A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders.
Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to working as the administrator for the tool from 2013 until its shutdown in 2019 by the authorities.
“The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries,” the Australian Federal Police (AFP) alleged in a press release over the weekend.
The defendant has been slapped with six counts of committing a computer offense by developing and supplying the malware, in addition to profiting off its illegal sale.
Another woman, aged 42, who lives in the same home as the accused and is identified as his mother by The Guardian, has also been charged with “dealing with the proceeds of crime.”
The AFP said the investigation, codenamed Cepheus, was set in motion in 2017 when it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. Federal Bureau of Investigation (FBI).
The operation, which saw 85 search warrants executed globally in collaboration with more than a dozen European law enforcement agencies, culminated in the seizure of 434 devices and the arrests of 13 people for using the malware for pernicious purposes.
No fewer than 201 individuals obtained the RAT in Australia alone, with 14.2% of the buyers named as respondents on domestic violence orders. Also featured among the purchasers is a person registered on the Child Sex Offender Register.
Distributed via emails and text messages, Imminent Monitor came with capabilities to surreptitiously log keystrokes as well as record the devices’ webcams and microphones, making it an effective tool for users to keep tabs on their targets.
The surveillanceware, sold for about AUD$35 on an underground hacking forum, is estimated to have netted the operator anywhere between $300,000 and $400,000, most of which was subsequently spent on food delivery services and other consumable and disposable items, the AFP said.
The agency said it believed there were tens of thousands of victims around the world, including 44 in Australia. If proven guilty, the individual faces a maximum penalty of 20 years imprisonment.
“These types of malware are so nefarious because it can provide an offender virtual access to a victim’s bedroom or home without their knowledge,” Chris Goldsmid, AFP commander of cybercrime operations, said.
“Unfortunately there are criminals who not only use these tools to steal personal information for financial gain but also for very intrusive and despicable crimes.”