Operation Guardian — the Australian Federal Police (AFP) investigation set up after 10,200 customer records were published online following the Optus cyber attack — has made its first arrest.
A 19-year-old Sydney man has been charged, with the AFP holding a press conference about the arrest this afternoon.
Let's unpack what we learned.
Is this the hacker behind the Optus cyber attack?
No.
The man is not suspected of being behind the original cyber attack.
This arrest is related to the 10,200 records published on an online forum last Tuesday by a user claiming to be behind the Optus cyber attack.
Police are accusing the man of texting 93 people on that list and threatening to use their personal information for financial crime unless they paid a ransom of $2,000.
No one paid up.
He's been charged with using a telecommunication network with the intent to commit blackmail and dealing with identification information, contrary to section 192K of the Crime Act 1900 (NSW).
The first offence carries a maximum prison term of 10 years, the second's maximum term is seven years.
Was he working alone?
AFP's cyber crime Assistant Commissioner Justine Gough didn't say.
"At this stage we've only made the one arrest in relation to the 19-year-old," she said.
Commissioner Gough said the circumstances of his alleged offending continued to be under investigation.
My details were exposed in the breach — will I be targeted?
Probably not in this specific alleged blackmailing attempt.
Assistant Commissioner Gough said 93 people were contacted.
She said the alleged blackmailer targeted people on the list of 10,200 customer records published online — that's a fraction of the 2.1 million customers Optus said had an identity document number exposed.
"We would allege the offender was working their way through the list," Assistant Commissioner Gough said.
"We would suggest that he was prevented from committing future harm to members of the community."
However, it's possible those 10,200 records could be targeted by other scammers.
"Just because there has been one arrest, it does not mean that there will not be any more arrests," Assistant Commissioner Gough said.
How many people have access to those 10,200 records?
We don't know.
"That continues to be the subject of investigation that we're conducting under Operation Guardian," Assistant Commissioner Gough said.
"The data is available, which is why we continue to devote and commit the resources that we are committing to online forums to see where there's other potential sources where access has been gained to this data."
What is the AFP doing for people on that list?
It set up Operation Guardian to "supercharge" their protection.
The operation was tasked with:
- Identifying the 10,200 individuals on the list now at risk of identity fraud
- Alerting industry to enable further protection
- Monitoring online forums, the internet and the dark web for other criminals trying to exploit those details
- Engaging with the financial service industry to detect criminal activity associated with the data breach
- Analysing trends from ReportCyber to determine whether there are links between individuals who have been exploited
- Identifying and disrupting cyber criminals.
"The AFP, our state and territory partners and industry partners are relentlessly scouring forums and other online sites for criminal activity linked to this breach," assistant commissioner Gough said.
Were there any updates on the hacker behind the original cyber attack?
Nothing major.
"The AFP investigation into the alleged offender responsible for the breach is continuing," Assistant Commissioner Gough said.
"We are aggressively pursuing all lines of enquiry to identify those behind this attack."
