Dennis Su isn’t the person who hacked Australian telecoms giant Optus last September, in one of the biggest data breaches in the country’s history.
But he did attempt to exploit the hack which exposed the personal details of as many as 10 million customer Optus accounts to his own benefit.
Su, who was 19 years old at the time of his bungled crime spree, sent SMS text messages to 92 Optus customers telling them that their personal details would be sold to fraudsters within days unless AU $2,000 (approximately US $1,400) was transferred into a bank account.
First mistake: Su didn’t demand his ransom payment in cryptocurrency, which would have been harder for the authorities to track. Instead, he gave his intended victims the bank account details… of his 15-year-old brother.
Second mistake: When Su sent the SMS text messages, he sent them from his own mobile phone number.
In case you’re wondering, Australlian police didn’t have too much trouble working out who was responsible…
Su, who reportedly saw “an opportunity to make quick money” as he was “having a difficult time being unemployed,” was hardly demonstrating his intelligence to any future employer with these kind of elementary bungles.
“He was going to be caught pretty easily, I would have thought. It wasn’t a sophisticated method of hiding behind encrypted accounts,” said Magistrate Emma Manea at Sydney’s Downing Centre Local Court.
According to local news reports, Su has apologised for his crimes.
Clearly recognising that Su assisted the police with their investigation and that prison might not be the best place for him, Ms Manea sentenced Su to an 18-month community corrections order and 100 hours of community service.
Perhaps the biggest punishment of all will be Dennis Su’s name being forever associated with an extraordinarily inept and cack-handed attempt to frighten people out of money.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.