Bungling Optus scammer was no criminal mastermind

Graham Cluley
@gcluley

Bumbling Optus scammer was no criminal mastermind

Dennis Su isn’t the person who hacked Australian telecoms giant Optus last September, in one of the biggest data breaches in the country’s history.

But he did attempt to exploit the hack which exposed the personal details of as many as 10 million customer Optus accounts to his own benefit.

Su, who was 19 years old at the time of his bungled crime spree, sent SMS text messages to 92 Optus customers telling them that their personal details would be sold to fraudsters within days unless AU $2,000 (approximately US $1,400) was transferred into a bank account.

Sms message

First mistake: Su didn’t demand his ransom payment in cryptocurrency, which would have been harder for the authorities to track. Instead, he gave his intended victims the bank account details… of his 15-year-old brother.

Second mistake: When Su sent the SMS text messages, he sent them from his own mobile phone number.

In case you’re wondering, Australlian police didn’t have too much trouble working out who was responsible…

EmailSign up to our newsletter
Security news, advice, and tips.

Su, who reportedly saw “an opportunity to make quick money” as he was “having a difficult time being unemployed,” was hardly demonstrating his intelligence to any future employer with these kind of elementary bungles.

“He was going to be caught pretty easily, I would have thought. It wasn’t a sophisticated method of hiding behind encrypted accounts,” said Magistrate Emma Manea at Sydney’s Downing Centre Local Court.

According to local news reports, Su has apologised for his crimes.

Clearly recognising that Su assisted the police with their investigation and that prison might not be the best place for him, Ms Manea sentenced Su to an 18-month community corrections order and 100 hours of community service.

Perhaps the biggest punishment of all will be Dennis Su’s name being forever associated with an extraordinarily inept and cack-handed attempt to frighten people out of money.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.