A Sydney teenager who attempted to blackmail victims of the notorious Optus data breach could face up to 10 years' imprisonment after pleading guilty in court.
19-year old Dennis Su allegedly sent texts to 93 Optus customers demanding they transfer $2,000 to a designated bank account, or "face their personal information being used for financial crimes".
Not long after, Australian Federal Police (AFP) investigated Su's scam messages – which haphazardly contained a Commonwealth Bank account belonging to Su's younger brother.
This traceable bank account was quickly picked up on by AFP officers, who later seized a mobile phone linked to Su's text messages during the search of a home in Rockdale on 6 October.
The teenager was arrested in October and charged by the AFP with two offences:
a. Using a telecommunication network with the intent to commit a serious offence, contrary to section 474.14 (2) of the Criminal Code Act 1995 (Cth), where the serious offence is blackmail, contrary to section 249K of the Crimes Act 1900 (NSW). This offence is punishable, upon conviction, by a penalty not exceeding that of the serious offence, being a maximum penalty of imprisonment for 10 years; and
b. Dealing with identification information, contrary to section 192K of the Crime Act 1900 (NSW).
On Tuesday in Downing Centre Local Court, Su's lawyer entered guilty pleas to two counts of using equipment connected to a network to commit a serious offence.
Magistrate Susan Horan noted the maximum penalty was 10 years' imprisonment.
How did Su launch the scam?
The agreed facts of the case tell Su accessed hacked data via online forums and saved the contact numbers of 100 affected Optus customers to his iPhone.
Not one recipient of Su's scam messages paid his $2,000 demands, however, the court documents reveal one recipient of the texts replied with nothing more than an emoji.
Su reportedly reacted to this by returning to the online forums and identifying the respondent by their full name.
He did this "to give himself credibility", but the victim later responded with: "The police have your details. And I have nothing you can gain. Good luck."
According to the court documents, Su also admitted to having sent the messages, allegedly "because he was having a difficult time being unemployed and he saw an opportunity to make 'quick money'."
The magistrate was told Mr Su had written a letter of apology to the court.
Police were quick to note Su is not responsible for the original Optus hack in September, but the teenager was aptly charged for attempting to benefit financially from the stolen data records.
Su has been seeing a counsellor following the crimes, from whom two reports have been tendered during the case.
According to Magistrate Susan Horan, a further sentencing assessment report was also required before the case could be finalised.
Su will be sentenced on 7 February 2023.