Police in Victoria are seeing “significant growth in individual and organised criminal activity” online, which they attribute to the “anonymity, relatively low risk, wide reach and high yield cybercrime can offer.”
In a submission to the Commonwealth Parliamentary Joint Committee on Law Enforcement, police say Victorians report more than 2,000 cyber-crimes each month, with a rolling 12-month average total loss to victims of almost $400 million.
It also revealed that more than 11,000 cybercrime incidents have been linked to the Medibank data breach, which saw the private details of 9.7 million people stolen by a Russian hacker and released on the dark web in November 2022.
The submission credits police with Operation Guardian, where federal, state and territory police cooperated to “identify, disrupt, charge and prosecute any person seeking to exploit personally identifiable information (PII) obtained from [a] data breach.”
It was originally established to monitor misuse of data from the Optus breach in 2022, before being expanded to include the fallout from hacks of Medibank (2022), Woolworth subsidiary MyDeal (2022), Latitude Financial (2023) and file transfer service GoAnywhere (2023).
Ransomware Attacks Targeting Government Bodies
Police also revealed that in 2022-23, ransomware attacks were made against the Victorian State Revenue Office, Fire Rescue Victoria, Port Phillip Prison, Melbourne Custody Centre (G4S), and a regional secondary school.
In the same year, 31.1 percent of all Victorian ReportCyber incidents were due to financial losses from cryptocurrency.
Recent revisions to the law allow Victoria Police to search and seize cryptocurrency, but do not extend to data held in virtual environments, such as cloud services. In response, the police want such powers.
They also call for legislative amendments to overcome the difficulties faced by law enforcement agencies in obtaining evidence that is encrypted, and the creation of an offence that covers the use of deepfake material for criminal purposes.
Other areas of proposed change include the distribution, or publishing of digital blueprints for 3D printing of guns, as well as for possession of malicious software.
“Once legislative frameworks are expanded to better enable search and seizure of data, appropriate tools will be required to ensure electronic capture and production is forensically sound,” the submission said.
Victoria Police also complained it was dealing with “a disproportionately higher rate of cybercrime relative to the population.”
