Skip to navigationSkip to contentSkip to footerHelp using this website - Accessibility statement
Advertisement

Hacked Sydney hedge fund part of $170m cyber crime spree

Subscribe to gift this article

Gift 5 articles to anyone you choose each month when you subscribe.

Subscribe now

Already a subscriber?

The $8.7 million cyber hit on Sydney hedge fund Levitas Capital was one of almost 2000 similar hacks over the past five months, according to federal government figures that show a doubling in this style of attack.

The spike in cyber crime has prompted the Australian Federal Police to establish "Operation Dolos" and team up with law-enforcement agencies in Europe, the UK and US to combat what is known as "Business Email Compromise".

The AFP declined to say who it believed was responsible for the surge in attacks, but cyber experts said a trail of digital crumbs led back to Chinese hackers and Middle Eastern crime gangs, who were increasingly targeting the Australian funds management industry.

Michael Fagan, right, and Michael Brookes were forced to close hedge fund Levitas Capital after a cyber attack in September. Rhett Wyman

Commander Chris Goldsmid, who heads the AFP's cyber crime unit, said $174 million had been stolen from Australian businesses since July last year through these email scams.

This comprised of 2200 successful attacks in the year to June 30 and almost 2000 attacks since that time, according to figures compiled by government agency ReportCyber.

Advertisement

"This is a priority area for the AFP, as we see it as a growing threat to Australia," Commander Goldsmid told The Australian Financial Review.

"Criminals are clearly using email to exploit trusted relationships in business processes."

The establishment of the AFP taskforce comes as The Australian Financial Review reported on Monday how a fake Zoom invitation was used to compromise the email system of Levitas Capital.

This allowed the hackers to send three fake invoices worth $8.7 million from the email account of Levitas co-founder Michael Fagan to the funds' trustee and administrator. These were mistakenly approved after further email contact by the hackers with the trustee and administrator.

Fake invoices

"The attacks involve low technical sophistication but high levels of social-engineering skills," said Robert Potter, a cyber security expert and the co-founder of the firm Internet2.0.

Advertisement

"They are really good at impersonating people within a business via email."

Mr Potter said the techniques used in the Levitas attack were similar to those his firm had observed from others who have targeted small to mid-sized financial firms in Australia.

In the case of Levitas, the hackers assured the fund's trustee and administrator via email that the fake invoices should be paid and that there was no need for the usual confirmation via phone.

Mr Potter said the money from these attacks usually moved through local bank accounts, often in western Sydney, before being sent offshore. The bank accounts were typically linked to locally registered companies, while the size of the transactions gradually increased over time.

"We’ve seen infrastructure in the Middle East and China supporting this campaign," he said.

Advertisement

Levitas Capital, which had $75 million under management before the attack, was forced to close after its biggest client, Australian Catholic Super, withdrew its funds following the breach.

Mr Fagan from Levitas noticed money was missing from the firm's Commonwealth Bank account on September 23, a day after $2.5 million was sent to the Bank of China in Hong Kong and $5 million to United Overseas Bank in Singapore.

The firm was able to claw back this money, but an earlier transfer of $1.2 million to an ANZ account in Sydney's Blacktown had already been processed.

So-called "money mules" were then able to withdraw around $800,000 from the ANZ account before leaving the country.

Angus Grigg is an investigative reporter based in Sydney. He has worked as a foreign correpondent in China and Indonesia, and has won two Walkley Awards. Connect with Angus on Twitter. Email Angus at agrigg@afr.com
Jemima Whyte writes on business, specialising in companies, capital markets and innovation. Jemima has reported on business for The Australian Financial Review for more than 13 years. Email Jemima at jemima.whyte@afr.com

Subscribe to gift this article

Gift 5 articles to anyone you choose each month when you subscribe.

Subscribe now

Already a subscriber?

Read More

Latest In Financial services

Fetching latest articles

Most Viewed In Companies