Bungling Optus scammer was no criminal mastermind

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Bumbling Optus scammer was no criminal mastermind

Dennis Su isn’t the person who hacked Australian telecoms giant Optus last September, in one of the biggest data breaches in the country’s history.

But he did attempt to exploit the hack which exposed the personal details of as many as 10 million customer Optus accounts to his own benefit.

Su, who was 19 years old at the time of his bungled crime spree, sent SMS text messages to 92 Optus customers telling them that their personal details would be sold to fraudsters within days unless AU $2,000 (approximately US $1,400) was transferred into a bank account.

Sms message

First mistake: Su didn’t demand his ransom payment in cryptocurrency, which would have been harder for the authorities to track. Instead, he gave his intended victims the bank account details… of his 15-year-old brother.

Second mistake: When Su sent the SMS text messages, he sent them from his own mobile phone number.

In case you’re wondering, Australlian police didn’t have too much trouble working out who was responsible…

Sign up to our free newsletter.
Security news, advice, and tips.

Su, who reportedly saw “an opportunity to make quick money” as he was “having a difficult time being unemployed,” was hardly demonstrating his intelligence to any future employer with these kind of elementary bungles.

“He was going to be caught pretty easily, I would have thought. It wasn’t a sophisticated method of hiding behind encrypted accounts,” said Magistrate Emma Manea at Sydney’s Downing Centre Local Court.

According to local news reports, Su has apologised for his crimes.

Clearly recognising that Su assisted the police with their investigation and that prison might not be the best place for him, Ms Manea sentenced Su to an 18-month community corrections order and 100 hours of community service.

Perhaps the biggest punishment of all will be Dennis Su’s name being forever associated with an extraordinarily inept and cack-handed attempt to frighten people out of money.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.