A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders.
Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, while also administering the tool from 2013 until its shutdown in 2019 as part of a coordinated Europol-led exercise.
“The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries,” the Australian Federal Police (AFP) alleged in a press release over the weekend.
The defendant has been charged with six counts of a computer offence for creating and supplying the malware as well as earning money from its unauthorised sale.
A second lady, 42, who The Guardian claims is the accused’s mother and resides in the same house, has also been charged with “dealing with the proceeds of crime.”
According to the AFP, the probe, known as Cepheus, began in 2017 when the U.S. Federal Bureau of Investigation and cybersecurity company Palo Alto Networks informed them of a “suspect RAT” (FBI).
In coordination with more than a dozen European law enforcement agencies, 85 search warrants were issued globally as part of the operation, which resulted in the seizure of 434 devices and the detention of 13 people for utilising the malware for evil.
In Australia alone, 201 people purchased the RAT, with 14.2 percent of the purchasers being identified as respondents to domestic violence orders. A person listed on the Child Sex Offender Register is also among the buyers.
Imminent Monitor, which was distributed via emails and text messages, included features that allowed users to covertly collect keystrokes as well as record audio and video from cameras and microphones on target computers.
Later iterations of the Windows malware added options for “hidden” RDP access and even the ability to launch a bitcoin miner on victims’ computers—a function not typically found in a remote access tool.
The operator is thought to have made between $300,000 and $400,000 from the surveillanceware, which was sold for approximately AUD$35 on a darknet hacker site. According to the AFP, the majority of this money was then used to pay for food delivery services and other consumable and disposable things.
In early 2012, John Keene, also known as “ShockwaveTM,” sold a distributed denial-of-service (DDoS) tool with the moniker ShockwaveTMBooter before converting to Imminent Monitor, according to a 2019 report by Unit 42.
The organisation reported that it thought there were tens of thousands of victims worldwide, including 44 in Australia, 333 in Nigeria with the United States having the highest of 1,552 users. The suspect could get a maximum sentence of 20 years in jail if found guilty.
According to Chris Goldsmid, AFP commander of cybercrime operations, “These sorts of malware are so diabolical because it may provide an offender virtual access to a victim’s bedroom or home without their awareness.”
“Unfortunately, there are criminals who use these tools for extremely invasive and reprehensible crimes in addition to identity theft for financial gain.”