A 24-year-old Australian citizen has been charged with his alleged role in creating and selling spyware for use by domestic violence offenders and child sex offenders.
Jacob Wayne John Keen, who currently lives in Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to working as an administrator for the tool from 2013 until its closure in 2019 by authorities.
Frankston’s husband teamed up with a network of individuals and sold the spyware called Upcoming monitor (IM), to more than 14,500 people in 128 countries,” said the Australian Federal Police (AFP) so-called in a press release from the weekend.
The defendant was charged with six counts of committing a computer offense by developing and supplying the malware, in addition to profiting from its illegal sale.
Another woman, aged 42, who lives in the same house as the suspect and is identified as his mother by: the guardhas also been charged with “handling the proceeds of crime”.
The AFP said the investigation, codenamed Cepheus, was launched in 2017 when it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the US Federal Bureau of Investigation (FBI).
The operation, which involved the execution of 85 search warrants worldwide in conjunction with more than a dozen European law enforcement agencies, culminated in the seizure of 434 devices and the arrests of 13 people for using the malware for malicious purposes.
No fewer than 201 individuals achieved the RAT in Australia alone, with 14.2% of buyers named as respondents to domestic violence orders. Among the buyers is also a person who is registered in the Register Children’s Sex.
Distributed via emails and text messages, Imminent Monitor came with capabilities to covertly record keystrokes and record the devices’ webcams and microphones, making it an effective tool for users to monitor their targets.
The surveillance software, which sold for about AUD$35 on an underground hacking forum, is estimated to have netted the operator anywhere from $300,000 to $400,000, the bulk of which was subsequently spent on food delivery services and other consumables and disposables, according to the AFP. .
The agency said it believes there were tens of thousands of victims around the world, including 44 in Australia. If found guilty, the person faces a maximum penalty of 20 years in prison.
“This kind of malware is so nefarious because it can give an attacker virtual access to a victim’s bedroom or home without their knowledge,” said Chris Goldsmid, AFP’s Commander of Cybercrime Operations.
“Unfortunately, there are criminals who use these tools not only to steal personal information for financial gain, but also for highly intrusive and despicable crimes.”