A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders.
Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, while also administering the tool from 2013 until its shutdown in 2019 as part of a coordinated Europol-led exercise.
“The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries,” the Australian Federal Police (AFP) alleged in a press release over the weekend.
The defendant has been slapped with six counts of committing a computer offense by developing and supplying the malware, in addition to profiting off its illegal sale.
Another woman, aged 42, who lives in the same home as the accused and is identified as his mother by The Guardian, has also been charged with “dealing with the proceeds of crime.”
The AFP said the investigation, codenamed Cepheus, was set in motion in 2017 when it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. Federal Bureau of Investigation (FBI).
The operation, which saw 85 search warrants executed globally in collaboration with more than a dozen European law enforcement agencies, culminated in the seizure of 434 devices and the arrests of 13 people for using the malware for pernicious purposes.
No fewer than 201 individuals obtained the RAT in Australia alone, with 14.2% of the buyers named as respondents on domestic violence orders. Also featured among the purchasers is a person registered on the Child Sex Offender Register.
Distributed via emails and text messages, Imminent Monitor came with capabilities to surreptitiously log keystrokes as well as record the devices’ webcams and microphones, making it an effective tool for users to keep tabs on their targets.
Later versions of the Windows malware also introduced options for “hidden” remote desktop protocol (RDP) access and even running a cryptocurrency miner on victim’s machines – a feature not commonly associated with a remote access tool.
The surveillanceware, sold for about AUD$35 on an underground hacking forum, is estimated to have netted the operator anywhere between $300,000 and $400,000, most of which was subsequently spent on food delivery services and other consumable and disposable items, the AFP said.
According to a 2019 report from Unit 42, John Keene went by the alias “Shockwave™” and had previously offered a distributed denial-of-service (DDoS) tool called Shockwave™Booter in early 2012, before switching to Imminent Monitor.
The agency said it believed there were tens of thousands of victims around the world, including 44 in Australia. If proven guilty, the suspect faces a maximum penalty of 20 years imprisonment.
“These types of malware are so nefarious because it can provide an offender virtual access to a victim’s bedroom or home without their knowledge,” Chris Goldsmid, AFP commander of cybercrime operations, said.
“Unfortunately there are criminals who not only use these tools to steal personal information for financial gain but also for very intrusive and despicable crimes.”