[LINK] itN: APF Blocking of Malware

Roger Clarke Roger.Clarke at xamax.com.au
Wed Oct 22 16:59:09 AEDT 2014


[The notion of 'blocking' particular forms of traffic is in principle entirely tenable, but it creates risks, which need to be managed.

[Where is the risk assessment to accompany uses of TA s.313?

[Where are the checks on abuse of the power?  (Transparency, justification, proportionality, independent authority for the action, etc.).

[Where is the demonstration that the collateral damage is understood, manageable, and managed?

[And ASIC isn't the only agency that lacks competence in such matters.


AFP blocked websites to stop malware spread
Allie Coyne

Oct 22, 2014 12:03 PM (4 hours ago)
http://www.itnews.com.au/News/397044,afp-blocked-websites-to-stop-malware-spread.aspx

Updated: Section 313 notices issued to target banking malware.

The Australian Federal Police used controversial website blocking powers to block the spread of malware targeting banking credentials earlier this year, the agency admitted today.
The use of the section 313 notices under the Telecommunications Act is currently being investigated by a parliamentary committee to determine whether agencies such as the AFP are using the powers appropriately to disrupt illegal online activities.
Agency use of the provision - which has been in place for almost 15 years but was not used until recently - has been criticised after the Australian Securities and Investments Commission last year admitted it inadvertently blocked 250,000 websites in an effort to block just 1200 while using the section.
ASIC later admitted that the team which requested the block had not known one IP address could host multiple websites.
The AFP predominantly uses the legislation to block websites hosting child abuse material, but the federal police force today revealed in a submission to the inquiry that it had used section 313 in an effort to block the spread of malware earlier this year.
It issued a number of section 313 notices to "prevent the distribution of peer-to-peer malicious software (malware) which was designed to steal personal banking and financial credentials from the platforms of Australian computer users," the agency stated in its submission.
"The AFP was aware that the domain supporting the malware was used for the exclusive purpose of distribution and updating the malware.
"The blocking by ISPs of this domain prevented the widespread distribution of this malware in Australia and the subsequent compromise of Australian's financial details that potentially could have been used to undertake large scale fraud."
It did not detail the strain of malware being targeted under the block. The agency has been approached for comment.
The AFP also lobbied for the continued ability to self-authorise the website blocking requests, and argued that the notices should be available to any law enforcement, regulatory or government agency involved with matters of national security and serious crime.
Industry representatives have asked for limits on the number of agencies able to use the legal provision, and have called for increased oversight on their use - including publishing the amount of section 313 notices issued annually.
The AFP said it welcomed annual reporting on the number of section 313 blocking requests, but warned providing specific details as to the nature of each request and the ISP to which it was made could have a "substantial adverse effect on the proper and efficient operations of the AFP and may be contrary to the public interest."
Update 4:33pm: The AFP said in a statement to iTnews it could not comment on the specific malware being targeted as that would "reveal operational methodology which would compromise its future use in protecting the Australian public".

-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list