AFP working with overseas law enforcement on Optus breach

Following the recent Optus data breach, the AFP has announced that it is working with overseas law enforcement to identify the offenders behind the attack and to protect the Australian community.

This article explores the key details outlined in a recent media release.


Operation Hurricane

Operation Hurricane has been launched to identify the criminals behind the Optus breach and to help shield Australians from identity fraud. This operation will be supported by:

  • Significant resources which the AFP has diverted to the investigation.
  • The newly established AFP-led JPC3, which is a joint partnership between law enforcement, the private sector and industry to combat the growing threat of cybercrime.
  • Cooperation between the AFP and overseas law enforcement.
  • Collaboration between the AFP and the Australian Signals Directorate whose functions include the collection and communication of foreign signals intelligence, and the prevention and disruption of offshore cybercrime.


An international focus

Working with overseas law enforcement and leveraging foreign signals intelligence will help the AFP to ensure that offenders do not have a safe haven simply by being located in another jurisdiction, increasing the chances that they will be brought to justice.

“Our presence and focus extends outside Australian borders, and AFP specialised cyber investigators are permanently based in the United Kingdom, United States, Europe and Africa”, said Assistant Commissioner Cyber Command Justine Gough.


What is the impact so far of the Optus data breach?

The AFP states that stolen data has been sold online following the Optus breach.

“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities. Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them”, said Assistant Commissioner Gough.


Potential penalties for the criminals involved

“It is an offence to sell or buy stolen identification credentials, with penalties of up to 10 years’ imprisonment”, said Assistant Commissioner Gough.

The AFP stressed that it is doing everything it can to identify the offenders responsible and bring them to justice.

Assistant Commissioner Gough said that while the investigation was going to be extremely complex and very lengthy, it was important to note that the AFP specialised in investigations of this type.


The importance of public vigilance

While law enforcement seeks to bring the criminals responsible to account, the community also has an important role to play in remaining vigilant to limit the potential impact of the data breach.

“We ask all Australians to think about their online security and take practical measures to better protect themselves from scams and phishing attempts.”

“Members of the public, especially current and former Optus customers, should be extra vigilant in monitoring unsolicited text messages, emails and phone calls”, said Assistant Commissioner Gough.

Nyman Gibson Miralis provides expert advice and representation in cross-border cybercrime cases.

Contact us if you require assistance.