Category Archives: COUNTRIES

ASIO restructuring strategy and resources in the face of cyber threat

The country’s intelligence agency has aligned its resources to focus on the growing threat of cyber espionage targeting ‘a range’ of Australian interests.

In the wake of accusations from United States intelligence agencies that Russia hacked into Democratic Party emails, thus helping Donald Trump to election victory last year, a report from Australia’s intelligence agency said the country’s national security resources are focused on preventing foreign threat actors from “targeting a range of Australian interests”.

In its 2016-17 Annual Report [PDF], the Australian Security Intelligence Organisation (ASIO) explained that Australia continued to be a target of espionage and foreign interference, noting in particular that foreign intelligence services sought access to privileged and/or classified information on Australia’s alliances and partnerships; the country’s position on international diplomatic, economic, and military issues; as well as energy and mineral resources, and innovations in science and technology-related fields.

ASIO called the threat from espionage and foreign interference to Australian interests “extensive, unrelenting, and increasingly sophisticated”.

“Foreign intelligence services are targeting a range of Australian interests, including clandestine acquisition of intellectual property, science and technology, and commercially sensitive information,” the report explains.

“Foreign intelligence services are also using a wider range of techniques to obtain intelligence and clandestinely interfere in Australia’s affairs, notably including covert influence operations in addition to the tried and tested human-enabled collection, technical collection, and exploitation of the internet and information technology.”

During the reported period, ASIO said it identified foreign powers clandestinely seeking to shape the opinions of members of the Australian public, media organisations, and government officials, motivated by the appeal of “advancing their country’s own political objectives”.

As highlighted by ASIO, rapid technological change continued to provide people who are engaging in activities that threaten Australia’s security with new tools to conceal their activities from security and law enforcement agencies. In particular, ASIO said the use of encrypted communications by security intelligence targets was — and still is — an area of particular concern.

“Australia continues to be a target of espionage through cyber means; the cyber threat is persistent, sophisticated, and not limited by geography,” ASIO warned.

“Increasingly, foreign states have acquired, or are in the process of acquiring, cyber espionage capabilities designed to satisfy strategic, operational, and commercial intelligence requirements.”

Watching carefully the area of investment flows, ASIO said that while Australia’s open and transparent economy, which invites foreign investment, is a welcome and important contributor to Australia’s national wealth, it is not without national security risks.

“For example, foreign intelligence services are interested in accessing bulk data sets and privileged public or private sector information, including Australian intellectual property. Developing and implementing effective mitigation strategies for these issues is critical to reducing the threat to an acceptable level,” the report says.

Another emerging issue of potential national security concern to ASIO is the lack of diversity of ownership within certain infrastructure sectors.

The agency also said that the number of cybersecurity incidents either detected or reported within Australia represents a fraction of the total threat the country legitimately faces.

While technology provided security and law enforcement agencies with new opportunities to identify activities of security concern, ASIO said building and maintaining technical collection capabilities to stay ahead of the threats proved to be resource intensive.

“Transforming existing agency information and communications technology infrastructure to effectively exploit new capabilities, manage the large volume and variety of data available, and to be adapted easily to new technologies is a major challenge, and one that will require significant, ongoing investment,” the agency wrote.

“In addition to technological challenges in the operating environment, we faced heightened threats to our staff, facilities, and information.”

ASIO said such challenges required the diversion of resources to “ensure the security and effectiveness” of the agency’s operations.

Throughout the period, ASIO said it worked closely with Australia’s national security partner agencies, which included work to progress shared national security objectives through joint agency bodies such as the federal, state, and territory Joint Counter Terrorism Teams (JCTT), the National Threat Assessment Centre (NTAC), the Jihadist Network Mapping and Targeting Unit, and the Australian Cyber Security Centre (ACSC).

Similarly, work with international peers was maintained with over 350 partner agencies in 130 countries, ASIO explained.

The intelligence agency specifically worked with counter-terrorism prosecution in New South Wales, Victoria, and Queensland, providing assistance and evidence on telecommunications intercepts, physical surveillance, listening, and tracking devices.

“In 2016-17, we continued to work closely with telecommunications companies regarding the security risks associated with the use of certain companies in their supply chains and risks arising from foreign ownership arrangements,” the report says.

“We provided sensitive briefings to the Australian government and the telecommunications sector to outline the threat and, where possible, recommended appropriate mitigation measures.”

ASIO said that through its work with ACSC, it regularly observed cyber espionage activity targeting Australia.

“Foreign state-sponsored adversaries targeted the networks of the Australian government, industry, and individuals to gain access to information and progress other intelligence objectives,” the agency wrote.

“ASIO provided support to the ACSC’s investigations of these harmful activities as well as the centre’s work to remediate compromised systems. The number of countries pursuing cyber espionage programs is expected to increase … as technology evolves, there will be an increase in the sophistication and complexity of attacks.”

It isn’t just foreign threats on ASIO’s radar, with the agency noting it remained alert to, and investigated threats from, malicious insiders.

“Those trusted employees and contractors who deliberately breach their duty to maintain the security of privileged information,” ASIO explained. “These investigations continued to be complex, resource-intensive, and highly sensitive.”

In-house, ASIO said it also worked to build an enterprise technology program to enable the agency to “excel in using technology and data” to achieve its purpose.

“Given the increasing opportunities and challenges brought about by rapid advances in technology, it is imperative that ASIO is a ‘data-enabled organisation’, connected to its partners, accountable to the people, innovative in its approach, and sustainable for the long term,” the report says.

From July 2018, Australia’s new Home Affairs ministry will be responsible for ASIO, Australian Federal Police, Border Force, Australian Criminal Intelligence Commission, Austrac, and the office of transport security. It will see Attorney-General George Brandis hand over some national security responsibility to Minister for Immigration and Border Protection Peter Dutton.

Of the ministerial changes and the recommendations of the 2017 Independent Intelligence Review, ASIO Director-General of Security Duncan Lewis said he believes the new measures will play an important role in strengthening the agency’s strategic direction, effectiveness, and coordination of Australia’s national security and intelligence efforts, at a time when “the nation is facing complex, long-term threats” to its security.

Henry Sapiecha

Data stolen in Australian defence contractor hack

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack

Around 30 gigabytes of ITAR-restricted aerospace and commercial data was exfiltrated by an unknown malicious actor during the months-long ‘Alf’s Mystery Happy Fun Time’ attack.

In November 2016, the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.

Restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and “a few Australian naval vessels” was among the sensitive data stolen from a small Australian defence contractor in 2016.

The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the US system designed to control the export of defence- and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case.

One document was a wireframe diagram of “one of the navy’s new ships”. A viewer could “zoom in down to the captain’s chair and see that it’s, you know, 1 metre away from nav chair”, Clarke said.

The data theft was first reported on Tuesday as part of the 2017 Threat Report from the Australian Cyber Security Centre (ACSC). Little information was given at the time. The victim was described as a “small Australian company with contracting links to national security projects”. The attacker had “sustained access to the network for an extended period of time” and had stolen a “significant amount of data”.

Clarke provided significantly more detail in his presentation to the national conference of the Australian Information Security Association (AISA) in Sydney on Wednesday.

ASD named this advanced persistent threat (APT) actor “APT ALF”, after a character in the long-running Australian TV soap opera Home and Away.

The attacker had in fact been in the network since at least mid July 2016, with data exfiltration starting around two weeks later. ASD refers to the three months between the attacker gaining access, and the ASD becoming aware of it, as “Alf’s Mystery Happy Fun Time”.

The attacker would have had little trouble gaining access.

The victim’s network was small. One person managed all IT-related functions, and they’d only been in the role for nine months. High staff turnover was typical.

There was no protective DMZ network, no regular patching regime, and a common Local Administrator account password on all servers. Hosts had many internet-facing services.

Access was initially gained by exploiting a 12-month-old vulnerability in the company’s IT Helpdesk Portal, which was mounting the company’s file server using the Domain Administrator account. Lateral movement using those same credentials eventually gave the attacker access to the domain controller and the remote desktop server, and to email and other sensitive information.

“This isn’t uncommon,” Clarke said. “Only about 12 months old, if you look at government, that’s not that out of date, unfortunately.”

The attacker needn’t have bothered with that, however. The ASD’s investigation found that internet-facing services still had their default passwords, admin::admin and guest::guest.

An important aspect of this incident is that a small company, with resources that were clearly inadequate given the sensitivity of the data they held, still managed to obtain and hold ITAR certification.

According to Clarke, an application for ITAR certification is usually only “two or three pages”, and asks only basic questions about organisations’ security posture.

“One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required,” Clarke said.

“That’s not for my team to answer, but that’s going to be an outcome of this sort of thing.”

Clarke emphasised the importance of following best practices to secure networks, including the ASD’s Essential Eight strategies to mitigate cybersecurity incidents.

USA Air Force’s Mini Crypto Chip Keeps Data Out Of Enemy Hands

When Airmen are active in the field, securing a line of communication is essential to keep sensitive intelligence away from enemy forces. To help navigate this digital world, the U.S. Air Force has created the new Mini Crypto chip to fortify communications and data between military systems.

“We think (Mini Crypto chip) will really help forward-deployed warfighters secure sensors, or communications devices, in areas where risk of interception is high, and still protect sensitive data, without burdening folks on the front lines with extra equipment or steps to safeguard the encryption device,” says Heidi Beason, the Mini Crypto program manager at the Air Force Life Cycle Management Center, Cryptologic and Cyber System Division, Joint Base-San Antonio, Texas.

At its core, the chip is an independent encryption engine that is small, lightweight, and creates its own session-based “key.” It has a power requirement of 400 milliwatts, “meaning it can be installed on equipment carried by one-person parties operating as scouts and forward air controllers.”

Once a session key is established between the sender and receiver, the key is used to read messages after the encryption process. The key management system boosts data protection and ticks off the National Security Agency check list, which is the highest standards for encryption.

“Communications devices all have a processor, where a message is formatted for transmission,” says Mini Crypto Deputy Program Manager Christopher Edsall.

“In the case of a computer, it’s the (central processing unit). Mini Crypto is located after the processing center, but before the transmission center, which is usually a radio. Another Mini Crypto chip is installed at the receiver end, after the receiving antennae, but before the CPU. The second Mini Crypto chip decrypts the received message as it comes through the radio where the unencrypted message is processed, and then it is displayed or heard,” Edsall adds.

The chip’s encryption creates a resource-intensive decryption process, according to Edsall. If the enemy does manage to make the data readable, the amount of time taken forfeits the information’s usefulness.

According to Beason, two years of program development led to the Mini Crypto chip design we see today. After a quick turnaround of concept, development, and testing, the device is now ready for production.

This is how much access Australian police already have to your data

The Australian government now wants further powers to access encrypted communications, but does it need them?

Police and intelligence agencies already have significant abilities to access data about our emails, phone calls and text messages if we’re suspected of committing a crime, although it can be difficult to tell exactly what they’re doing with them.

The government argues existing interception capabilities are inadequate to protect national security. According to Attorney-General George Brandis, backdoor access to encrypted communications would redress the “degradation of our intelligence capability” to prevent terrorism.

Many Australians are unaware of current police and intelligence powers when it comes to accessing our data. As the government lobbies for new levels of access, that needs to change.

‘Backdoor’ access

The government’s proposal to compel technology companies to provide access to encrypted messaging services is modelled on laws passed by other members of the Five Eyes surveillance alliance, of which Australia is a member.

Deputy US Attorney-General Rod Rosenstein recently announced the Department of Justice intends to demand interception of encrypted communications. New Zealand already requires technology companies to grant access. In the UK, authorities may force decryption where it is technologically feasible.

As with our allies, it is unclear if Australia’s laws will require so-called “backdoor” vulnerabilities to be built into messaging applications like Facebook Messenger or WhatsApp.

They could compel access via decryption keys or they might enable remote access to devices for interception of communications “at the ends”.

In response, cryptographers argue it is not mathematically possible to access end-to-end encrypted messages via interception without undermining online privacy for everyone.

The current state of telecommunications surveillance

The government already has various powers to access metadata, the contents of digital conversations and computer networks.

The Attorney-General’s Department recently released its annual report on telecommunications surveillance.

Thanks to the Telecommunications (Interception and Access) Act (TIA Act), law enforcement and other agencies can access stored communications with a warrant. This can include “email, SMS or voice messages stored on a carrier’s network”. In other words, the contents of any communication not encoded via encryption.

Agencies may also apply for “preservation notices” to compel telecommunications companies to preserve data.

During the 2015-16 financial year, there were 712 warrants issued for access to stored communications. Data is not available about the types of offences these warrants were used for. It is also not clear how the telecommunications information was used in investigations.

Applications for stored communications warrants (issued)

Agency 2014-2015 2015-2016
ACC 4 2
ACCC 4
AFP 94 80
ASIC 1
CCC (QLD) 3
CCC (WA) 5
DIBP 10 1
NSW CC 3 4
NSW Police 290 345
NT Police 16 11
PIC 7 16
QLD Police 123 132
SA Police 38 19
TAS Police 29 17
VIC Police 40 41
WA Police 38 35
Total 696 712

Source: Telecommunications (Interception and Access) Act 1979 Annual Report 2015–16

The issue of metadata retention

A controversial 2015 amendment to the TIA Act requires telecommunication service providers to retain metadata for two years.

This allows authorised law enforcement agencies warrantless access to information about digital communications such as the recipient or time sent, but not their content.

However, some agencies that aren’t meant to be able to access metadata are still making requests under different legal regimes, according to the Communications Alliance, and there have already been reported breaches where an Australian Federal Police officer accessed a journalist’s metadata without an appropriate warrant.

The 2015-16 financial year was a grace period for service providers to comply with retention requirements. During this time, there were 332,639 authorisations by criminal law-enforcement agencies.

Authorisations occurred most for drugs or homicide investigations. It’s possible this may indicate police are relying on ready access to metadata rather than pursuing traditional investigatory methods.

Telstra launches Sydney cybersecurity centre Australia

Telstra now has security operations centres live in Sydney, Melbourne, and Canberra, and is also launching its learning initiative to help businesses educate staff members on cybersecurity.

Telstra’s Sydney SOC

(Image: Corinne Reichert/ZDNet)

Telstra has launched its Sydney-based cybersecurity centre, with the telecommunications provider also announcing a new “secure internet initiative”.

With the latest security operations centre (SOC) officially open for customers from Thursday, Telstra now has centres live in Sydney, Melbourne, and Canberra ahead of launching more across the globe, Telstra CEO Andy Penn told ZDNet.

“There will be more [centres] in the next year or two,” the chief executive told ZDNet during the Sydney SOC launch on Thursday afternoon.

“The thing to bear in mind, though, is that they’re virtual; this centre is virtually connected to the centre in Melbourne, and every future centre that we’ll have will be virtually connected as well, plus they’ll have 24/7 capabilities.

“So in that sense, these centres once established have the capacity to service thousands of customers and as our business grows — particularly internationally with our submarine cable network where we have about 400,000 kilometres of submarine cable network where we’re doing all the data transmission services for international customers — we’ll build out more centres as that demand requires, but we certainly have plans for a small number of extra centres internationally.”

According to Penn, Telstra’s position as Australia’s largest telecommunications service provider gives it the responsibility and obligation of delivering services that will protect its customers domestically and globally.

“Today, we’re announcing a new initiative that will add significantly to our existing capabilities … it is the creation of a new network of security operations centres,” he said.

“These centres support our global network of more than 500 cybersecurity experts, and will uniquely position Telstra to better monitor, detect, and respond to security incidents for all of our customers. The security operations centres will provide enterprise customers with access to our world-class security teams and increase visibility and insight for managing their business cyber risk.”

Telstra built the security centres to an Australian Security and Intelligence Organisation (ASIO) T4 standard, with all cables colour coded and physically separated according to what level of intelligence is carried across them, and the centre’s entry guarded by a time-sensitive airlock equipped with biometric security including facial recognition, gait recognition, and a retina scanner that can read from up to 10 metres away.

Under the T4 security standard, audio and video cannot be recorded inside the SOCs, and all mobile devices are required to be locked away prior to entering the centre.

The Sydney centre took seven months to build, with Telstra saying it took “an agile approach to both software and facilities”. In this regard, Telstra used open-source project Apache Metron, around which it built managed services applications and capabilities in order to remove the cost of developing commercial software, which it said meant more money spent on analysts.

Telstra’s SOC management platform is run on Microsoft Azure, with the centres also utilising the capabilities of software development company Readify and advanced security analytics technology Cognevo, both of which were acquired by Telstra last year.

“The future of security is machine intelligence coupled with human expertise,” Penn said.

“With the volumes of data we are seeing today driven by technology innovation, it is impossible to see the patterns and trends without machine learning. These new centres and our dynamic security offerings give us exactly this capability.”

Available 24/7, the Sydney and Melbourne centres “have the ability to aggregate data in a central point where it can be analysed for hostile intent”, Penn explained. The two SOCs are identical, with each housing 14 analysts at all times to support thousands of customers.

If one centre has an outage, services can be immediately switched over to the other, Telstra said.

While Penn would not disclose how much the centre is worth, he said it is “a fair bit bigger” than Optus’ AU$7 million centre unveiled last year.

Telstra additionally announced the establishment of a learning and development program to increase knowledge of cybersafety within organisations.

“Cybersecurity is a team sport,” Penn said, adding that Telstra fully supports the federal government’s cybersecurity strategy.

“The security operations centres and the secure internet initiatives reinforce Telstra’s commitment to working with the government and industry to create a cybersecure Australia.”

Minister Assisting the Prime Minister for Cyber Security Dan Tehan welcomed the arrival of Telstra’s new SOC, saying it demonstrates that as a telco provider, Telstra is “incredibly well placed” for dealing with cybersecurity.

“Cyber risk is there and it’s growing — we’re seeing cyber espionage, we’re seeing cybercrime, and we’re seeing hacktivism,” Tehan said during the SOC launch in Sydney, adding that there needs to be a “whole-of-community approach” to dealing with it.

Tehan and Penn

Tehan said the Australian cybersecurity centre’s unclassified-level stage one is “nearly ready” to be online, with the entire centre aiming to be fully operational next year.

The federal government has been moving towards a greater focus on cybersecurity, with Prime Minister Malcolm Turnbull initially pledging AU$30 million through to 2019-20 in December 2015 as part of the government’s AU$1.1 billion National  Science and Innovation Agenda to establish the Cyber Security Growth Centre.

The government announced in November that it would be launching the AU$4.5 million Academic Centres of Cyber Security Excellence with the aim of improving Australia’s cybersecurity through education and research, with Turnbull and Tehan receiving cyber defence education at the Australian Signals Directorate.

The government in February also pledged AU$1.9 million to universities delivering specialised cybersecurity training in a bid to combat the skills shortage in cyber-related fields.

During the 2017 Federal Budget, the government further pledged AU$10.7 million over four years to establish the Cyber Security Advisory Office (CSAO) to work with government agencies to manage cyber and digital risks and vulnerabilities to “provide strengthened central governance and assurance for cybersecurity and broader project vulnerability across government”.

Having launched its own managed security services earlier this year, Penn last week told ZDNet during Telstra’s FY17 financial results call that Telstra has “deep” skills in cyber.

“We’ve got deep, deep, deep skills in cyber because of our own need to protect our networks, but also we provide a very significant dynamic service for our enterprise customers, and this is really a significant investment in really building that service for our enterprise customers,” Penn told ZDNet.

The chief executive also told ZDNet that Telstra will likely upgrade its existing SOC in Canberra.

Henry Sapiecha

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.

Telstra launching cybersecurity centres internationally

Telstra is utilising its ‘deep, deep skills in cyber’ by launching security operations centres in Sydney, Melbourne, and across the globe, as well as likely upgrading its existing facility in Canberra.

Telstra will be opening cybersecurity centres internationally following the launch of its security operations centres (SOCs) in Sydney and Melbourne over the next few weeks, CEO Andy Penn has announced.

Speaking during Telstra’s FY17 financial results call, Penn said Australia’s incumbent telecommunications provider is currently looking at locations for international SOCs, but would not disclose the sites.

However, he added that the two new Australian centres will be launching “very soon … in the coming weeks”.

“There’s no doubt that large enterprises and even smaller enterprises today are becoming increasingly concerned by cybersecurity risks that they face,” Penn told ZDNet.

“There’s virtually no technology innovation that’s happening today that isn’t intended to be connected. That means it’s across a network, and what’s critical is those innovations and that technology is protected from a cyber perspective.

“We’ve got deep, deep, deep skills in cyber because of our own need to protect our networks, but also we provide a very significant dynamic service for our enterprise customers, and this is really a significant investment in really building that service for our enterprise customers.”

Penn told ZDNet that Telstra will also likely upgrade its existing SOC in Canberra.

“We have a dynamic product offering which is integrated with some of the best data analytics globally and the best access to data globally, so that’s actually the fundamental offering, and then the security operations themselves actually enable ourselves on behalf of our customers, or our customers, to monitor 24/7 effectively the cyber activity on their networks,” Penn told ZDNet.

“You need the data analytics and you need the artificial intelligence and the machine learning capabilities to process what’s actually happening deeply at the network level, and you need the sensors deep within the network, and that’s the dynamic security offering that is already launched. We’ve already got customers on that who are very pleased with that offering, and then we’re supporting that with the security operations centres.”

Penn said Telstra has the “smartest” network in Australia, with the telco currently also upgrading its fibre-optic network to allow for terabit capacity.

“We have commenced the rollout of our next-gen optical fibre and transmission network; Tasmania was the first state to benefit from this upgrade,” the chief executive said.

“This will increase Telstra’s network capacity to 1 terabit per second, and has already done so on each of Telstra’s two subsea cables running across the Bass Strait. We’re already rolling this out to the rest of the country, and there is future potential to increase the capacity to 100 terabits per second.”

In addition, Penn spruiked the company’s Cat-M1 Internet of Things (IoT) network, built in conjunction with Ericsson and switched on earlier this month on the 4GX network.

“Cat-M1 will give us the platform for the significant growth we expect to see in IoT,” Penn said.

Telstra currently has more than 8,600 mobile towers, 5,000 telephone exchanges, 200,000 switches and routers, 240,000km of optical fibre cable, and 400,000km of submarine cable.

Telstra TV 2

Penn also announced the launch of the Telstra TV 2, saying that Telstra remains “committed to Foxtel” despite its dropping revenue and is in discussions with co-owner News Corp on how best to structure and arrange Foxtel in future.

“We’re about to dial it up again,” Penn said, detailing that the Telstra TV 2 will include all streaming and catch-up TV services along with a linked mobile app, making it “a real Australian first”.

“Access to the best content is critically important to us as demand for media continues to grow. At the same time, the media market is changing with new participants and increased competition,” Telstra added.

Telstra’s media revenue grew by 8.2 percent to AU$935 million thanks to uptake of both the Telstra TV and “Foxtel from Telstra”. Foxtel from Telstra made AU$777 million in revenue, growing by 8.1 percent due to 57,000 additional subscribers, and there are now 827,000 Telstra TV devices in the market.

Underpinning Telstra’s SOCs is its suite of managed security services announced in March and launched in July, Penn said, in addition to the company’s 500 “cybersecurity experts”.

The Telstra TV originally launched in October 2015.

Around AU$200m later, data retention mostly used for chasing drugs, not terror

The Attorney-General’s Department has exposed a report outlining the opening months of Australia’s data retention scheme.

Australia’s telecommunications companies have been left with a funding hole of over AU$70 million to cover the capital costs of Australia’s data retention scheme, according to the Telecommunications Interception And Access Act 1979 Annual Report 2015-16 [PDF], while data authorisations for terrorism ranked below those for illicit drug offences.

www.policesearch.net

Despite handing out AU$128 million in grants last year, the report, released on Monday, states that the capital cost to industry will total AU$198 million by the end of the 2016-17 financial year.

“Information collected from industry through the Data Retention Industry Grants Programme indicates that the estimated capital cost of implementing data retention obligations over the period between 30 October 2014 and 13 April 2017 is AU$198,527,354,” the report said.

“[Costs] relate to the anticipated direct upfront capital costs and not the recurring or indirect costs associated with compliance.”

In 2015, Attorney-General George Brandis said he expected the average ongoing cost for telcos to run their data retention system would be around AU$4 per month.

The report said the Attorney-General’s Department (AGD) received 210 applications for funding, of which 10 were withdrawn, and 180 telecommunications providers were found to be eligible for funding. Of that 180, “most” were awarded a grant to cover 80 percent of their costs.

It was also detailed that during the implementation period for the data retention scheme, AGD received 402 data retention implementation plans from 310 providers.

Under Australia’s data retention laws, passed by both major parties in March 2015, telecommunications carriers must store customer call records, location information, IP addresses, billing information, and other data for two years, accessible without a warrant by law-enforcement agencies.

Over the period from October 13, 2015 to June 30, 2016, the report said the offence for which the highest number of authorisations to telco data was made was illicit drug offences, with 57,166. This was followed in ranking by miscellaneous, homicide, robbery, fraud, theft, and abduction.

Terrorism offences ranked below property damage and cybercrime, with 4,454 authorisations made.

As part of the data retention laws, the spirit of the legislation was to restrict access to stored metadata to a list of approved enforcement agencies, with those agencies not on the list theoretically having access removed on October 12, 2015.

Overall, the report said 63 enforcement agencies made 333,980 authorisations for retained data, of which 326,373 related to criminal law.

“In 2015-16, law enforcement agencies made 366 arrests, conducted 485 proceedings, and obtained 195 convictions based on evidence obtained under stored communications warrants,” the report said.

During 2015-16, 3,857 telecommunication interception warrants were issued, with interception data used in 3,019 arrests, 3,726 prosecutions, and 1,812 convictions. Total cost for interception warrants was AU$70.3 million, at an average cost of AU$619,200 per warrant.

Australia Post accounted for 64 authorisations between June 30 and October 12, 2015, compared to none the year before; and the Victorian Department of Economic Development, Jobs, Transport and Resources made 173 authorisations in 3.5 months compared to 226 the entire financial year prior.

It was also noted that on six occasions, warrants were exercised by people not authorised to; in three instances, the Ombudsman could not determine whether stored communications related to the person named on a warrant; and in one instance, it could not determine who had received stored communications from a carrier.

It was also revealed that during the 2015-16 year, the Western Australia Police had received a pair of journalist warrants, which saw 33 authorisations of data made.

“These authorisations were for the purpose of enforcing the criminal law,” the report said.

In April, the Australian Federal Police (AFP) revealed that it had “mistakenly” accessed a journalist’s call records without a warrant in breach of the data retention legislation.

It was subsequently learned that AGD had advised government departments to skirt metadata laws and rely on coercive powers.

In May, the Commonwealth Ombudsman found the AFP to be handling metadata in a compliant manner, but noted a number of exceptions.

“We identified two instances where a stored communications warrant had been applied for and subsequently issued in respect of multiple persons, which is not provided for under the Act,” the report said.

In response, the AFP said its warrant templates were not clear enough.

www.druglinks.info

Henry Sapiecha

WannaCry researcher denies in court about creating banking malware

The security researcher rose to fame for curbing the spread of the WannaCry ransomware recently

A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware.

Marcus Hutchins, 22, said he was not guilty during a hearing at a Las Vegas court after he was arrested and detained earlier this week.

The news was confirmed by his attorney Adrian Lobo, speaking on Facebook Live to local reporter Christy Wilcox, at the court house.

Hutchins was granted bail on a bond of $30,000 during a hearing at a Las Vegas court.

But he will “not be released today lawyers says could not get bail in time,” according to Wilcox in a tweet.

He will not be allowed access to devices with an internet connection, said Wilcox, and he will be tagged to be monitored at all times.

Hutchins, also known as @MalwareTechBlog, stormed to fame earlier this year after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware in May.

By registering a domain found in the code, he stopped the spread of the malware.

The Justice Department announced Thursday that it was charging Hutchins with malicious activity, unrelated to the WannaCry cyberattack.

The security researcher, a British native, was arrested shortly before boarding a flight home. He had been attending the Def Con security conference late last month. He was briefly detained in a federal detention facility in Nevada, then later questioned by the FBI at its field office in Las Vegas.

Hutchins was later indicted, along with an unnamed defendant, on six charges relating to allegations that he created the Kronos malware, a trojan that can steal banking usernames and passwords from victims’ computers.

He was also charged with five other counts, including wiretapping — thought to relate to the interception of passwords; and violating the controversial Computer Fraud and Abuse Act, which serve as the basis of US hacking laws.

Hutchins will appear at a court in Wisconsin, where the case was filed, on August 8.

Developing… more soon. www.crimefiles.net

Henry Sapiecha

Report states Australians do not trust Telcos keeping their data safe & private

A report from Essential Research has emphasised that Australians do not trust telcos and ISPs storing their data, even though trust is rising for governments, law enforcement, and other businesses.

Australians are losing trust in telecommunications and internet service providers’ (ISPs) ability to store their data safely and securely, with a report from Essential Research highlighting only 4 percent of respondents have “a lot of trust” in the industry.

29 percent of the 1,020 respondents surveyed for the report [PDF] said they have some sort of trust in telcos and ISPs, a 3 percent drop from the previous year’s results.

Security agencies such as the Australian Federal Police (AFP), local police, and ASIO were found to be trusted by 64 percent of respondents, an increase from the 49 percent that said they trusted security agencies to store personal data safely and in a way that would prevent abuse in 2015.

Governments were found to be trusted 3 percent more than they were a year prior, with 43 percent having faith in those elected into office to protect their personal information.

It was revealed last week that Medicare card information was up for sale on the dark web, with the federal government responding swiftly to the claims with a statement that said reports are being taken seriously. The system used to access Medicare card details is now undergoing a review.

However, a remark was made by Minister for Human Services Alan Tudge that downplayed the seriousness of the issue, with Tudge commenting that the only information available was a Medicare card number and the information available was not sufficient to access any personal health record.

The federal government accidentally published the full names, nationalities, locations, arrival dates, and boat arrival information of nearly 10,000 asylum seekers housed both on the Australian mainland and Christmas Island in February 2014.

KPMG said human error and a push to get immigration data up on deadline resulted in the details being published on the Department of Immigration and Border Protection’s website by mistake.

Last month, the Queensland Crime and Corruption Commission (CCC) alleged that two male police officers accessed the state’s criminal records database on a handful of unauthorised occasions.

According to the CCC, a 60-year-old former sergeant undertook checks on the Queensland Police Records and Information Management Exchange (Qprime) for personal purposes. The 31-year-old serving sergeant was accused of accessing Qprime on 10 occasions.

A 43-year-old serving detective senior constable from State Crime Command was similarly charged in March, and another was fined in May for 80 instances of unauthorised Qprime access.

A report from the Office of the Australian Information Commissioner (OAIC) in May revealed that only 53 percent of people it surveyed were able to nominate an organisation to report the misuse of their information to.

The OAIC said that when asked, only 47 percent admitted awareness of a Privacy Commissioner — either federal or state level — but a mere 7 percent said they would report misuse of information to a Privacy Commissioner. Rather, 12 percent would prefer to report such acts to the police, and 9 percent would rather directly contact the organisation involved.

The survey found that Australians have awarded the highest level of trust to health service providers, followed by financial institutions, and then both state and federal government departments.

Of the 1,800 Australians surveyed, 16 percent said they would avoid dealing with a government agency because of privacy concerns, while 58 percent would avoid dealing with a private company for the same reasons.

Another question asked by Essential Media was whether the individual surveyed had fallen victim to a handful of cyber-related crimes.

33 percent said they had a computer virus that damaged their computer or data; 22 percent admitted to having their credit card information stolen; 14 percent had been the victim of online fraud; cyber bullying was experienced by 10 percent of respondents; online stalking, invasion of privacy, or high levels of harassment was reported by 9 percent; and 6 percent claim to have had their identity stolen.

50 percent — 510 individuals — said they had not fallen victim to any of the cyber-related crimes.

A computer virus was reported by more males than females, while cyber bullying was experienced by more females than males, with those aged 18 to 34 the most susceptible to be at the receiving end of the anti-social behaviour. Similarly, online stalking was experienced more by females, with those aged 18-34 again the most targeted.

ooo

Henry Sapiecha