A Sydney based IT contractor who had allegedly published a stockpile of stolen personal data on the dark web had utilized the VPNs and onion routers and fake identity. He had set the fake accounts in the names of his colleagues for covering up his tracks, mentions the prosecutors.
The accused had been identified as Stephen Bruce Grant, aged 49 years belonging from Rozelle. He had been alleged of publicly posting the stolen personal data of more than 270,000 people that Australia’s largest independent property valuation firm named Landmark White held on the dark web. The accused had allegedly accessed the risk rating tables of the ASX listed company from September 2017. They had posted personal information such as names, phone numbers, addresses and financial information on multiple internet sites till May 2019.
Nick Borosh, the Crown prosecutor, had informed the court that the investigators could directly link the accused pleading not guilty to 22 offences to various uploads in spite of putting much effort to hide the crimes like using fake Identity and VPNs.
In one of the instances, the investigators could trace an upload of the personal data connected to the Sydney airport’s free Wi-Fi service. They could also identify the laptop that had posted the accused’s documents when he was flying to Melbourne from Sydney that day. Along with this, the uploads that had been made after a couple of days when the accused was still in Melbourne could be traced to the Novotel Hotel, where he stayed.
The accused had also made other uploads from all over the world including, Luxemburg, Czech Republic and Johannesburg in South Africa. Nevertheless, the Crown prosecutors had alleged that the accused had been making the uploads via the onion routers. The onion routers had bounced a signal via multiple servers to hide the natural source of the connection.
Another set of documents had been uploaded via a VPN or the Virtual Private Network service that performs the same functionality as an onion router. The accused had subscribed to the VPN service and paid a subscription fee. More discoveries by the investigators also points to the accused, says Mr. Borosh.
The accounts had been set up under the fake identity for making the uploads included the reference to the names of his colleagues and their nicknames. Another time, the accused had made a post from the IP address with an internet connection named “fingerprint” that belonged to the accused’s business. The investigators had also examined a server that the accused’s company had owned and discovered references to some of the breached documents’ file names.
Mr. Borosh says that the accused’s offending had been focused on causing a financial loss to Landmark White or deceptively gaining a profit for himself. Landmark White had been forced to cease stock market trading temporarily, eventually lost clients and had to lay off staff owing to the data breach.
Both the parties had agreed that someone had committed the offence with a fake identity. Mr. Borosh stated that the jury needs to be convinced beyond any reasonable doubt that the users could also upload the documents to the websites and the accused was the user to do this. However, the trial continues in the District Court.
Disclaimer: Read the complete disclaimer here.