Podcast Title: Crime Interrupted
Episode: Operation Birks
Release Date: August 10, 2023
Host/Author: Casefile Presents
Introduction to Operation Birks
Crime Interrupted, presented by Casefile, delves into significant criminal investigations handled by the Australian Federal Police (AFP). In the episode titled Operation Birks, listeners are taken behind the scenes of a sophisticated cybercrime case targeting Australia’s superannuation funds. The episode sheds light on how coordinated efforts between various agencies disrupted a major fraud syndicate exploiting vulnerabilities in financial systems.
The Australian Federal Police and Cybercrime
The episode opens with an overview of the AFP’s mission to combat serious crimes, including cybercrime, human trafficking, and counterterrorism. A pivotal figure introduced is Jim, a Detective Leading Senior Constable with Cybercrime Operations at the AFP. Jim discusses his transition from counterterrorism to cybercrime, highlighting the challenges posed by modern technologies such as VPNs, the darknet, and cryptocurrency.
Jim [02:35]: "Working at cybercrime is really good in the AFP because unlike security agencies and people in the private sector, at cybercrime we get to do the cybercrime investigation, we then get to execute warrants, debrief the offenders and actually get access to their devices."
Jim began his cybercrime career in Canberra in January 2019, where one of his initial cases involved referrals from Report Cyber, the national cybercrime reporting system managed by the Australian Cybersecurity Centre (ACSC).
Uncovering the Superannuation Fraud Syndicate
Initially, fraud cases targeting superannuation funds were handled separately by state police. However, it wasn’t until an AFP analyst reviewed these cases collectively that a disturbing pattern of organized crime emerged.
Jim [03:43]: "We received a referral regarding a syndicate who were targeting money held in superannuation funds. And this syndicate had stolen millions of dollars from Australians in a relatively short amount of time."
The syndicate exploited the evolving technological landscape, targeting superannuation companies previously deemed secure. Advances in hacking tools and insider knowledge enabled them to breach accounts, prompting the superannuation sector to enhance their cybersecurity measures rapidly.
Modus Operandi of the Syndicate
The fraud scheme involved purchasing stolen personal identification data from the dark web and using it to set up fake or mule bank accounts. These accounts facilitated the transfer of funds from victims' superannuation accounts. The operation utilized various techniques, including phishing websites that mimicked legitimate superannuation fund sites, thereby harvesting user credentials.
Jim [06:07]: "Initially, what they were doing is they were taking that stolen personal identification information, working out whether or not someone had a superannuation account with a particular superannuation fund..."
Significantly, the syndicate targeted individuals nearing retirement age to execute large lump-sum withdrawals, maximizing their gains from each fraudulent transaction.
Collaboration with ASIC and Austrac
The investigation expanded as Scott Bowie from the Australian Securities and Investments Commission (ASIC) identified parallel fraud activities involving share trading platforms. Recognizing the overlap, the AFP and ASIC collaborated, bringing in Austrac, Australia’s financial intelligence regulator, to analyze financial transactions linked to the fraud.
Scott Bowie [10:50]: "Retail investors were reporting misconduct to ASIC through the system that we have there. They were complaining of having their share portfolios stolen without their knowledge."
Austrac’s role was crucial in tracing the financial trails, uncovering patterns that connected various fraudulent activities across multiple superannuation funds and share trading platforms.
Tracking and Arresting the Key Suspect
The investigation pinpointed a significant figure within the syndicate, a 21-year-old woman referred to as Hannah. Through meticulous analysis of burner phones and a fortunate error made by Hannah, investigators were able to link her to the fraudulent activities.
Scott Bowie [22:53]: "One of those was to a kebab shop based in Melbourne... we got that person's name and address where the food was delivered."
Upon identifying Hannah’s travel plans, the AFP seized the opportunity to execute search warrants as she returned to Australia. This decisive action allowed authorities to confiscate her devices and gather substantial evidence against her.
Evidence and Trial
The search of Hannah’s residence unveiled a trove of evidence, including:
- SIM Cards: Hundreds of SIM cards used in burner phones.
- Gloves: Indicating meticulous preparation of fraudulent documents to avoid fingerprint traces.
- Withdrawal Documents: Pending fraudulent transactions left on printers.
- Digital Evidence: Encrypted communications via apps like Telegram, revealing the network’s structure and operations.
Despite initially releasing Hannah due to the volume of evidence yet to be processed, sustained efforts led to her eventual arrest. In December 2022, Hannah pleaded guilty to multiple charges, including conspiracy to defraud superannuation and share trading funds, culminating in a sentence of 5 years and 6 months imprisonment with a non-parole period of 4 years.
Jim [41:34]: "Shame of it is that Hannah was pretty bright, she was pretty articulate... but now she's in jail."
Insights and Preventative Measures
Natasha from Austrac emphasized the importance of financial institutions recognizing red flags, such as simultaneous changes to a customer’s address, phone number, and email. These indicators are critical in identifying potential identification takeovers and preventing fraud.
Natasha [43:09]: "Wherever there is money that is available... that is where the scammers will start to target."
The collaboration between AFP, ASIC, and Austrac exemplifies the effectiveness of inter-agency cooperation in dismantling complex cybercrime syndicates. Sharing intelligence and leveraging each agency’s unique capabilities were pivotal in the success of Operation Birks.
Conclusion and Lessons Learned
Operation Birks serves as a testament to the resilience and adaptability of Australian law enforcement in the face of evolving cyber threats. The meticulous investigation, combined with strategic inter-agency collaboration, underscores the importance of staying ahead in the cybercrime landscape.
Jim [47:35]: "Reality is you're going to get caught. But if you use your skills to become a penetration tester or work with authorities... you're going to make a lot more money... and it's going to be really rewarding."
The episode concludes by highlighting ongoing efforts to bolster cybersecurity measures within financial institutions and encourages individuals with technical expertise to contribute positively to combating cybercrime.
For more insights into how the AFP protects Australians against cybercrime and fraud, and to follow Casefile’s investigative storytelling, visit afp.gov.au. Stay tuned for the final installment of Crime Interrupted Season 2, which will explore an international drug smuggling syndicate.