EXCLUSIVE: ‘Bringing criminals to justice’ – AFP Commander takes cyber criminals to task

To hear from Commander Chris Goldsmid, you can register for the Tech in Gov conference here.

Liam Garman, editor of Cyber Security Connect: Thanks so much for your time, Chris. To start, would you be able to tell me a little bit about yourself and your journey to becoming head of Cybercrime Operations for the Australian Federal Police?

Chris Goldsmid, Commander Cybercrime Operations AFP: I joined the AFP 21 years ago. Over that time, I’ve worked across a range of interesting fields investigating drug importation, corruption, money laundering and gangs. Four and a half years ago, I was given the opportunity to head the AFP’s Cybercrime Operations, which was a great fit for me as I gained an IT degree prior to joining the police. This provided me with some level of expertise in computing, networks and how they operate.

Over recent years, we’ve seen substantial growth in cyber crime operations following strong investment from government. This has allowed us to grow our capability and capacity, and ultimately keep Australians safe.

Garman: Cyber security really is front of mind for everyone. What initiatives have you unveiled to combat cyber crime?

Goldsmid: Cyber crime is a real area of focus for the AFP, and there are a number of initiatives we’ve actioned to grow our cyber capability. This includes the creation of a standalone cyber command in the AFP focused uniquely on cyber crime, demonstrating that this is truly a priority for the AFP.

We’ve established Operation Aquila – a joint standing operation with the Australian Signals Directorate – to disrupt the most serious cyber threats facing Australia.

We have also established the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) in Sydney, a public-private partnership that brings together the AFP, state and territory police, industry partners and other Commonwealth agencies such as AUSTRAC and the ATO to share expertise, knowledge and resources to disrupt cyber crime.

VIEW ALL

The cyber command consists of investigation teams right around the country, including Melbourne, Sydney, Brisbane, Perth and Canberra. Our teams are multidisciplinary, with investigators, technical and intelligence staff working side by side. The command has target development and disruption teams, [which] means teams that focus on identifying priority threats and disrupting them.

Garman: Aussie cyber security companies have no shortage of expertise! Can you provide an example of how you’ve partnered with local industry to protect Australian families and businesses?

Goldsmid: It’s important that government and industry collaborate to overcome the cyber crime challenge. We share information on the key threats and groups targeting Australians both to strengthen our cyber resilience, but also to enhance our ability to respond to threats as a law enforcement agency.

At the JPC3, we use the powers, experience, investigative and intelligence capabilities of all Australian policing jurisdictions in concert with industry and other partners to inflict maximum impact on high-volume, high-harm cyber crime.

As an example, we established a national task force called Operation Dolos through the JPC3 to respond to a significant cyber crime threat, business email compromise (BEC). It is a joint task force between the AFP, state and territory police, AUSTRAC, the ACSC, and the financial services sector. We share intelligence on threats, identify offenders, and conduct investigations to target those criminal groups behind BEC.

Not only does our work with industry enable us to disrupt criminal operations, but also gain valuable insight into the business models driving cyber crime, including the movement of funds offshore. These include “money muling networks”. To understand this, we work with financial services institutions to identify bank accounts used by criminals to disrupt their ability to steal money and protect victims. I’m proud to confirm that the Dolos Taskforce has enabled the return of $46 million to victims of cyber crime.

Another line of effort under Dolos is outreach to prevent future BEC-related cyber crime. Social engineering can take many forms, and so we aim to educate businesses and individuals on the basics: good email security, strong passwords, two-factor authentication and payment verification.

There’s a lot law enforcement and industry can achieve together, and Dolos really highlights how we can make a difference against criminals committing cyber crime.

Garman: It’s fantastic to hear how the AFP and businesses have partnered to create a safer Australia. One other question on everyone’s mind at the moment is ransomware. What is your recommendation to businesses that have been hit by a ransomware attack?

Goldsmid: Ransomware is one of the most destructive forms of cyber crime. In its purest sense, it involves criminals gaining unauthorised access to a network, deploying ransomware to encrypt the files, denying the business access to their files and networks, and demanding a ransom be paid to decrypt them. In many cases, this cripples a business’ ability to operate. Increasingly, criminals will also steal sensitive data as part of the attack so they can extort businesses threatening to post their sensitive data online or share it with competitors.

In short, prevention is always better than cure. Businesses must take cyber security seriously. There are a range of cyber security maturity frameworks and models that businesses can employ as a starting point. The Australian Cyber Security Centre has the Essential Eight, which is a series of practical and pragmatic measures that companies should take to secure their systems. This lays out how you can embed cyber security into your business, from having backup data to ensure business continuity to instituting well-rehearsed incident response plans.

From a law enforcement perspective, it is critical that businesses report breaches. Ransomware in Australia is underreported, but police play an incredibly important role in responding to cyber crime by gathering evidence, deterring criminals and bringing them to justice. Reporting a cyber crime should be viewed the same as reporting other types of crime to [the] police.

Garman: So how does the AFP bring people to justice?

Goldsmid: As mentioned, we have operational teams that are multidisciplinary, made up of investigators, technical staff and intelligence officers all working together to investigate criminals, disrupt crime and bring offenders to justice. I’m proud to say we’ve had some amazing operational results arresting cyber criminals both in Australia and offshore.

One recent example is Operation Dunkfeld. In March 2023, the AFP took action against a cyber crime network that is alleged to be involved in a range of crimes, including business email compromise and money laundering. We have arrested four people across Australia so far that we allege are members of that network and allege have earned $1.7 million through their crimes.

Garman: There are some alarming statistics about paying ransoms, suggesting that the businesses might be targeted again or never actually get their data back. What’s the AFP’s position on this?

Goldsmid: The Australian government is very clear about the payment of ransoms. The government does not condone the payment of ransoms because it fuels the criminal business model behind ransomware and incentivises those criminals to continue. There’s also no guarantee that criminals will deliver what they say they will. Once data has been stolen, it’s been stolen. It’s left the safety of your network and gone into the hands of criminals. There is no guarantee they did not duplicate or onsell the data.

Garman: Of course, cyber crime is a borderless phenomenon. How is the AFP collaborating with law enforcement agencies overseas to combat cyber crime?

Goldsmid: Cyber crime is truly transnational, and as such, we place significant emphasis on our international reach and offshore partnerships. For cyber crime, specifically, the AFP has six cyber crime liaison offices based offshore to help us better work with our international partners. These officers are based in South Africa, two in the US, the UK, Serbia and the Netherlands.

We also work closely with several multilateral institutions. This includes the Five Eyes Law Enforcement Group with our colleagues in the US, UK, Canada and New Zealand. We also work with Europol and Interpol as global enforcement bodies to share intelligence, coordinate operational activities and collaborate on capability, including advancing our tools, training and equipment. Each of these partnerships provides really good forums for law enforcement to come together and tackle what is truly a transnational problem.

The AFP also has bilateral relationships with law enforcement agencies across the globe for direct and ongoing communications and intelligence sharing. It’s these partnerships that enhance our situational awareness so we can continue protecting Australians and Australian businesses.

Garman: What are some of the cyber crime trends that we should be keeping an eye on?

Goldsmid: One of the primary mechanisms we use to monitor cyber crime trends is ReportCyber, the national cyber crime reporting system. This is where members of the public, both businesses and individuals, can report if they’ve been a victim of a cyber crime. The ReportCyber system automatically refers the report to the relevant policing jurisdiction.

In the 2021–2022 financial year, we had 76,000 cyber crime reports in Australia – a 13 per cent increase [from] the year before. Currently, we’re receiving a cyber crime report every seven minutes.

Some of the primary threats that we are seeing include business email compromise, identity theft malware and ransomware.

Garman: For those businesses and individuals who are inspired to support the AFP, how could they get involved?

Goldsmid: We’re always recruiting and looking for talented people to join our team and take up the fight against cyber criminals causing harm to Australians. Our teams are multidisciplinary, including police, intelligence officers, technical staff and professional staff – spanning both sworn and unsworn roles.

We’re currently on the lookout for a range of personnel, especially technical staff, so please keep an eye out on our website for further details!

Garman: Thanks so much for your time, Commander. It’s greatly appreciated.

Goldsmid: Thanks, Liam!

To hear from Commander Chris Goldsmid LIVE, you can register for the Tech in Gov conference here.

Liam Garman

Liam Garman is the editor of leading Australian security and defence publications Cyber Daily and Defence Connect. 

Liam began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed a range of international media and communications campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to researching and writing extensively on geopolitics and defence, specifically in North Africa, the Middle East and Asia. He holds a Bachelor of Commerce from the University of Sydney and a Masters of Strategy and Security from UNSW Canberra, with a thesis on postmodernism and disinformation operations.