AFP logo at EBB Canberra

Cyber criminals stopped from stealing tens of millions of dollars as AFP unleashes new cyber punch

29 November 2021, 8:46am
Media Release

Cyber criminals stopped from stealing tens of millions of dollars as AFP unleashes new cyber punch

The AFP has stopped cyber criminals from stealing $24 million from the superannuation accounts of hard-working Australians and launched several counter strikes to stop millions of dollars more being siphoned offshore.

Today, the AFP can reveal the details of cybercrime operations which prevented significant losses by businesses and individuals, including elderly Australians tricked into giving away hundreds of thousands of dollars.

It comes as the Minister for Home Affairs Karen Andrews today announces the Joint Policing Cybercrime Coordination Centre – the JPC3 – which will be operational from March 2022.

 “By cracking down on cybercrime and enhancing the nation’s cybersecurity, the Morrison Government is protecting Australians and securing our economic recovery,” Minister Andrews said.

“This AFP-led cybercrime centre will be cutting edge, and will ensure Australia is leading the world on cyber security.

“Australians work hard for their money and the AFP is working tirelessly to prevent cyber criminals from scamming, stealing, and defrauding them.

“The JPC3 will super charge our efforts to seize criminals’ money and assets, put offenders behind bars, and protect Australian’s digital data.”

The JPC3 will be led by well-respected Assistant Commissioner Justine Gough, who will operate a new Cyber Command.

Acknowledging the growing threat, Assistant Commissioner Gough will become the AFP’s first full-time executive dedicated to countering cyber crime.

Assistant Commissioner Gough, who was most recently the Assistant Commissioner in Eastern Command (NSW) as well as heading cyber crime, is one of the AFP’s most experienced leaders.

Assistant Commissioner Gough has been a member of the AFP for 31 years, holds a Master’s Degree in Psychology and Terrorism, and completed leadership courses at the FBI National Academy at Quantico. On returning to Australia in 2019 after a four-year posting as the AFP’s senior liaison officer in Hong Kong, Assistant Commissioner Gough was promoted to Crime Operations.

Assistant Commissioner Gough has recently overseen a significant number of cyber crime investigations that have not only stopped Australian’s from losing their lifesavings, but intervened to prevent significant business compromise.

Under Operation Zinger, the AFP, working with a foreign law enforcement agency, identified a criminal marketplace dealing in the online sale of cybercrime software.

The AFP identified there had been more than 500,000 compromised online credentials. By performing data science operations on 500 gigabytes of data, the AFP was able to determine victims and offenders.

In May 2021, the AFP worked with Australian partners and undertook operational disruptive activity.

The AFP contacted 20 superannuation companies, facilitated the remediation of more than 25 managed super information systems allowing the protection of 681 matched super accounts attached to members and 35 matched super accounts attached to employers.

This AFP’s operational activity prevented $23.9 million in superannuation being lost to cyber criminals.

Under Operation Dolos, a joint AFP and state and territory police taskforce focusing on business email compromise, several cybercrime financial kill chains were initiated to stop the transfer of money.

Last financial year, Operation Dolos prevented about $8.5 million being lost to cyber criminals.

In one case, a Canberra woman who was purchasing property, fell victim to a scam and mistakenly transferred $1.03 million to a criminally-controlled bank account.

However, the AFP worked closely with a major bank to hold the funds before the money could be transferred overseas.

In a similar example, an elderly woman finalising a payment for settlement of property transferred $500,000 into a domestic bank account after she received an email from a cyber criminal she believed was her solicitor. When her solicitor told her the money had not been received, ReportCyber was immediately notified, sparking Operation DOLOS to alert a major bank NAB.

More than 80 per cent of the women’s cash was retrieved.

Also under Operation Dolos, the AFP, working with international partners, was able to recover almost $2 million for an Australian medical research company.

The company had a contract with a Dutch company to install fittings at their new construction site.

Three payments, totally $3.5 million, were made before the company realised it had fallen victim to business email compromise.

The AFP was notified and was able recover $1.19 million with the assistance of INTERPOL Hong Kong.

The AFP and Victoria Police worked with the Royal Canadian Mounted Police to identify a Canadian person involved in the business email compromise, with the Calgary Police Service later arresting the suspect.

Operation Capertee is an ongoing investigation into large-scale, highly-sophisticated syndicate using malware that can compromise the financial details of bank holders.

In 2020, the AFP identified 27,000 potential victims and alerted Westpac, CBA, NAB and ANZ of potential compromise so preventative measures could be put in place.

Assistant Commissioner Gough said AFP Cybercrime Operations had charged eight offenders with 21 offences, and carried out 163 disruption activities in the past financial year.

 “The AFP, with our partners, are disrupting highly-sophisticated criminal syndicates both onshore and offshore,’’ Assistant Commissioner Gough said.

“The AFP has investigated a large range of cybercrime methods with business email compromise, intrusion against industry/government and malware at the top of the list.

“Investigations primarily covered ACT, NSW, VIC and QLD jurisdictions however, given the borderless nature of the cybercrime, victims and offenders were located right around Australia.

“The JPC3, plus the new cyber command will work hand in glove with the Australian Signals Directorate and the Department of Home Affairs, to help protect Australians from cyber criminals.

“It means the AFP-led JPC3 will target at scale those cyber criminals who trick firms using business email compromise or unleash mass phishing attacks, which can scam individuals out of personal information or money.”

The JPC3 will continue to work closely with the Australian Cyber Security Centre (ACSC), which is Australia’s operational lead on cyber security incidents. Victims of cybercrime should report incidents through the ACSC’s ReportCyber portal on, or continue to contact the Australian Cyber Security Hotline (1300 CYBER1).

Media enquiries:

AFP Media: (02) 5126 9297