Section 313: Federal police used website blocking to tackle malware

The Australian Federal Police have primarily issued notices under Section 313 of the Telco Act to request Internet service providers block their customers' access to websites hosting child exploitation material. However, the AFP in at least one case issued Section 313 notices in an attempt to block the spread of malware, the organisation has revealed.

The use of Section 313(3) of the Telecommunications Act 1997 by government agencies is currently the subject of parliamentary scrutiny. An inquiry is examining how the section of the act is being used and whether additional safeguards or transparency measures are required.

In its submission (PDF) to the inquiry, which is scheduled to hold its first public hearing later this month, the AFP said in early 2014 it had issued "a number" of Section 313 notices "to prevent the distribution of peer-to-peer malicious software (malware) which was designed to steal personal banking and financial credentials from the platforms of Australian computer users".

"The AFP was aware that the domain supporting the malware was used for the exclusive purpose of distribution and updating the malware," the submission stated.

"The blocking by ISPs of this domain prevented the widespread distribution of this malware in Australia and the subsequent compromise of Australian’s financial details that potentially could have been used to undertake large scale fraud."

Computerworld Australia requested details on the particular strain of malware and the number of notices issued by the AFP to combat it.

"The AFP will not comment further on the specifics behind this Section 313 request as it would reveal operational methodology which would compromise its future use in protecting the Australian public," a spokesperson for the organisation said.

The most prominent example of a malware strain targeting bank credentials is Zeus. Earlier this year there was a multinational effort to dismantle the Gameover Zeuss botnet.

The AFP issued 23 Section 313 requests between June 2011 and August 2014, the organisation said. Most were in relation to Interpol's 'Worst of' list of sites hosting child exploitation material.

In its submission the organisation said it should be able to continue to self-authorise the issuing of website blocking requests.

"[T]he AFP recommends that section 313 should be available to law enforcement, government agencies and regulatory authorities which have statutory responsibility to address serious and organised crime and matters of national security," the submission states.

Telcos, telco industry bodies and consumer organisations have sought limits on the agencies that can issue Section 313 notices, as well as measures to increase oversight of the use of the notices.

Currently, under Section 313(3) of the Telco Act a carriage service provider must "give officers and authorities of the Commonwealth and of the States and Territories such help as is reasonably necessary" for "enforcing the criminal law and laws imposing pecuniary penalties", "assisting the enforcement of the criminal laws in force in a foreign country", "protecting the public revenue", and "safeguarding national security".

The breadth of the organisations currently able to use the power has been a source of concern, particularly after the Australian Securities and Investments Commission issued notices that caused some ISPs to block sites unrelated to those ASIC was trying to prevent access to.

The AFP said it supports "the development of whole of government policy objectives and information, which sets out a threshold for access to section 313 and the relevant serious offences".

"The AFP would welcome annual reporting on the number of blocking requests made under section 313 for the purposes of disrupting illegal online services through a central body," the submission states.

"However, [the AFP] considers releasing specific details publicly as to the nature of each individual request and to which ISP each request was made may have a substantial adverse effect on the proper and efficient operations of the AFP and may be contrary to the public interest."

Follow Rohan on Twitter: @rohan_p

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon