By Paul Gregoire and Ugur Nedim
Inner west Sydney resident Adam Hills was arrested last week over an alleged cyber fraud operation involving him stealing the personal data of more than 80 people online, and then using it to unlock both bank and superannuation accounts to withdraw money.
From there Jones used individuals’ personal details to open bank accounts in victims’ name and redirect regular electronic fund transfers into the new accounts. The thief was also able to consolidate people’s superannuation funds into super accounts he’d created.
Thought to have been a decade in the making, the cross-border $11 million fraud racket, which was masterminded by Jones, involved two co-accused who were arrested in Adelaide on 5 February, which was the same day police picked up Jones in the Green Square public library.
Mr Jones appeared before Newtown Local Court on the day following his arrest. He’s been charged with 24 offences, but more are expected to follow. Although he didn’t apply for bail, it was formally refused. And his next court appearance is set for 2 April.
Amongst the charges that Jones is facing is the offence of dealing with identification information to commit an indictable offence, which falls under section 192J of the Crimes Act 1900 (the Act). And with a maximum penalty of 10 years imprisonment, it’s a serious crime.
Of course, with banking and financial institutions having become increasingly digitalised, identity theft and data misuse crimes have been on the rise, which means criminals can operate from almost anywhere using a laptop. And these companies don’t always report the full extent of the crimes.
In response to this, NSW parliament passed the Crimes Amendment (Fraud, Identity and Forgery Offences) Bill 2009 (the Bill) on the 2 December that year. It created three new identity theft offences, with the one outlined above carrying the heaviest penalty.
Taking effect on 22 February 2010, the Bill inserted section 192I into the Act, which defines identification information as data related to an individual – whether they’re “living or dead, real or fictitious, or an individual or body corporate” – which can be used to identify them.
This can include name and address, date of birth, marital status, a relative’s information, identification documents details, biometric data, a voice print, financial details, account passwords, digital signatures and ABNs.
Possession of identification information was another new offence the legislation created, which is under section 192K of the Act. It entails an individual being in possession of such data for the purpose of using it in an indictable offence, and it carries a maximum of 7 years behind bars.
While the Bill also created the offence of possession of equipment to make identification documents for the purpose of carrying out an indictable offence. It falls under section 192L of the Act and a maximum penalty of 3 years gaol time applies.
The most common fraud offence is contained in section 192E of the Act. This is the offence of fraud, which involves an individual using deception or dishonesty to obtain the property of another or obtain financial advantage or cause monetary disadvantage.
Someone convicted of the offence of fraud in NSW can be sent to a correctional facility for up to 10 years.
This section stipulates that obtaining the property of another can be dishonest even under circumstances where the offender is willing to pay for it. Fraud can also involve a deficiency in money or property, even if this relates to a number of sums of money or items of property.
And it sets out that fraud is an alternative verdict to the offence of larceny, or any offence that includes larceny. And a conviction for the offence of larceny or another offence involving it is an alternative verdict to fraud.
The offence of fraud does include online activity, as subsection 192B(1)(b) of the Act defines deception as behaviour involving “conduct by a person that causes a computer, a machine or any electronic device to make a response that the person is not authorised to cause it to make”.
Rising identity theft
Another major online identity theft operation was shut down by police last September. It involved the arrest of four members of an organised crime network at several Sydney locations, following an eight month investigation by State Crime Command’s Financial Crimes Squad.
It was alleged the gang created more than 300 false accounts through an online banking portal, which were then used to apply for credit cards and loans to a value exceeding $2 million. The cards were then used to purchase luxury goods and withdraw cash for daily expenses.
NSW police initially arrested a 46-year-old man on 17 September in the southwestern suburb of Wiley Park. And subsequently two further search warrants were executed at a property in the same suburb and another in Mascot.
The Wiley Park resident was charged with possession of identification information with the aim of committing an offence, obtaining property by deception, dealing with the proceeds of crime, and participating in a criminal group,
Incorporating biometric technology
Interestingly, journalist Justin Hendry writing in iTnews asserts that until biometric technology is incorporated into how financial services are run, those committing fraud will automatically move online because it’s perceived as “the weakest link”.
Biometric technology uses a person’s actual body parts to identify them digitally, which could then be used in accessing bank accounts online. Biometrics can include facial recognition, fingerprints, palm prints and retina recognition.
Hendry further explains that some financial institutions are actually expecting that prior to biometric technology being utilised as part of their systems, there will be a big push from criminals activating fraudulent accounts and cards ahead of its roll out.
However, two aspects related to biometrics being attached to online banking are of concern. The first is that biometric technology – at least the facial recognition side of it – has been shown to be hopelessly flawed.
The second concern is that if biometric technology is incorporated into these systems, it’s more than likely that online fraudsters will work out how to pilfer and use that information as well.