At least 44 Australian victims have been identified after the arrest of a 24-year-old Brisbane man named as the author of remote access trojan (RAT) spyware, who made up to $400,000 by selling the ‘stalkerware’ to more than 14,500 people in 128 countries.
Called Imminent Monitor (IM), the application allows users to monitor and control users’ computers, spy on them using the devices’ webcams and microphones, and log keystrokes to capture passwords or communications.
It can be installed on victims’ computers by tricking them into clicking on a malicious link sent by email or text message – a tactic that has led to such tools being branded as stalkerware because they are favoured by domestic abusers.
“These types of malware are so nefarious because [they] can provide an offender virtual access to a victim’s bedroom or home without their knowledge,” Australian Federal Police (AFP) commander of cybercrime operations Chris Goldsmid said as the arrest was announced.
The investigation not only identified the author of IM – Frankston man Jacob Wayne John Keen, who was just 15 years old when he wrote the program in 2013 – but was able to identify the 201 Australian individuals who bought the program and the 44 Australian victims who were targeted.
Fully 14.2 per cent of the purchasers of the application have been named as respondents on domestic violence orders – a “statistically high percentage”, the AFP notes – and one is currently registered on the Child Sex Offender Register.
“Unfortunately,” Goldsmid said, “there are criminals who not only use these tools to steal personal information for financial gain, but also for very intrusive and despicable crimes.”
The AFP “believes there were tens of thousands of victims globally”, the agency said, noting that analysis had shown the man spent most of the proceeds from the $35 ($US25) application on food delivery services and other “consumable and disposable items.”
The arrested man's bedroom. Photo: Australian Federal Police
Another win for investigators
The charging of Keen is a win for investigators, who spent several years working with international colleagues on Operation Cepheus after being alerted about a “suspicious” new RAT by the US FBI and cybersecurity firm Palo Alto Networks in 2017.
The two-year investigation included five AFP cybercrime investigators and led to the takedown of IM in November 2019, with authorities from a dozen authorities in eight countries working together to shut down the system.
Keen is alleged to have written the program in his Brisbane bedroom and now lives in Frankston, Melbourne.
At that time, search warrants on his former home uncovered “a number of devices including a custom-built computer containing code consistent with the development and use of the RAT,” the AFP said.
He faces up to 20 years’ imprisonment after being charged on six counts including committing a computer offence, unauthorised modification of data to cause impairment, and dealing in the proceeds of crime to the value of $100,000 or more.
“This outcome is the culmination of years of collaboration between the AFP and its international partners,” Goldsmid said, “trawling through thousands of pieces of data to bring to account those who are responsible for breaching the privacy of innocent people.”
Although purchasing the RAT is not unlawful, the AFP noted, it is a crime to install the software on a victim’s computer without their consent.
A recent analysis found that “complacent” Australians are particularly vulnerable to the use of such software, with the ubiquity of the devices – and, in particular, the reputation of Apple’s iOS as being intrinsically secure – leading them to be less attuned to potential threats.
Yet the volume of such threats has escalated in recent years, with telcos recently forced to block the torrent of fake retail offers and delivery notices that malware authors use to trick their victims into installing RATs and other malware.
Detections of stalkerware reached record highs during 2021, but fell in the second half of the year, according to security firms Kaspersky and Malwarebytes – which hypothesised that the surge was due to real-world restrictions that had driven many domestic abusers to use the apps to track their physically separated victims.
In one recent Kaspersky study, 21 per cent of respondents said they suspect an intimate partner has spied on them using a phone app, while 24 per cent confirmed incidents of stalking by a partner through technology.