Undercover cop’s splurge on Aussie identities
An undercover cop using a fake identity and bitcoin currency bought hundreds of passports, drivers' licences and a raft of other personal identity documents of unsuspecting Australians.
The Australian Federal Police officer spent six months with an online disguise trawling the web negotiating with shady operators offering a smorgasbord of real and forged identity documents.
For just $US2,125.85 paid in bitcoin, the officer obtained the passports and licences, as well as Medicare cards, an electricity bill, a personal loan application and a credit card application package.
There were enough documents to pass the Australian Banking systems 100-point identity check, steal an identity, open accounts and take out loans.
More than 250 passports were scanned and delivered electronically while physical documents including drivers' licences, were sent by airmail from addresses in Hong Kong and the United States to Melbourne.
The operation allowed the AFP to gather valuable information about how easy it is to buy identity documents.
When contacted by News Corp Australia, an AFP spokeswoman said she could not comment on the undercover operation.
But it appears Australian law enforcement authorities are expanding their undercover and "controlled operations" which authorise police officers to engage in criminal activity to catch criminals.
But it appears the police don't even need to go undercover anymore as the sale of identity documents has become so blatant and commonplace the marketplaces are easy to find.
Professor David Lacey, the managing director of IDCare, Australia and New Zealand's national identity and cyber support service, said it doesn't have to be a controlled police operation it has become so open.
He said the identity fraud market runs on supply and demand like any other commodity and currently drivers' licences are readily available from $2 to $80.
"The prices depend on the credibility of the market place and the seller and even their customer ratings," Professor Lacey said.
"The physical drivers' licence is often not required for transactions, just the number, making it the document of choice," he said.
This week IDCare which scans the Dark Web looking for Australian documents for sale, has contacted four people from NSW and Queensland, warning them their identity documents are currently available for sale.
A recent IDCare report revealed the most common Australian credential for sale is the NSW RMS Licence - and there were 24 for sale in September last year.
The report showed there were 12 market places on the Dark Web that operate in a similar way to "eBay" "specialising in Australian identity credentials".
One of the most prominent vendors of information is someone called "Telstra" who describes themselves as "your favourite vendor of Australian IDs".
Telstra has a 93 per cent positive rating which indicates reliability and satisfaction of products sold.
Former FBI agent and cyber security expert, Don Codling, warned that such a wealth of information as obtained by the AFP could enable a crook to burn through the legitimate lives of real people leaving a trail of debts, and wreckage causing problems for years to come.
The CEO of the Washington-based Codling Group International, Mr Codling said a crook using the information to steal an identity profile was unlikely to be caught unless someone did tertiary checks of things like fingerprints, retina scans or DNA swabs.
Professor Lacey said there was an exponential jump in data breaches in Australia last year but it didn't lead to the same jump in examples of misuse. But he thinks it will come.
"We are waiting for the next wave of misuse to hit," said Professor Lacey.
Australia's former federal government cybersecurity chief, Alastair MacGibbon, said it is unfortunate scammers can use the documents to "game the system" and "there does need to be better protections".
WHAT THE AFP UNDERCOVER OPERATIVE BOUGHT
257 scanned Australian passports
6 physical Australian drivers licences
1 digital Australian personal loan application (fraudulent)
1 digital Australian credit card application package (fraudulent)
2 Medicare cards fraudulent
1 electricity bill form Ergon Energy (fraudulent)
Originally published as Undercover cop's splurge on Aussie identities