Immigration center
© TORSTEN BLACKWOOD / AFP
Villawood Immigration Detention Centre.
It started with the arrest of 36-year-old woman in Sydney on suspicion of laundering more than $480,000 gained by hacking multiple business emails; within a week, police had taken down a $3 million international crime syndicate.

"We can't establish at this stage who it's gone to or what it's being used [for]," Detective Superintendent Arthur Katsogiannis told reporters in Sydney on Friday, adding that an international investigation to track the money down was already under way.

After interrogating the woman for several hours, police launched multiple raids on several properties across the city, seizing a Land Rover, several computers, phones, SIM cards, stolen financial and personal identification documents as well as methamphetamine. Two additional suspects were taken into custody on suspicion of identity theft and money laundering among other charges.

Members of Strike Force Woolana had managed to locate the crew behind the spate of identity theft, romance scams and phishing email schemes, but had yet to zero in on the ringleader. However, evidence gathered soon led investigators somewhere they may never have considered: a high-security immigration detention center.

As of April last year, Villawood Detention Center held approximately 450 people from 60 countries but, having followed the laundered money as far as Nigeria before the digital trail of breadcrumbs disappeared, investigators knew exactly who to look for.

They carried out a search warrant at the facility and subsequently arrested the 43-year-old man responsible for coordinating the AUS $3mn (US $2.1mn) crime syndicate using a total of 16 cellular phones and 17 SIM cards.

The Australian government has tried unsuccessfully for years to remove phones from inside detention centres as they facilitate the entry of contraband, escape attempts, threats and now, it seems, multi-million dollar scams. In 2017 alone, up to AUS$22.1 million was lost to such business scams.

"While there are many variables, generally, the perpetrators will 'spoof' or compromise corporate executive or employee email accounts and send email requests to an accounts payable employee for an electronic funds transfer," Supt Katsogiannis said, as cited by ABC News Australia.

While the stolen money was traced to Nigeria, Katsogiannis admitted that recovery is "highly unlikely."