Jozef Imrich, name worthy of Kafka, has his finger on the pulse of any irony of interest and shares his findings to keep you in-the-know with the savviest trend setters and infomaniacs.
''I want to stay as close to the edge as I can without going over. Out on the edge you see all kinds of things you can't see from the center.''
-Kurt Vonnegut
Aleksandr Ermakov - Ali Al Kinani - Alleged serial fraud operation 'prolific and sophisticated', court told TP
From small fish from Iraq 🇮🇶 To a whale from Russia 🇷🇺
Ali Al Kinani used a name that was not his own to make an online account with AllBids, which resells products, and used it to successfully bid on several items worth around $4800, court documents say.
Special Magistrate Hunter convicted and sentenced him to a 12-month good behaviour order with a $1000 fine.
Updated January 23 2024 - 5:59pm, first published 10:44am
A man is facing more than 130 fraud and theft charges after he allegedly stole an EFTPOS machine and is said to have possessed identity documents relating to 77 people.
"It is prolific and sophisticated offending," prosecutor Colin Balog said on Tuesday.
Police allege Ali Al Kinani, 34, stole the machine from the Canberra Labor Club in Belconnen last year.
He is accused of using it to steal more than $16,568 via unauthorised refunds in 19 separate transactions, and attempting to steal a further $55,651 in 36 transactions.
The man faced ACT Magistrates Court, where he was refused bail due to risks he might offend if released into the community.
His charges include 78 counts of possessing false documents, 19 counts of obtaining property by deception, two counts of possessing a device to make false documents and one count of money laundering.
On October 19 last year, police searched the alleged offender's Gungahlin home and found the EFTPOS machine in question.
Police also claim to have recovered bank cards and other identity documents.
Documents tendered to the court claim the man moved the allegedly stolen $16,568 through multiple bank accounts in other people's names.
"In an attempt to disguise its source before withdrawing it as cash or transferring into a bank account in his name," the documents state.
The EFTPOS machine and documents found by police. Picture supplied
Further investigation led to a second search of Al Kinani's home on Monday, when officers seized mobile phones as well as identity and allegedly falsified documents.
Police are set to determine if further offences have been committed after speaking to the 77 people possibly further affected.
Among other seized items from the man's home were card printers, 67 driver licenses,12 Medicare cards and 52 bank cards all in names other than Al Kinani, 24 other identification cards and payslips.
Police also located a message sent by the man to his wife asking for her to "clean the money". The context of the message is not known.
Mr Balog said the gravity of the alleged offending was "difficult to understate" and the risk of the man committing crimes while in the community was too high to release him on conditional liberty.
With the man's broken foot, the court heard, he was likely to seek an income through fraudulent activity while he was unable to work as a painter.
Defence lawyer Thomas Tiffen said strict bail conditions, including a cash surety, daily police reporting and not using a phone, could ameliorate any perceived risks.
Mr Tiffen told the court his client was not accused of committing any crimes or interfering with witnesses and evidence since being under the heavy scrutiny of police investigation.
Ultimately, Chief Magistrate Lorraine Walker cited a strong prosecution case and refused Al Kinani's bail.
Australia's list of sanctioned individuals gives the accused's full name as Aleksandr Gennadievich Ermakov and states that he's used the handles "aiiis_ermak," "blade_runner," "JimJones," and "GustaveDore."
The last is revealing: it's the name of a significant 19th-century French artist.
It may seem insignificant to name and sanction a single Russian man as the face of an appalling cyberattack against millions of Australian citizens. But Tuesday’s unmasking of Aleksandr Ermakov as the ringleader of the theft and publication of a huge cache of sensitive medical information looks like a strong and significant step towards demystifying and disrupting cybercrime.
Images frequently used in news articles about cybercriminals tend to depict mysteriously hooded, threatening-looking villains, whereas we have now been shown the reality: a bog-standard, friendly looking office IT or start-up worker, whose criminal life operates like a regular business.
Aleksandr Gennadievich Ermakov was born on May 16, 1990, and goes by a series of aliases online, which include GustaveDore, aiiis_ermak, blade_runner and JimJones. He operated as part of the well-known Russian ransomware group REvil, and will now be a risk not worth taking for any of the criminal groups he may have wished to associate with in future.
Cyber experts say he is unlikely to have been the sole mastermind behind the Medibank breach, and he probably won’t face criminal charges in Russia, but his exposure will serve as a warning to his peers, and his life will now have been turned upside down.
Other countries would be mad not to ban him from visiting, for example, and any criminal associates he may have will now want to firmly distance themselves.
Stopping ransoms
Tuesday’s announcement, by no less than three cabinet ministers, showed the government can and will track down the faceless cyber crooks who seek to hold businesses to ransom, while also cleverly pressuring all businesses to stop paying the ransoms in future cyberattacks.
When Home Affairs and Cybersecurity Minister Clare O’Neil unveiled her cyber strategy late last year, she lamented that she would love to have banned the payment of ransoms to hackers, but that was not yet practical. She said she would look to ban them once federal police were better equipped to fight cybercrime, and better support systems were in place for businesses undergoing an attack.
However, she made it clear that she wants payments to stop because every time a ransom is paid, it provides more funds to the attackers to hit other victims.
New international research conducted for software company Cohesity, which featured surveys with 300 Australian IT and security executives, found that 92 per cent think their company would pay a ransom to recover data and restore business processes.
With sanctions in place against Ermakov, the risks for an organisation doing so has increased.
“A blanket ban on ransom payments is a crude tool. However, by targeting an individual criminal, the government has thrown a Schrödinger’s disincentive into the mix. The sanctioned individual is still at large, and you won’t know if they are involved in the attack against you,” James Turner, managing director of CISO Lens, says.
Turner observes that a hacker will never give their identity when looking to negotiate a ransom payment, so a company will only realise they have breached the sanction when the authorities come calling. It is a smart tactic if it was intended.
Other experts, including Monash University professor Nigel Phair and Uptycs’ global managed detection and response director, Josh Lemon, also say they think the government has made an important step in a much bigger battle to make Australia a less attractive cyber target.
Lemon says that Australians’ knowing Ermakov’s name will not give them any safety from future ransomware attacks, and it would be good to know what role he actually played in the Medibank hack.
Phair, meanwhile, says that, while he doesn’t believe Ermakov is a “mastermind”, that should not diminish the significance of the Australian investigation. He says the attribution of cybercrimes is one of the hardest things to do, and it would “put sand in the gears,” of criminal operations.
“Members of serious and organised cybercrime groups, such as REvil, can be quite fluid, so I think it is very important to name them,” Phair says.
“Too many times we think such criminals are faceless ... It is obviously difficult to sanction those in safe havens abroad, so naming and exposing them is probably the best we can do, aside from technically disrupting their activities.”
Paul Smith edits the technology coverage and has been a leading writer on the sector for 20 years. He covers big tech, business use of tech, the fast-growing Australian tech industry and start-ups, telecommunications and national innovation policy. Connect with Paul on Twitter.Email Paul at psmith@afr.com