Brisbane man sentenced to more than two years for buying stolen data
Editor’s note: Images and footage are available via Hightail
A Brisbane man was today (21 December, 2023) sentenced to more than two years’ imprisonment for purchasing stolen credentials through an online criminal marketplace.
The AFP began investigating the man, 25, in November 2020, when he was found to be using an invite-only website – known as Genesis Market – which sold login credentials, browsing history, autofill form data and other sensitive data from compromised devices.
Police executed a search warrant at the man’s Woolloongabba home on 27 October, 2022, where they seized several electronic devices, including two mobile phones and storage devices.
During the warrant, the man admitted to being a user of Genesis Market. He was arrested and charged, with a subsequent forensic examination of his devices showing he had purchased almost 1000 bots containing stolen login information.
Each bot contained details including browsing history, associated cookies and login details, with one bot found to contain login information for more than 100 accounts.
Many of the login details included usernames and passwords to social media platforms, government services and online banking, which criminals could then use to defraud victims.
Genesis Market was shut down following an international investigation led by the FBI and assisted by the AFP, NSW Police Force, Victoria Police, Queensland Police Service and Western Australia Police Force.
At the time of the takedown, Genesis Market offered access to more than 1.5 million compromised computers – each containing information for dozens of accounts.
AFP Commander Cybercrime Operations Chris Goldsmid said personal data continued to increase in value for criminals and urged the public to be vigilant.
“Cybercrime is the break-and-enter of the 21st century and will only continue to increase in frequency and severity,” he said.
“We need everyone to practice good cyber hygiene to help us make Australia a hostile environment to cybercriminals.
“Simple things like using different passwords for each of your accounts, using longer passphrases and enabling two-factor authentication can go a long way in keeping your information safe.
“I also want to warn anyone who is buying or selling stolen information online - you are committing an offence and you can expect to hear a knock on the door from police.”
The man pleaded guilty on 22 March, 2023 to the following offences:
- Four counts of unauthorised access to restricted data, contrary to section 478.1(1) of the Criminal Code 1995 (Cth); and
- Two counts of possessing data with the intent to commit a computer offence, contrary to section 478.3(1) of the Criminal Code 1995 (Cth).
He was today sentenced by the Brisbane District Court to a head sentence of two years and six months. He has been released on a $2,000 recognizance order on the condition he is of good behavior for five years and subject to two years’ probation.
Dutch Police developed a portal where you can check if your personal details were compromised on Genesis Market. Visit www.politie.nl/checkyourhack.
If you believe you’ve been a victim of cybercrime you should report it to police using Report Cyber at www.cyber.gov.au.