Share this article on:
The AFP is working closely with overseas law enforcement to identify the offenders behind the major Optus security breach.
Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud.
The AFP is aware of reports of the sale of stolen data and investigations are continuing.
To protect the integrity of the criminal investigation, the AFP will not divulge what information it has obtained in the first few days of Operation Hurricane.
However, the public can be assured that since the report from Optus on 23 September 2022, the AFP has diverted significant resources to the investigation.
The newly established AFP-led JPC3, which is a joint partnership between law enforcement, the private sector and industry to combat the growing threat of cyber crime, is providing further capability in the investigation.
The AFP is also working closely with Optus, the Australian Signals Directorate and overseas law enforcement.
Cyber Command Assistant Commissioner Justine Gough said that while the investigation was going to be extremely complex and very lengthy, it was important to note that the AFP specialised in investigations of this type.
“This is an ongoing investigation, but it is important the community knows the AFP and our partners are doing everything within scope to identify the offenders responsible, and to also ensure we can protect individuals who are now potentially vulnerable to identity theft,” Assistant Commissioner Gough said.
“We know this may be a stressful time for many members of the community, so I want to be clear and honest with the public.
“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities. Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.
“A key focus, which we have had success in the past, is to identify those criminals.
“It is an offence to sell or buy stolen identification credentials, with penalties of up to 10 years’ imprisonment.
“Our presence and focus extends outside Australian borders, and AFP specialised cyber investigators are permanently based in the United Kingdom, United States, Europe and Africa.
“We will use all our technical capabilities and tools to protect the public from cyber crime, but we also need the public to be extra vigilant.
“Cyber crime is the break-and-enter of the 21st century and this breach is not the first and is unlikely to be the last.
“With that in mind, we ask all Australians to think about their online security and take practical measures to better protect themselves from scams and phishing attempts.”
Members of the public, especially current and former Optus customers, should be extra vigilant in monitoring unsolicited text messages, emails and phone calls.
“However, this message is extended to all Australians,” Assistant Commissioner Gough said.
“The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately, it is our job to help protect Australians and our way of life.”
[Related: Optus cyber attack sparks national privacy overhaul push]