a child abuse registry.
The 24-year-old is accused, among other things, of having developed and distributed the software with the intention of committing a crime and making money from it.
The man faces a maximum sentence of 20 years in prison for these acts.
The 24-year-old has to appear in court in just under three weeks.
A 42-year-old woman from the same household is also accused of making more than AUD 100,000 from the sale of the Trojan.
She also faces up to 20 years in prison.
Global investigations lead to success
In November 2019, investigators struck the first blow against the criminal network.
Thirteen people were arrested worldwide, 85 arrest warrants issued and more than 400 devices such as laptops, smartphones and servers confiscated.
The 24-year-old's apartment in Brisbane was also searched at the time.
Investigators seized a computer that contained code that matched the Trojan, the police report said.
The remote access Trojan is said to have been in circulation since 2012, and the accused is said to have programmed the tool at the age of 15.
»Imminent Monitor« was offered on the Internet for about 25 euros in the following years.
The Trojan is said to have been advertised in hacker forums, where even business versions for up to 30 computers were for sale for 100 euros.
To this day, offshoots of the software can be found online.
"Imminent Monitor" gives attackers almost complete control over an infected Windows computer.
As soon as the Trojan is installed on a victim's computer, criminals can access personal data, take over the webcam and listen in via the microphone.
Smuggled in via phishing emails
The spyware also captures keystrokes to read what is typed in email and chat messages.
The victims usually don't notice anything.
The tool is smuggled in, for example, when a victim clicks on a link that is sent with a phishing email.
If the perpetrators had access to the computer, they could also infect it with a USB stick.
more on the subject
Hacker attack on NATO think tank in Germany: If »blablabla1234565« reads alongBy Jörg Diehl, Matthias Gebauer and Fidelius Schmid
How criminals wrestled down an entire district administration:»Anhalt-Bitterfeld district, you are fucked.
DO NOT TOUCH ANYTHING!«By Peter Maxwill
The US security company Palo Alto Networks had supported the Australian police in their search for the programmer.
According to the investigations, the perpetrators are said to have distributed the software on the Internet under code names such as Shockwave, imminentmethods and ViridianX.
They chose a panda in a shirt and sack as their profile picture.
By 2019, there had been more than 115,000 attacks with the software on Palo Alto Networks customers alone.