|
House of Representatives Standing Committee on Communications
Footnotes
Chapter 1 Introduction
[1]
Cyber Space Policy Review: Assuring a Trusted and Resilient
Information and Communications Infrastructure, White House, 29 May 2009.
[2] Cyber
Security Strategy of the United Kingdom: safety, security and resilience in
cyber space, Cabinet Office (UK), June 2009.
[3] Cyber
Security Strategy, Australian Government, 2009.
[4] Parliamentary
Joint Committee on the Australian Crime Commission, Cybercrime, The
Parliament of the Commonwealth of Australia, March 2004.
[5] Drug
and Crime Prevention Committee, Final Report of the Inquiry into Fraud and
Electronic Commerce, Parliament of Victoria, January 2004.
[6] Science
and Technology Committee, Personal Internet Security, Volume 1 Report,
House of Lords, August 2007.
[7]
Australian Communications and Media Authority, Australia in the
Digital Economy: Trust and Confidence, ACMA, March 2009, p.39; AusCERT, AusCERT
Home Users Computer Security Survey 2008, AusCERT, 2008, p.3.
[8]
Australian Bureau of Statistics, 2007 Personal Fraud Survey, ABS
Catalogue No 4528.0, ABS, 2007, p. 21.
Chapter 2 Nature, Prevalence and Economic Impact of Cyber Crime
[1]
Mr Peter Watson, Microsoft Pty Ltd, Transcript of Evidence, 9
October 2009, p.18.
[2]
CSIRO, Submission 26, p.4; Dr Paul Twomey, Internet Corporation
for Assigned Names and Numbers (ICANN), Transcript of Evidence, 8
October 2009, p.2.
[3]
See for example: Australian Computer Society, Submission 38, p.2.
Dr Paul Twomey, ICANN, Transcript of Evidence, 8 October 2009, p.2;
Australian Communications Consumer Action Network (ACCAN), Submission 57,
p.53; Mr Stephen Wilson, Lockstep Technologies Pty Ltd, Transcript of
Evidence, 9 October 2009, p.44; Symantec Asia Pacific Pty Ltd, Submission
32, p.19; Microsoft Australia, Submission 35, p.1; Internet Safety
Institute, Submission 37, p.5.
[4]
See for example: Dr Russell Smith, Australian Institute of Criminology
(AIC), Transcript of Evidence, 19 August 2009, p.3; AIC, Submission
41, p.10; Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of
Evidence, p.49; Dr Paul Twomey, ICAAN, Transcript of Evidence, 8
October 2009, p.6; Organisation for Economic Cooperation and Development (OECD),
Malicious Software (Malware): A Security Threat to the Internet Economy,
OECD, June 2008, p.17.
[5]
See for example: Dr Russell Smith, AIC, Transcript of Evidence, 19
August 2009, p.3; Mr Peter Coroneos, Internet Industry Association (IIA), Transcript
of Evidence, 11 September 2009, p.13; Dr Paul Twomey, ICANN, Transcript
of Evidence, 8 October 2009, p.6; Australian Federal Police (AFP), Submission
25, p.3; PayPal Incorporated, Submission 60, Symantec Asia Pacific
Pty Ltd, Submission 32, p.3; Department of Broadband, Communications and
the Digital Economy (DBCDE), Submission 34, p.6.
[6]
See for example: G Urbas and KR Choo, Resource materials on
technology-enabled crime, AIC, Canberra, 2008, p.83; AIC, High tech
crime brief: Hacking offences, AIC, 2005, p.1.
[7]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.10.
[8]
See for example: OECD, Malicious Software (Malware): A Security Threat
to the Internet Economy, OECD, June 2008, p.91; G Urbas and KR Choo, Resource
materials on technology-enabled crime, AIC, Canberra, 2008, p.87; OECD, Malicious
Software (Malware): A Security Threat to the Internet Economy, OECD, June
2008, p.91.
[9]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.90.
[10]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.90;
[11]
See for example: OECD, Malicious Software (Malware): A Security Threat
to the Internet Economy, OECD, June 2008, p.90-91; G Urbas and KR Choo, Resource
materials on technology-enabled crime, AIC, Canberra, 2008, pp.79-87.
[12]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.12;
[13]
See for example: Australian Communications and Media Authority (ACMA), Submission
56, p.14; Symantec Corporation, Submission 32, p.2.
[14]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.12;
[15]
Symantec Asia Pacific Pty Ltd, Submission 32, p.20.
[16]
AIC, High Tech Crime Brief: More malware – adware, spyware, spam and
spim, AIC, Canberra, 2006, p.1.
[17]
K Howard, Mallesons Stephen Jacques, Computers and Law, March 2006,
p.17.
[18]
Cyberspace Law and Policy Centre (CLPC), Submission 62, p.3.
[19]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.15. See also: G Urbas and KR Choo, Resource
materials on technology-enabled crime, AIC, Canberra, 2008, pp.81; KR Choo,
Trends and issues in crime and criminal justice: Zombies and Botnets,
AIC, Canberra, 2007, p.4.
[20]
See for example: RSA Security Inc, Exhibit 2, p.2; MT Banday, JA
Quadri and NA Shah, ‘Study of Botnets and their threats to Internet Security’, Sprouts:
Working papers on information systems, 2009, p.8, viewed 22 December 2009,
<http://sprouts.aisnet.org>; OECD, Malicious Software (Malware): A
Security Threat to the Internet Economy, OECD, June 2008, p.23.
[21]
Symantec Asia Pacific Pty Ltd, Submission 32, p.6.
[22]
Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September
2009, p.6.
[23]
IIA, Submission 54, p.3. See also: OECD, Malicious Software
(Malware): A Security Threat to the Internet Economy, OECD, June 2008,
p.37.
[24]
See for example: OECD, Malicious Software (Malware): A Security Threat
to the Internet Economy, OECD, June 2008, p.24; AFP, Submission 25,
p.9; JB Grizzard, VS Sharma, C Nunnery, BBH Kang and D Dagon, Peer-to-Peer
Botnets: Overview and Case Study, in proceedings of USENIX Association
First Workshop on Hot Topics in Understanding Botnets, 10 April 2007,
Cambridge, USA, pp.5-6, viewed 24 December 2009, <http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard.pdf>.
[25]
JB Grizzard, VS Sharma, C Nunnery, BBH Kang and D Dagon, Peer-to-Peer
Botnets: Overview and Case Study, in proceedings of USENIX Association
First Workshop on Hot Topics in Understanding Botnets, 10 April 2007,
Cambridge, USA, p.1, viewed 24 December 2009, <http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard.pdf>.
[26]
Symantec Asia Pacific Pty Ltd, Submission 32, p.6; CLPC, Submission
62, p.6.
[27]
See for example: RSA Security Inc., Exhibit 3, p.2; Dr Paul Twomey,
ICANN, Transcript of Evidence, 8 October 2009, p.8; Fortinet, Submission
29, p.9; Symantec Asia Pacific Pty Ltd, Submission 32, p.15.
[28]
AIC, High Tech Crime Brief: More malware – adware, spyware, spam and
spim, AIC, Canberra, 2006, p.1.
[29]
See for example: P Wood, A spammer in the works, MessageLabs, Hong
Kong, 2003, p.6; OECD, Malicious Software (Malware): A Security Threat to
the Internet Economy, OECD, June 2008, p.27; MessageLabs, The Dark Art
of Spam, MessageLabs, 2009, pp.3-4.
[30]
P Wood, A spammer in the works, MessageLabs, Hong Kong, 2003, p.6.
[31]
See for example: P Wood, A spammer in the works, MessageLabs, Hong
Kong, 2003, p.6; OECD, Malicious Software (Malware): A Security Threat to
the Internet Economy, OECD, June 2008, p.27; AIC, High Tech Crime Brief:
More malware – adware, spyware, spam and spim, AIC, Canberra, 2006, p.1; Mr
Anthony Burke, Australian Bankers Association NSW Inc., Transcript of
Evidence, 8 October 2009, p.59.
[32]
P Wood, A spammer in the works, MessageLabs, Hong Kong, 2003, p.1,5.
See also: AIC, High Tech Crime Brief: More malware – adware, spyware, spam
and spim, AIC, Canberra, 2006, p.1.
[33]
ACCC, Exhibit 16, p.43.
[34]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.27.
[35]
Educause, 7 things you should know about DNS, Educause, January
2010, p.1, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.
[36]
Educause, 7 things you should know about DNS, Educause, January
2010, p.1, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.
[37]
F Hacquebord and C Lu, Rogue Domain Name System Servers, blog post,
TrendLabs Malware Blog, Trend Micro, 27 March 2007, viewed 26 February 2010,
<http://blog.trendmicro.com/rogue-domain-name-system-servers-5breposted5d>.
[38]
ICANN Security and Stability Advisory Committee, Domain name hijacking:
incidents, threats, risks, and remedial actions, ICANN, 12 July 2005, p.8.
[39]
See for example: G Urbas and KR Choo, Resource materials on
technology-enabled crime, AIC, Canberra, 2008, p.85; Symantec Corporation, Symantec
Report on the Underground Economy July 07 – June 08, Symantec Corporation,
November, 2009, p.19.
[40]
Dr Russel Smith, AIC, Transcript of Evidence, 19 August 2009, p.6.
[41]
See for example: Symantec Corporation, Symantec Report on the Underground
Economy July 07 – June 08, Symantec Corporation, November, 2009, pp.19, 24;
Australian Bureau of Statistics, 2007 Personal Fraud Survey, ABS, Cat.
No. 4528.0, 2007, p.8; Australian Government, Dealing with identity theft:
Protecting your identity, Attorney General’s Department (AGD), 2009, p. 4;
AusCERT, Computer Crime and Security Survey, AusCERT, 2006, p.28.
[42]
Symantec Corporation, Symantec Report on the Underground Economy July 07
– June 08, Symantec Corporation, November 2009, p.19.
[43]
See for example: AIC, Submission 41, p.4; Mr Scott Gregson,
Australian Competition and Consumer Commission (ACCC), Transcript of
Evidence, 18 November 2009, p.1; ACCC, Exhibit 16, p.10.
[44]
KR Choo, Trends and issues in crime and criminal justice: Zombies and Botnets,
AIC, Canberra, 2007, p.4.
[45]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.16.
[46]
Symantec Corporation, Symantec Report on the Underground Economy July 07
– June 08, Symantec Corporation, November 2009, p.9.
[47]
Australian Broadcasting Corporation (ABC), Fear in the Fast Lane,
Four Corners program transcript, ABC, 17 August 2009, viewed 11 January 2010,
<http://www.abc.net.au/4corners/content/2009/s2658405.htm>; Australian
Bankers’ Association, Submission 7.1, p.2. See also: Mr John Geurts, Transcript
of Evidence, 8 October 2009, p.57; Mr Craig Scroggie, Transcript of
Evidence, 9 October 2009, p.54-55.
[48]
Northern Territory Government, Submission 53, p.1.
[49]
AIC, Submission 41, p.8-9.
[50]
See for example: Internet Safety Institute, Submission 37, p. 7; OECD,
Malicious Software (Malware): A Security Threat to the Internet Economy,
OECD, June 2008, p.16; AFP, Submission 25, pp.4,6; Dr Russell Smith,
AIC, Transcript of Evidence, 19 August 2009, p.8.
[51]
See for example: Detective Superintendent Brian Hay, quoted in ABC, Fear
in the Fast Lane, Four Corners program transcript, ABC, 17 August 2009,
viewed 11 January 2010, <http://www.abc.net.au/4corners/content/2009/s2658405.htm>;
Symantec Corporation, Symantec Report on the Underground Economy July 07 –
June 08, Symantec Corporation, November 2009, pp.4-5; Dr Russell Smith,
AIC, Transcript of Evidence, 19 August 2009, p.8; Mr Craig Scroggie,
Symantec Corporation, Transcript of Evidence, 9 October 2009, p.55.
[52]
Symantec Corporation, Symantec Global Internet Security Report Trends
for 2008, Symantec Corporation, April 2009, p.10.
[53]
See for example: Symantec Corporation, Symantec Report on the
Underground Economy July 07 – June 08, Symantec Corporation, November 2009,
pp.4-5; OECD, Malicious Software (Malware): A Security Threat to the
Internet Economy, OECD, June 2008, p.16; AIC, Submission 41, p.7.
[54]
See for example: Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence,
9 October 2009, p.54; Dr Russell Smith, AIC, Transcript of Evidence,
pp.6-9; AIC, Submission 41, p.9.
[55]
See for example: Internet Safety Institute, Submission 37, p. 7; Mr
David Zielezna, ACMA, Transcript of Evidence, 21 October 2009, p.5; Mr
Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009, p.14.
[56]
Symantec Corporation, Web Based Attacks February 2009, Symantec
Corporation, February 2009, p.10.
[57]
P Coogan, Zeus, King of the underground crimeware toolkits, blog
post, Symantec Security Blogs, Symantec Corporation, 25 August 2009, viewed 14
January 2009, <http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits>.
[58]
P Coogan, Zeus, King of the underground crimeware toolkits, blog
post, Symantec Security Blogs, Symantec Corporation, 25 August 2009, viewed 14
January 2009, <http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits>.
[59]
See for example: OECD, Malicious Software (Malware): A Security Threat
to the Internet Economy, OECD, June 2008, p.20; Mr Graham Ingram, AusCERT, Transcript
of Evidence, 11 September 2009, p.3.
[60]
AFP, Submission 25, p.4.
[61]
See for example: Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript
of Evidence, 11 September 2009, p.47; Commander Neil Gaughan, AFP, Transcript
of Evidence, 9 September 2009, p.11.
[62]
See for example: Dr Russell Smith, AIC, Transcript of Evidence, p.9;
AFP, Submission 25, p.3.
[63]
AFP, Submission 25, p.3.
[64]
See for example: Mr Craig Scroggie, Symantec Corporation, Transcript of
Evidence, 9 October 2009, p.61; Commander Neil Gaughan, AFP, Transcript
of Evidence, 9 September 2009, p.7; Dr Russell Smith, AIC, Transcript of
Evidence, 19 August 2009; Mr Richard Johnson, Westpac Banking Corporation, Transcript
of Evidence, 8 October 2009, p.56.
[65]
See for example: OECD, Malicious Software (Malware): A Security Threat
to the Internet Economy, OECD, June 2008, p.20; Mr Graham Ingram, AusCERT, Transcript
of Evidence, 11 September 2009, p.20.
[66]
See for example: AusCERT, Submission 30, p.4; AGD, Submission 44,
p.3.
[67]
See for example: Australian Taxation Office (ATO), Submission 59, p.4;
Australian Seniors Computers Clubs Association (ASSCA), Submission 63,
p.5; Mr Michael Cranston, ATO, Transcript of Evidence, 16 September
2009, p.2; Lockstep, Submission 36, p.10; AusCERT, Submission 30,
p.9.
[68]
See for example: ATO, Submission 59, p.4; ASSCA, Submission 63,
p.5; Mr Michael Cranston, ATO, Transcript of Evidence, 16 September
2009, p.2; Lockstep, Submission 36, p.10; AusCERT, Submission 30,
p.9.
[69]
See for example: Mr Christopher Hamilton, Transcript of Evidence,
p.71; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9
October 2009, p. 52; Symantec Corporation, Submission 32, p.9; KR Choo, Trends
and issues in crime and criminal justice: Zombies and Botnets, AIC,
Canberra, 2007, p.4; ABC, Fear in the Fast Lane, Four Corners program
transcript, ABC, 17 August 2009, viewed 11 January 2010, <http://www.abc.net.au/4corners/content/2009/s2658405.htm>.
[70]
AFP, Submission 25, p.5; Dr Russell Smith, AIC, Transcript of
Evidence, 19 August 2009, p.13; ACCC, Submission 46, p.4; Mrs Nancy
Bosler, ASSCA, Transcript of Evidence, p.1; Dr Russell Smith, AIC, Transcript
of Evidence, 19 August 2009, p.14.
[71]
Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.14.
[72]
Mr Anthony Burke, Australian Bankers Association NSW Inc, Transcript of
Evidence, 8 October 2009, p.62.
[73]
AFP, Submission 25, p.5.
[74]
See for example: Commander Neil Gaughan, AFP, Transcript of Evidence,
9 September 2009, p.2; Dr Russell Smith, AIC, Transcript of Evidence, 19
August 2009, p.16.
[75]
Mr Alistair MacGibbon, Internet Safety Institute, Transcript of Evidence,
11 September 2009, p.63; ACMA, Submission 56, p.4.
[76]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.15.
[77]
DBCDE, Submission 34.1, p.7.
[78]
ACMA, Submission 56, p.4.
[79]
Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009,
p.10.
[80]
See for example: Commander Neil Gaughan, AFP, Transcript of Evidence,
9 September 2009 p.3; Mr Graham Ingham, AusCERT, Transcript of Evidence,
11 September 2009, p.11; Mr Peter Coroneos, IIA, Transcript of Evidence,
11 September 2009, p.14; Mr Richard Johnson, Westpac Banking Corporation, Transcript
of Evidence, 8 October 2009, p.56; Mr Michael Sinkowitsch, Fujitsu
Australia Ltd, Transcript of Evidence, 11 September 2009, p.47.
[81]
Mr Graham Ingham, AusCERT, Transcript of Evidence, 11 September 2009,
p.3.
[82]
See for example: Mr Graham Ingram, AusCERT, Transcript of Evidence,
11 September 2009, p.3; Mr Peter Coroneos, IIA, Transcript of Evidence, 11
September 2009, p.22; Internet Safety Institute, Submission 37, p.4; Mr
Anthony Burke, Australian Bankers Association NWS Inc., Transcript of
Evidence, 8 October 2009, p.55; Mr Terry Hilsberg, ROAR Film Pty Ltd, Transcript
of Evidence, 8 October 2009, p.66; Mr John Galligan, Microsoft Pty Ltd, Transcript
of Evidence, 9 October 2009, Mr Craig Scroggie, Symantec Corporation, Transcript
of Evidence, 9 October 2009, p.15; ABS, Household Use of Information
Technology 2008-09, ABS, Cat. No. 8146.0, 16 December 2009, p.37.
[83]
Mr Graham Ingham, AusCERT, Transcript of Evidence, 11 September
2009, p.3; ATO, Submission 59, p.6; ROAR Film Pty Ltd, Submission 64,
p.5; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.5;
McAfee Australia, Submission 10, p.2.
[84]
Microsoft Australia, Submission 35, p.4.
[85]
Symantec Corporation, Symantec Global Internet Security Threat Report:
Trends for 2008, Symantec Corporation, April 2009, p.10.
[86]
See for example: Mr Graham Ingram, AusCERT, Transcript of Evidence,
11 September 2009, p.7; Mr Bruce Matthews, ACMA, Transcript of Evidence,
p.5.
[87]
Telstra, Submission 43, p.2.
[88]
The ICANN, Submission 40, p.1.
[89]
See for example: AIC, Submission 41, pp.2-3; AFP, Submission 25,
p.3; Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009,
p.13; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9
October 2009, p.52; DBCDE, Submission 34, p.3.
[90]
See for example: OECD, Malicious Software (Malware): A Security Threat
to the Internet Economy, OECD, June 2008, p.30; ACS, Submission 38,
p.6.
[91]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.30.
[92]
Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence,
11 September 2009, p.69.
[93]
DBCDE, Australia’s Digital Economy: Future Directions, DBCDE, 2009,
p.2.
[94]
DBCDE, Australia’s Digital Economy: Future Directions, DBCDE, 2009,
pp.2-3.
[95]
DBCDE, Australia’s Digital Economy: Future Directions, DBCDE, 2009,
p.1.
[96]
See for example: AusCERT, Submission 30, p.11; IIA, Submission 54,
p.4; Microsoft Australia, Submission 35, p.5; Symantec Corporation, Submission
32, p.8; Mr Graham Ingram, AusCERT, Transcript of Evidence, 11
September 2009, p.10; Lockstep Technologies Pty Ltd, Submission 36,
p.10; OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, pp.41-42.
[97]
Ms Loretta Johnson, Australian Information Industry Association, Transcript
of Evidence, 11 September 2009, p.24.
[98]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, p.7.
[99]
Cyber Security Industry Alliance, ‘Survey: Lack of confidence in cyber security
has economic, political effects’, Insurance Journal, Wells Publishing,
June 2006, viewed 29 January 2009, <http://www.insurancejournal.com/news/national/2006/06/07/69215.htm>.
[100]
ACMA, Australia in the Digital Economy: Trust and Confidence, ACMA,
March 2009, p.1.
[101]
ABS, Household Use of Information Technology 2008-09, ABS, Cat. No.
8146.0, 16 December 2009, p.30.
[102]
Mr Allan Asher, ACCAN, Transcript of Evidence, 8 October 2009, p.16.
[103]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, pp.40-41.
[104]
AM Freed, Another Payment Card Processor Hacked, Information Security
Resources, Infosec Island Network, February 14 2009, viewed 29 January 2009,
<http://information-security-resources.com/2009/02/14/another-payment-card-processor-hacked/>.
[105]
OECD, Malicious Software (Malware): A Security Threat to the Internet
Economy, OECD, June 2008, pp.40-41.
[106]
K Richards, The Australian Business Assessment of Computer User Security:
a national survey, AIC, 2009, p.iii.
[107]
See for example: OECD, Malicious Software (Malware): A Security Threat to
the Internet Economy, OECD, June 2008, p.38; K Richards, The Australian
Business Assessment of Computer User Security: a national survey, AIC,
2009, p.xi
[108]
See for example: AIC, Submission 41, p.16; Australian Information
Industry Association, Submission 22, p.9; OECD, Malicious Software
(Malware): A Security Threat to the Internet Economy, OECD, June 2008,
pp.42-43.
Chapter 3 Research and Data Collection
[1]
See for example: Australian Bureau of Statistics (ABS), Submission 16,
p.1; Northern Territory Government, Submission 53, p.1; AusCERT, Submission
30, p.11; Internet Safety Institute, Submission 37, p.7.
[2]
The 2004 Cybercrime inquiry by the Joint Committee on the Australian
Crime Commission accepted that there is a lack of independent cyber crime trend
information available to the finance industry and law enforcement agencies. The
Australian Government’s response cited the secondment of specialists to, and
information sharing through, the Australian High Tech Crime Commission as new
measures. See: Parliamentary Joint Committee on the Australian Crime
Commission, Cybercrime, March 2004, pp. 40, 49 and 66; Australian
Government, Australian Government Response to the Recommendations of the
Parliamentary Joint Committee inquiry on Cybercrime, 9 February 2006, pp.5 and
7.
[3]
See for example: ABS, Submission 16, p.1; Australian Institute of
Criminology (AIC), Submission 41, p.22; Australian Payments Clearing
Association (APCA), Submission 50, p.7; ACMA, Submission 56,
p.17; Mr Alastair MacGibbon, Internet Safety Institute, Transcript of
Evidence, 11 September 2009, pp.63-64.
[4]
ACMA, Submission 56, p.17.
[5]
AGD, Submission 44.1, p.3.
[6]
Detective Superintendent Brian Hay, QPS, Transcript of Evidence,
17 March 2010, p.7.
[7]
See for example: McAfee Australia Pty Ltd, Submission 10,
pp.13-14; RSA, Submission 2, p.2; Threatmetrix Pty Ltd, Submission 19,
p.3; Sophos Pty Ltd, Submission 66, p.2.
[8]
Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9
October 2009, p.50.
[9]
AusCERT, Submission 30, pp.3, 12.
[10]
ACMA, Submission 56.1, p.2.
[11]
ACMA, Submission 56, pp.3-4.
[12]
AGD, Submission 44, pp.7-9; ASIO, Submission 47, pp.4-5;
Department of Defence, Submission 20, p.1.
[13]
See for example: Australian Competition and Consumer Commission (ACCC), Submission
46, pp.2-3; AFP, Submission 25, p.20; Queensland Government, Submission
67, p.7.
[14]
ACCC, Supplementary Submission 46.1, p.2; South Australian Police, Submission
10, p.4.
[15]
AGD, Submission 44.1, p.3.
[16]
Mr Anthony Burke, ABA, Transcript of Evidence, 8 October 2009, p.54;
Mr Christopher Hamilton, APCA, Transcript of Evidence, 11 September
2009, p.70; Mr Richard Johnson, Transcript of Evidence, 8 October 2009,
p.52.
[17]
AIC, Submission 41, p.1.
[18]
ABS, Submission 16, pp.2-3.
[19]
See for example: AIC, Submission 41, p.41.
[20]
Queensland Government, Submission 67, pp.4 and 6; Detective
Superintendent Brian Hay, QPS, Transcript of Evidence, 17 March 2010,
pp.2-3.
[21]
DBCDE, Submission 34.1, p.7.
[22]
AusCERT, Australian Computer Crime and Security Surveys, AusCERT, 22
May 2006, viewed 19 March 2010, <http://www.auscert.org.au/render.html?it=2001>.
[23]
AusCERT, Submission 30, pp.3, 12.
[24]
Symantec Corporation, Submission 32, p.9; McAfee, Datagate: The
Next Inevitable Corporate Disaster, McAfee, viewed 24 March 2010, <http://www.mcafee.com>.
[25]
ABS, Submission 16, p.1.
[26]
ABS, Submission 16, p.1; Commander Neil Gaughan, AFP, Transcript
of Evidence, 9 September 2009, p.2.
[27]
ABS, Submission 16, p.1.
[28]
ABS, Submission 16, p.2.
[29]
ABS, Submission 16, p.1.
[30]
AGD, Submission 44, p.3.
[31]
AIC, Submission 41, pp.3-4; AFP, Technology Enabled Crime,
AFP, 2 September 2009, viewed 15 March 2010, <http://www.afp.gov.au/national/e-crime.html>.
[32]
ABS, Submission 16, p.1.
[33]
ABS, Submission 16, p.1.
[34]
The Australian Standard Offence Classification is used in ABS statistical
collections, and by Australian police, criminal courts and corrective services
agencies, to provide uniform classifications of criminal behaviour in crime and
justice statistics.
[35]
ABS, Submission 16, p.2.
[36]
See for example: Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript
of Evidence, 11 September 2009, p.51; Commander Neil Gaughan, AFP, Transcript
of Evidence, 9 September 2009, pp.2 and 6; ABS, Submission 16, p.2;
Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17
March 2010, p.7.
[37]
Ms Alana Maurushat, Cyberspace Law and Policy Centre, Transcript of
Evidence, 8 October 2009, p.33.
[38]
Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence,
11 September 2009, p.51.
[39]
See for example: Office of the Privacy Commissioner, Submission 3,
pp.11-12; Symantec Corporation, Submission 32, p.11; Fujitsu Australia
Ltd, Submission 13, p.7; Detective Superintendent Brian Hay, QPS, Transcript
of Evidence, 17 March 2010, p.7.
[40]
AFP, Submission 25, p.20; Queensland Government, Submission 67,
p.7; ACCC, Submission 46, pp.5-7.
[41]
Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.6; Commander Neil Gaughan, AFP, Transcript of Evidence,
9 September 2009, p.2; Mr David Ready, Submission 6, p.1; Mr Mike
Rothery, AGD, Transcript of Evidence, 25 November 2009, p.14.
[42]
ABS, Submission 16, p.1.
[43]
Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17
March 2010, p.3.
[44]
ACMA, Submission 56, p.18.
[45]
ABS, Submission 16, p.1.
[46]
Internet Safety Institute, Submission 37, p.11.
[47]
Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17
March 2010, p.7.
[48]
See for example: AIC, Submission 41, pp.16-17; ABS, Submission 16,
p.2; Australian Computer Society, Submission 38, p.9.
[49]
ABS, Submission 16, p.2; Symantec Corporation, Submission 32.1,
p.9.
[50]
See for example: Fujitsu Australia Ltd, Submission 13, p.7; Mr
Alastair MacGibbon, Cyber security: Threats and responses in the information
age, Australian Strategic Policy Institute, December 2009, pp.11-12; Dr
Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.
[51]
AIC, Submission 41, p.22; Telstra, Submission 43, p.3.
[52]
The Business Longitudinal Database comprises financial data sourced from
the ABS Business Characteristics Survey, the Australian Taxation Office and the
Australian Customs Service.
[53]
ABS, Submission 16, pp.2-3.
Chapter 4 Community Awareness and Vulnerability
[1]
Mr Alistair MacGibbon, Internet Safety Institute, Transcript of
Evidence, 11 September 2009, p.63.
[2]
ACMA, Click and connect: Young Australians’ use of online social media
– 02: Quantitative research report, ACMA, July 2009, p.10.
[3]
ACMA, Australia in the Digital Economy: Trust and Confidence,
ACMA, March 2009, p.29.
[4]
AVG, Australia Tops Global Cyber Crime Impact Survey, media
release, AVG, 10 June 2008, viewed 21 January 2010, <http://www.avg.com.au/news/avg_cyber_crime_impact_survey/>.
[5]
Consumers’ Telecommunications Network (CTN), Surfing on thin ice:
consumers and malware, adware, spam and phishing, CTN, November 2009, p.9.
[6]
Consumers’ Telecommunications Network, Surfing on thin ice: consumers
and malware, adware, spam and phishing, CTN, November 2009, p.33.
[7]
Symantec Corporation, Submission 32, p.9
[8]
K Richards, The Australian Business Assessment of Computer User
Security: a national survey, Australian Institute of Criminology, 2009, p.xii.
[9]
AusCERT, Computer Crime and Secuirty Survey, AusCERT, 2006, p.8.
[10]
See for example: Australian Computer Society (ACS), Submission 38,
p.8; Dr Russell Smith, Australian Institute of Criminology (AIC), Transcript
of Evidence, 19 August 2009, p.9; Mr Peter Coroneos, Internet Industry
Association (IIA), Transcript of Evidence, 11 September 2009, p.18; Australian
Federal Police (AFP), Submission 25, p.10; AusCERT, Submission 30,
p.12.
[11]
ACMA, Australia in the Digital Economy: Trust and Confidence, ACMA,
March 2009, p.39.
[12]
AusCERT, AusCERT Home Users Computer Security Survey 2008, AusCERT,
2008, p.3.
[13]
AusCERT, AusCERT Home Users Computer Security Survey 2008, AusCERT,
2008, p.3.
[14]
Symantec Corporation, Symantec Survey Reveals More than Half of Small
and Midsized Businesses in Australia and New Zealand Experience Security
Breaches, media release, Symantec Corporation, 12 May 2009, p.1.
[15]
AusCERT, Computer Crime and Security Survey, AusCERT, 2006, p.4.
[16]
Mr Anthony Burke, Australian Bankers Association NSW Inc, and Mr John
Guerts, Commonwealth Bank of Australia, Tanscript of Evidence, 8 October
2009, p.59.
[17]
Australian Bureau of Statistics (ABS), 2007 Personal Fraud Survey,
ABS, Cat. No. 4528.0, 2007, pp.14, 21.
[18]
ABS, 2007 Personal Fraud Survey, ABS, 2007, pp.14, 21, 24.
[19]
Mr Scott Gregson, Australian Competition and Consumer Commission (ACCC), Transcript
of Evidence, 18 November 2009, p.1.
[20]
ABS, 2007 Personal Fraud Survey, ABS, 2007, pp.14, 21, 24.
[21]
Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17
March 2010, pp.3-4.
[22]
Mr Peter Shenwun, Nigerian High Commission, Transcript of Evidence,
17 March 2010, p.1.
[23]
See for example: AusCERT, Submission 30, p.12; AusCERT, AusCERT
Home Users Computer Security Survey 2008, AusCERT, 2008, p.3.
[24]
Tasmanian Government, Submission 51, p.3.
[25]
ACS, Submission 38, p.8.
[26]
Detective Superintendent Brian Hay, QPS, Transcript of Evidence, 17
March 2010, p.4.
[27]
See for example: Consumers’ Telecommunications Network, Surfing on thin
ice: consumers and malware, adware, spam and phishing, CTN, November 2009,
p.21; Internet Safety Institute, Submission 37, p.10; Mr Terry Hilsberg,
ROAR Film Pty Ltd, Transcript of Evidence, 8 October 2009, p.69; Telstra,
Submission 43, p.4.
[28]
See for example: Dr Russell Smith, AIC, Transcript of Evidence, 19
August 2009, p.15; Mr Mike Rothery, Attorney General’s Department (AGD), Transcript
of Evidence, 25 November 2009, p.14; Commander Neil Gaughan, AFP, Transcript
of Evidence, 9 September 2009, p.2; Internet Safety Institute, Submission
37, p.8; Fujitsu, Submission 13, p.7; IIA, Submission 54,
p.5.
[29]
See for example: Dr Russell Smith, AIC, Transcript of Evidence, 19
August 2009, p.9; Mr Scott Ridgway, ACCC, Transcript of Evidence, 18
November 2009, p.7; Dr Paul Brooks, Transcript of Evidence, 9 October 2009,
p.11; Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009,
p.12.
Chapter 5 Domestic and International Coordination - Introduction
[1] AGD,
Submission 44, p.6.
[2]
Attorney General Hon Robert McClelland MP; Minister for Broadband,
Communications and the Digital Economy, Senator The Hon Stephen Conroy;
Minister for Defence, Senator the Hon John Faulkner, Joint Media Release, Australian
Cyber Security Strategy Launched, 23 November 2009; Cyber Security
Strategy, Australian Government, p.vi.
[3] Mr
Graham Ingram, AusCERT, Transcript of Evidence, 11 September 2009, p.4;
Cyber Space Law and Policy Centre, Submission 62, p.6.
[4]
AGD, Submission 44, p.2.
[5]
AGD, Submission 44, p.7
[6] Cyber
Security Strategy, Australian Government, 2009, p.30.
[7] AGD,
Submission 44, pp. 22-23.
[8] AGD,
Submission 44, p.14.
[9]
Internet Safety Institute, Submission 37, p.11.
[10]
CLPC, Supplementary Submission 62.1, p.5.
[11]
CLPC, Supplementary Submission 62.1, p.5.
[12]
Microsoft Australia, Submission 35, p.6.
[13]
Mr James Shaw, Telstra Corporation Ltd., Transcript of Evidence, 11
September 2009, pp.44-45.
[14]
Telstra Corporation Ltd, Submission 43, p.3.
[15]
Mr James Shaw, Telstra Corporation Ltd., Transcript of Evidence, 11
September 2009, p.44.
[16]
ACCAN, Submission 57, p.1.
[17]
ACCAN, Submission 57, p.5.
[18]
ACCAN, Submission 57, p.5.
[19]
AusCERT, Submission 30, pp. 14 and 17; see also, Transcript of
Evidence, 11 September 2009, p.5.
[20]
Mr Alastair MacGibbon, Transcript of Evidence, 11 September 2009,
pp.60-61.
[21]
Mr Graham Ingram, AusCERT, Transcript of Evidence, 11 September
2009, p.5.
[22]
Sophos, Submission 66, p.6.
[23]
DBCDE, Submission 34, p.15.
[24]
AGD, Submission 44, p.13.
[25]
AGD, Submission 44, p.13; DBCDE, Submission 34, pp.16-17.
[26]
Internet Safety Institute, Submission 37, p.9.
[27]
Queensland Government, Submission 67, p.7.
[28]
Northern Territory Government, Submission 53, p.1.
[29]
AusCERT, Submission 30, p.11.
[30]
For example, Internet Safety Institute, Submission 37, p.11; OECD, Malicious
Software (Malware): A Security Threat to the Internet Economy, 2008,
pp.22-29; AusCert, Submission 30, p.11; Ms Penelope
Musgrave, Director, Criminal Law Review, NSW Government, Transcript of
Evidence, 8 October 2009, p.76.
[31]
ACCC, Submission 46, p.3.
[32]
Internet Safety Institute, Submission 37, p.7; see also, Ms Penelope
Musgrave, Director Criminal Law Review, NSW Government, Transcript of
Evidence, 8 October 2009, p.76.
[33] AFP,
Supplementary Submission 25.1, p.9.
[34]
CLPC, Submission 62.1, p.9.
[35]
CLPC, Submission 62.1, p.9.
[36]
AGD, Supplementary Submission 44.1, p.3.
[37]
Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.
[38]
Internet Safety Institute, Submission 37, p.7.
[39]
CLPC, Supplementary Submission 62.1, p.5.
[40]
Mr Alastair MacGibbon, Cyber security: Threats and responses in the
information age, APSI, December 2009, p.11.
[41]
South Australia Police, Submission 2, p.3.
[42]
Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.
[43]
Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September
2009, p.2.
[44]
The AHTCC no longer exists. However, the website remains live and
accessible via: <http://www.ahtcc.gov.au/tech_crimes_types/computer_intrusion.htm#report>,
viewed 11 January 2009.
[45]
Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September
2009, p.1.
[46]
South Australia Police, Submission 2, p.3.
[47]
Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September
2009, p.2.
[48]
RSA, Submission 28, p.3.
[49]
AFP, Submission 25, p.16.
[50]
AFP, Submission 25, p.16.
[51]
AFP, Clarification regarding High Tech Crime Operations article,
National Media Release, 23 September 2009.
[52]
AGD, Supplementary Submission 44.2, p.14; note this data does not
indicate whether these offences have been prosecuted by Commonwealth or State
or Territory authorities.
[53]
CLPC, Submission 62, p.3.
[54]
For example, a large scale DDOS attack on a Commonwealth Government website
or hacking and theft from a bank system may warrant an investigation.
[55]
AFP, Submission 25, p.20.
[56]
The assessment of whether an investigation will be undertaken is considered
under the framework of the Case Categorisation and Prioritisation Model
(November 2009).
[57]
As noted above, the former AHTCC website did provide for online reporting
of a DDOS attack and malware intrusion. The Committee notes that this website
is still accessible via a general Internet search but the model is, in fact,
defunct.
[58]
Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September
2009, p.6.
[59]
Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence,
11 September 2009, p.62.
[60]
Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.6.
[61]
Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.6.
[62]
Mr Paul Brooks, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.6.
[63]
Mr David Ready, Submission 6, p.1.
[64]
Mr David Ready, Submission 6, p.1.
[65]
Mr Paul Brooks, Director, Internet Society of Australia, Transcript of
Evidence, 9 October 2009, p.7.
[66]
Queensland Government, Submission 67, p.7.
[67]
Detective Superintendent Brian Hay, Queensland Police Service, Transcript
of Evidence, 17 March 2010, p.3.
[68]
Queensland Government, Submission 67, p.6.
[69]
Detective Superintendent Brian Hay, Queensland Police Service, Transcript
of Evidence, 17 March 2010, p.2.
[70]
Queensland Government, Submission 67, p.6.
[71]
The Australasian Consumer Fraud Taskforce is comprised of nineteen
government regulatory agencies and departments with responsibility for consumer
protection regarding frauds and scams; ACCC, Submission 46, p.5.
[72]
ACCC, Submission 46, p.4.
[73]
ACCC, Supplementary Submission 46.1, p.2.
[74]
Mr Peter Kell, Deputy Chair, ACCC, ACFT Consumer Fraud Research Forum, Consumer
Complaints about Scams: Managing and Sharing Information, October 2009.
[75]
Mr Peter Kell, Deputy Chair, ACCC, ACFT Consumer Fraud Research Forum, Consumer
Complaints about Scams: Managing and Sharing Information, October 2009.
[76]
ACCC, Submission 46, p.7.
[77]
ICPEN, viewed 18 January 2009, <http://www.econsumer.gov/english/report/overview.shtm>.
[78]
ICPEN, viewed 18 January 2009, <http://www.econsumer.gov/english/report/overview.shtm>.
[79]
Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.15.
[80]
Queensland Government, Submission 67, p.7.
[81]
The SOCA e-Crime Unit is separate from the Child Exploitation and Online
Protection Centre. Cases that fall within the PCeU Case Acceptance Criteria
include: significant intrusions into government, commercial or academic
networks; denial of service attacks, and other criminal use of Botnets;
significant data breaches; significant false identity websites; mass
victimisation e-crimes, such as large scale phishing, and electronic attacks on
the Critical National Infrastructure, ACPO e-Crime Strategy, 2009, p.8.
[82]
ACPO e-Crime Strategy, 2009, p.2.
[83]
The City of London Police, which has been designated the National Lead
Police Force for Fraud, hosts the facility.
[84]
Jeremy Kirk, IDG New Service, UK Police to Track E-Crime, Fraud Down to
the Last Pence, 25 March, 2009.
[85]
NSW Government, Submission 49, p.6.
[86]
Detective Inspector William van der Graff, NSW Police Force, Transcript
of Evidence, 8 October 2009, p.77.
[87]
Queensland Government, Submission 67, p.7.
[88]
Queensland Government, Submission 67, p.7; By contrast, the UK
Police Service has already established standards for professional practice
within e-crime, such as the ACPO Good Practice Guide for Computer Based
Evidence and the ACPO Managers Guide to e-Crime; ACPO e-Crime
Strategy, 2009, p.18.
[89]
Mr Graham Ingram, Director, AusCERT, Transcript of Evidence, 11
September 2009, p.5; Mr Alastair MacGibbon, Director, Internet Safety
Institute, Transcript of Evidence, 11 September 2009, p.62.
[90]
AusCERT, Submission 30, p.15; Internet Safety Institute, Submission
37, pp.3 and 10.
[91]
Mr Alastair MacGibbon, Cyber security: Threats and responses in the
information age, Australian Strategic Policy Institute, December 2009,
p.11.
[92]
Mr Alastair MacGibbon, Director, Internet Safety Institute, Transcript of
Evidence, 11 September 2009, p.62.
[93]
Mr Alastair MacGibbon, Director, Internet Safety Institute, Transcript
of Evidence, 11 September 2009, p.62.
[94]
Mr Alastair MacGibbon, Cyber security: Threats and responses in the
information age, Australian Strategic Policy Institute, December 2009,
p.11.
[95]
McAfee, Submission 10, pp.11-12.
[96]
McAfee, Supplementary Submission 10.1, pp.2-4.
[97]
McAfee, Supplementary Submission 10.1, p.3.
[98]
McAfee, Supplementary Submission 10.1, pp.1-3.
[99]
McAfee, Supplementary Submission 10.1, p.3.
[100]
McAfee, Supplementary Submission 10.1, p.2.
[101]
McAfee, Supplementary Submission 10.1, p.3.
[102]
McAfee, Supplementary Submission 10.1, p.2.
[103]
McAfee, Supplementary Submission 10.1, p.3
[104]
Detective Superintendent Brian Hay, Queensland Police Service, Transcript
of Evidence, 17 March 2010, p.9.
[105]
McAfee, Submission 10, p.7.
[106]
McAfee, Submission 10, p.7.
[107]
Section 1030 Title 18 of the United States Code; Roy Jordan, Client
Memorandum, Department of Parliamentary Services, 12 January 2010; the
penalty for computer offences resulting in an aggregated loss to one or more
person of at least $5,000 (over a twelve month period) attracts a fine of up to
5 years imprisonment (or both).
[108]
CLPC, Supplementary Submission 62.1, p.9.
[109]
NSW Government, Submission 49, p.4.
[110]
Tasmanian Government, Submission 51, p.4.
[111]
NT Government, Submission 53, p.2.
[112]
AFP, Submission 25, p.15.
[113]
Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September 2009,
pp.2-3.
[114]
ABA, Submission 7, p.6.
[115]
ABA, Submission 7, p.7.
[116]
ABA, Submission 7, p.6.
[117]
South Australian Police, Submission 10, p.4.
[118]
South Australian Police, Submission 10, p.4.
[119]
NSW Government, Submission 49, p.4.
[120]
South Australia Police, Submission 2, p.1.
[121]
Tasmanian Government, Submission 51, pp.1-5.
[122]
Tasmanian Government, Submission 51, p.5.
[123]
Tasmanian Government, Submission 51, p.4.
[124]
Tasmanian Government, Submission 51, p.4.
[125]
Tasmanian Government, Submission 51, p.4.
[126]
South Australia Police, Submission 2, p.3.
[127]
South Australia Police, Submission 2, p.3.
[128]
South Australia Police, Submission 2, p.3.
[129]
Detective Inspector William van der Graff, NSW Police Force, Transcript of
Evidence, 8 October 2009, p.77.
[130]
Detective Inspector William van der Graff, NSW Police Force, Transcript of
Evidence, 8 October 2009, p.77.
[131]
Detective Inspector William van der Graff, NSW Police Force, Transcript of
Evidence, 8 October 2009, p.77.
[132]
AGD, Supplementary Submission 44.2, p.11.
[133]
AGD, Supplementary Submission 44.2, p.11.
[134]
AGD, Supplementary Submission 44.2, p.11.
[135]
See for example: Microsoft, Submission 35, p.11; Australian
Information Industry Association, Submission 22, p.12; AGD, Submission
44, p.11.
[136]
AGD, Submission 44, p.10.
[137]
AGD, Submission 44, p.11.
[138]
Telstra, Submission 43, p.3.
[139]
Mr Tony Burke, ABA, Transcript of Evidence, 8 October 2009, p.51.
[140]
Mr Tony Burke, ABA, Transcript of Evidence, 8 October 2009, p.51.
[141]
ABA, Submission 7, p.13.
[142]
ABA, Submission 7, p.14.
[143]
Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8
October 2009, p.52.
[144]
RSA, Submission 28, p.3.
[145]
Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8
October 2009, p.52.
[146]
Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8
October 2009, p.53.
[147]
Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8
October 2009, p.53.
[148]
Symantec, Supplementary Submission 32.1, p.8.
[149]
Symantec, Supplementary Submission 32.1, p.9.
[150]
AGD, Supplementary Submission 44.2, pp.1-2.
[151]
These include section 70 of the Crimes Act 1914 (Cth) which deals with
disclosure of information by Commonwealth officers, the Australian Public
Service Code of Conduct set out in the Public Service Act 1999 (Cth)
and the Australian Government’s Protective Security Manual.
[152]
Symantec, Supplementary Submission 32.1, p.9.
[153]
Symantec, Supplementary Submission 32.1, p.9.
[154]
CLPC, Submission 62, p.11.
[155]
Ms Alana Maurushat, CLPC, Transcript of Evidence, 8 October, 2009,
p.33.
[156]
CLPC, Submission 62, p.11.
[157]
Ms Alana Maurushat, CLPC, Transcript of Evidence, 8 October, 2009,
pp.32-33.
[158]
Dr Paul Brooks, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.13.
[159]
Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8
October 2009, pp.54-55.
[160]
Mr Richard Johnson, Westpac Banking Corp, Transcript of Evidence, 8
October 2009, pp.54-55.
[161]
The national information infrastructure is made up of those key communications
and information technology systems that support critical industries and
government services, such as the telecommunications, transport, distribution,
energy, utilities, banking and finance industries and defence and emergency
services.
Chapter 6 Criminal and Law Enforcement Framework
[1]
AFP, Submission 25, p.13.
[2]
Russell Smith, Impediments to the Successful Investigation of
Transnational High Tech Crime, Trends and Issues in Crime and Criminal Justice
No. 285, Australian Institute of Criminology, October 2004, p.1.
[3]
Attorney-General’s Department, Submission 44, p.16; Telecommunications
(Interception and Access) Act 1979 (Cth); Crimes Act 1914 (Cth).
[4] Part
10.7 Divisions 477 and 478 of the Criminal Code; AGD, Submission 44,
p.18.
[5]
Model Criminal Code Officers Committee of the Standing Committee of
Attorneys-General, Chapter 4 Damage and Computer Offences, Report of the
Committee, February 2001.
[6]
Commonwealth criminal law is ancillary to the performance of the
Commonwealth of its powers to protect itself, the Constitution, its
institutions and to enforce its own laws; Sir
Garfield Barwick, Crimes Bill 1960, Second Reading Speech, House of
Representatives, Debates,
8 September 1960 pp.1020-1021 reported in Research Paper No.12, Department of Parliamentary Library,
Canberra, 2002, p.4.
[7]
AGD, Supplementary Submission 44.2, p.10.
[8]
AGD, Supplementary Submission 44.2, p.10; Microsoft Australia, Submission
35, p.7.
[9]
For example, section 480.4 of the Commonwealth Criminal Code makes it an
offence to dishonestly obtain or deal in personal financial information without
consent of that person to access funds, credit or other financial benefits.
[10]
MCLOC, Final Report: Identity Crime, Commonwealth of Australia,
2008.
[11]
AGD, Supplementary Submission 44.1, p.3.
[12]
AGD, Submission 44, p.4; Criminal Law Consolidation (Identity
Theft) Amendment Act 2003 (SA); Criminal Code and Civil Liability
Amendment Act 2007 (Qld); Note that under section 144B of the Criminal
Law Consolidation Act 1935 (SA) it is an offence to assume a false identity
or falsely pretend to be entitled to act in a particular capacity. Unlike the
model provisions this offence does not require proof of an intention to commit
a serious criminal offence.
[13]
The WA Bill ‘utilises and builds upon (but does not specifically implement)
the model provisions’; WA Legislative Council, Standing Committee on Uniform
Legislation and Statutes Review Report No 44, March 2010, p. 14, viewed 17
March 2010, <http://www.parliament.wa.gov.au/parliament/commit.nsf>.
[14]
AFP, Submission 25, p.9.
[15]
AGD, Submission 44, p.7; The E-Security Review did recommend: agency
collaboration to address ‘legal issues associated with the blocking of user
access to Internet sites by law enforcement and other agencies’; better
coordination of crime reporting; and training and information for the legal
profession.
[16]
AGD, Supplementary Submission 44.2, p.10.
[17]
AGD, Submission 44, p.4.
[18]
IIA, Submission 54, p.2.
[19]
Symantec, Supplementary Submission 32.1, p.2.
[20]
Symantec, Supplementary Submission 32.1, p.2.
[21]
Symantec, Supplementary Submission 32.1, p.2.
[22]
Symantec, Supplementary Submission 32.1, p.2.
[23]
AGD, Supplementary Submission 44.1, p.1.
[24]
Microsoft Australia, Submission 35, p.7.
[25]
Microsoft Australia, Submission 35, p.7
[26]
Tasmanian Government, Submission 51, p.4.
[27]
ABA, Submission 7, p.7.
[28]
Parliamentary Joint Committee on the Australian Crime Commission, Cybercrime,
March 2004, p.vii and p.15.
[29]
ABA, Submission 7, p.7.
[30]
Telecommunications (Interception and Access) Amendment Bill 2009;
see also, AGD, Discussion Paper and Exposure Draft Legislation: Computer
Network Protection, July 2009; The Senate Legal and Constitutional Affairs
Legislation Committee, Telecommunications (Interception and Access)
Amendment Bill 2009 [Provisions], November 2009.
[31]
AFP, Supplementary Submission 25.1, p.8; Russell Smith, Impediments
to the Successful Investigation of Transnational High Tech Crime, Trends
and Issues in Crime and Criminal Justice No. 285, Australian Institute of
Criminology, October 2004, pp.1-6.
[32]
CLPC, Submission 62, p.3.
[33]
AFP, Supplementary Submission 25.1, pp.8-9.
[34] Section
3LA of the Crime Act 1914 (Cth).
[35]
AGD, Supplementary Submission 44.2, p.8.
[36]
The offence must carry a maximum penalty of three or more years.
[37]
AGD, Submission 44, p.19.
[38]
In 2005 the TIA was reviewed by Mr Anthony Blunn AO. The report, tabled in
Parliament on 14 September 2005, recommended that legislation dealing with
access to telecommunications data for security and law enforcement purposes be
established, viewed 23 March 2010, <http://www.ag.gov.au/www/agd/agd.nsf/Page/Publications_Blunnreportofthereviewoftheregulationofaccesstocommunications-August2005>.
The TIA was amended in 2006 to establish a warrant regime for access to stored
communications. In 2007 the TIA was further amended to implement a two-tier
regime for access to historic and prospective (real-time) telecommunications
data. The provisions of the Telecommunications Act 1997 (Cth), that
regulated access to telecommunications data for national security and law
enforcement purposes, were also transferred to the TIA. See, Sue Harris-Rimmer,
Telecommunications (Interception) Bill 2006, Bills Digest No. 102, 2005–06, 28
February 2006, Parliamentary Library; and, Bronwyn Jaggers, Telecommunications
(Inception and Access) Amendment Bill 2008, Bills Digest No. 71, 7 March 2008
for further detail.
[39]
AFP, Supplementary Submission 25.1, p.9.
[40]
The Communications Access Coordinator is a statutory position performed by
the First Assistant Secretary of the National Security Law and Policy Division
in AGD; AGD, Supplementary Submission, 44.2, p.3.
[41]
AGD, Supplementary Submission 44.2, p.3.
[42]
NSW Government, Submission 49, p.6.
[43]
AGD, Supplementary Submission 44.2, p.7.
[44]
AGD, Supplementary Submission 44.2, p.7.
[45]
AFP, Supplementary Submission 25.1, pp.9-10.
[46]
AGD, Supplementary Submission 44.2, p.7.
[47]
AGD, Supplementary Submission 44.2, p.7.
[48]
AGD, Supplementary Submission 44.2, p.7.
[49]
AGD, Supplementary Submission 44.2, p.7.
[50]
Foreign Evidence Amendment Bill 2008; AGD, Supplementary Submission 44.2,
p.8.
[51]
AGD, Supplementary Submission 44.2, p.8
[52]
AFP, Supplementary Submission 25.1, pp.8-9.
[53]
AusCERT, Submission 30, p.15.
[54]
AFP, Supplementary Submission 25.1, pp.8-9.
[55]
AFP, Supplementary Submission 25.1, pp.8-9.
[56]
AFP, Supplementary Submission 25.1, pp.8-9.
[57]
AGD, Supplementary Submission, 44.2, p.4.
[58]
AGD, Supplementary Submission 44.2, p.4.
[59]
AGD, Supplementary Submission, 44.2, p.5.
[60]
AGD, Supplementary Submission, 44.2, p.5.
[61]
AGD, Supplementary Submission, 44.2, p.5.
[62]
AGD, Supplementary Submission, 44.2, p.4.
[63] Internet
Safety Institute, Submission 37, p.7; Microsoft Australia, Submission
35, p.1.
[64]
ABA, Submission 7, pp.9-12.
[65]
ABA, Submission 7, pp.9-12.
[66]
Convention on Cybercrime, European Treaty Series No.185 (opened for
signature Budapest 23.11.2001 entered into force 1.7.2004).
[67]
Directorate General of Human Rights and Legal Affairs, Council of Europe, Submission
31, p.3.
[68]
Council of Europe, Submission 31, p.3; at the time of writing 27
countries had signed and ratified or acceded to the treaty and 19 had signed
the treaty but not yet proceeded to ratification, viewed 11 March 2010, <http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=1&DF=11/03/2010&CL=ENG>.
[69]
Council of Europe, Submission 31, p.3.
[70]
Microsoft Australia, Submission 35, p.9; Queensland Government, Submission
67, p.7; AIIA, Submission 22, p.3; AusCERT, Submission 30, p.
15.
[71]
Council of Europe, Submission 31, p.4.
[72]
Project Cybercrime, viewed 23 March 2010 <www.coe.int/cybercrime>. Adopted by the Global Conference
Cooperation against Cybercrime, Council of Europe, Strasbourg, 1-2 April 2008.
[73]
Council of Europe, Submission 31, p.5.
[74]
Council of Europe, Submission 31, p.5
[75]
Council of Europe, Submission 31, p.4.
[76]
Council of Europe, Submission 31, p.4.
[77]
AGD, Submission 44, p.14.
[78]
AFP, Transcript of Evidence, 9 September 2009, p.11.
[79]
Section 13A of the Mutual Assistance in Criminal Matters Act 1987 (Cth)
expressly excludes material obtained under the TIA from being provided to a
requesting foreign country to assist in an investigation or proceedings for a
serious offences against that country’s domestic law.
[80]
Council of Europe, Submission 31, p.4.
[81]
Microsoft Australia, Submission 35, pp. 6-10; Microsoft Corporation
Ltd, Asia Pacific Legislative Analysis: Current and Pending Online Safety
and Cybercrime Laws: A Study by Microsoft, November 2007, viewed 10 March
2010, <www.microsoft.com/asia>.
[82]
Microsoft Australia, Submission 35, p.7.
[83]
Microsoft Australia, Submission 35, p.7.
[84]
Microsoft Australia, Submission 35, p.8.
[85]
Microsoft Australia, Submission 35, p.7.
[86]
Microsoft Australia, Submission 35, p.8.
[87]
CLPC, Submission 62.1, p.3.
[88]
CLPC, Submission 62, p.3; Rychlicki T., Legal Issues of Criminal
Acts Committed Via Botnets (2006) Computer and Telecommunications Law
Review 12 (5), p.163 as cited CLPC, Submission 62, p.3.
[89]
Microsoft Australia, Submission 35, p.
[90]
For example, IIA, Submission 54, p.2.
[91]
IIA, Submission 54, p.5.
[92]
See CLPC, Submission 62; Microsoft Australia, Submission 35;
Sophos, Submission 66.
[93]
CLPC, Submission 62, p.3.
[94]
CLPC, Submission 62, p.3.
[95]
AFP, Submission 25, p.9.
[96]
AFP, Supplementary Submission 25.1, pp. 9-10.
[97]
AGD, Supplementary Submission 44.2, p.8.
[98] Fujitsu,
Submission 13, p.7.
[99]
ThreatMetrix Pty Ltd, Submission 19, p.14.
[100]
AGD, Supplementary Submission 44.2, p.2.
[101]
NSW Government, Submission 49, p.5.
[102]
NSW Government, Submission 49, p.5.
[103]
NSW Government, Submission 49, p.6.
[104]
NSW Government, Submission 49, p.6.
Chapter 7 Protecting the Integrity of the Internet
[1]
The ACMA was established on 1 July 2005 by the merger of the Australian
Broadcasting Authority and the Australian Communications Authority.
[2]
ACMA, Submission 56, p.3.
[3]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October, 2009,
p.2.
[4]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009,
p.10.
[5]
ACMA, Submission 56, p.3.
[6]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009,
p.7.
[7]
ACMA, Submission 56, p.3.
[8]
ACMA, Submission 56, p.5.
[9]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October, p.2.
[10]
ACMA, Submission 56, p.5.
[11]
ACMA, Submission 56, p.8.
[12]
ACMA, Supplementary Submission 56.1, p.2.
[13]
ACMA, Supplementary Submission 56.1, p.2.
[14]
<http://www.shadowserver.org/>.
[15]
<http://www.honeynet.org.au/>.
[16]
<http://www.au.sorbs.net/>.
[17]
ACMA, Supplementary Submission 56.1, p.2.
[18]
Sophos, Submission 66, p.6.
[19]
Sophos, Submission 66, p.6.
[20]
Sophos, Submission 66, p.6.
[21]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009,
p.6.
[22]
See ALRC Report 108, pp.1330-1331; see also, Office of the Privacy
Commissioner, Submission Draft Internet Industry Association eSecurity Code
of Practice, p.3.
[23]
Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November, 2009,
p.9.
[24]
ACMA, Submission 56, p.23.
[25]
IIA, Submission 54, p.7.
[26]
ACMA, Submission 56, p.3; Mr Bruce Mathews, ACMA, Transcript of
Evidence, 21 October 2009, p.1.
[27]
<http://www.acma.gov.au>, viewed
27 May 2010.
[28]
<http://www.acma.gov.au>, viewed
27 May 2010.
[29]
Arbor Networks, Worldwide Infrastructure Security Report, Volume IV,
October 2008, p.23 as cited in ACMA, Submission 56, p.23.
[30]
ACMA, Submission 56, p.22.
[31]
ACMA, Submission 56, p.5.
[32]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.15.
[33]
Mr Mike Rothery, AGD, Transcript of Evidence, 25 November 2009,
p.10.
[34]
Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November, 2009,
p.10.
[35]
Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November 2009,
p.9; ACMA, Submission 56, p.3.
[36]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009,
p.6.
[37]
ACMA, Submission 56, p.22.
[38]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009,
pp.3-4.
[39]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009,
p.3.
[40]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.4
[41]
<http://www2.dreamtilt.com.au/index.php/internet-services/wireless-broadband/installation/159-aisi.html>,
viewed 27 May 2010.
[42] Correspondence to the
Committee, Jamie Snashall, Senior Adviser Government Relations,Telstra Corporation
Ltd, 1 June 2010.
[43]
ACMA, Submission 56, p.22.
[44]
In this context, placing an end user in a ‘walled garden’ means restricting
Internet access from that computer only to approved IP addresses.
[45]
ACMA, Submission 56, p.22.
[46]
Sophos, Submission 66, p.6.
[47]
IIA, Submission 54, p.8.
[48]
ACMA, Submission 56, p.8.
[49]
AusCERT, Home Users Computer Security Survey 2008, p.30.
[50]
AusCERT, Home Users Computer Security Survey 2008, p.30.
[51]
ACMA, Supplementary Submission 56.1, p.3.
[52]
Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November, 2009,
p.9.
[53]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
pp.15-16.
[54]
IIA, Submission 54, p.8; Mr Keith Besgrove, DBCDE, Transcript of
Evidence, Wednesday 25 November, 2009, p.9.
[55]
IIA, Internet Service Providers Voluntary Code of Practice for Industry
Self-Regulation in the Area of e-Security, (Consultation Version 1.0),
September, 2009, p.9.
[56]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.15; see also, Ben Grubb, ZDNet.com.au, Privacy Commissioner delays zombie
code, 27 January 2010.
[57]
IIA, Internet Service Providers Voluntary Code of Practice for Industry
Self-Regulation in the Area of e-Security, (Consultation Version 1.0),
September, 2009, p.9.
[58]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.17.
[59]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.16.
[60]
<www.tortoise.iia.net.au>.
[61]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.16.
[62]
Mr Michael Sinkowitsch, Fujitsu Australia Ltd, Transcript of Evidence,
11 September 2009, p.54.
[63]
Mr Alastair MacGibbon, Internet Safety Institute, Transcript of Evidence,
11 September 2009, pp.60-61.
[64]
AusCERT, Submission 30, pp.14-24.
[65]
Telstra, Submission 43, p.5.
[66]
Telstra, Submission 43, p.5.
[67]
Ms Alana Maurushat, CLPC, Transcript of Evidence, 8 October 2009,
p.27.
[68]
DBCDE, Supplementary Submission 34.1, p.2.
[69]
Subsections 313 (1)(2)(3) of the Telecommunications Act 1997 (Cth).
[70]
Subparagraph 313(5)(a) of the Telecommunications Act 1997 (Cth).
[71]
Subsection 313(6) of the Telecommunications Act 1997 (Cth).
[72]
DBCDE, Supplementary Submission 34.1, p.2; subparagraph 313(5)(b) of
the Telecommunications Act 1997 (Cth).
[73]
DBCDE, Supplementary Submission 34.1, p.3.
[74]
Clause 7.3 of the IISCP; as cited, ACMA, Supplementary Submission 56.1,
p.1.
[75]
ACMA, Supplementary Submission 56.1, p.1.
[76]
That draft code set out to establish guidelines for cooperation in criminal
and civil investigations and to promote positive relations between industry and
law enforcement. It was also intended to give users confidence their privacy
and the confidentiality of their transactions will be protected from unlawful
intrusion; Internet Industry Code of Practice, paragraph 1.11, as cited, Joint
Parliamentary Committee on the Australian Crime Commission, Cybercrime,
March 2004, p.17.
[77]
Joint Parliamentary Committee on the Australian Crime Commission, Cybercrime,
March 2004, p.17.
[78] See, for example, existing law regulating
ISPs: Telecommunications Act 1997 (Cth), Telecommunications
(Intercept and Access) Act 1979 (Cth); and, the Spam Code of Practice. In
relation to prohibited classified content, the Internet industry Content
Services Code was registered under the Broadcasting Act 1992 (Cth)
in 2008; to block access to foreign online gambling sites, the IIA Interactive
Gambling Industry Code was registered by ACMA in 2001.
[79] See, AusCERT, Submission
30, pp.14-24; AusCERT, Exhibit 13, Internet Industry Code of
Practice, pp.1-16.
[80]
AusCert, Exhibit 13, Internet Industry Code of Practice Submission,
p.13.
[81] AusCert, Exhibit
13, Internet Industry Code of Practice Submission, p.13.
[82] AusCert, Exhibit
13, Internet Industry Code of Practice Submission, p.13.
[83] Internet
Engineering Task Force, Draft Recommendations for the Remediation of Bots in
ISP Networks, September 15, 2009; see also, AusCert, Exhibit 13,
Internet Industry Code of Practice Submission, p.3.
[84] IIA, Supplementary
Submission 54.1, p.1.
[85]
Symantec, Supplementary Submission 32.1, p.6.
[86]
AusCERT, Exhibit 13, Internet Industry Code of Practice,
p.12.
[87] AusCERT,
Exhibit 13, Internet Industry Code of Practice, p.11.
[88] IIA,
Supplementary Submission 54.1, p.4
[89] Symantec,
Supplementary Submission 32.1, p.6.
[90]
Cited in Symantec, Supplementary Submission 32.1, p.6.
[91] See
<https://www.ccc.go.jp/en_ccc/index.html>;
see also <http://blog.cytrap.eu/?p=287>; IIA Supplementary
Submission 54.1, p.3.
[92] AusCERT,
Exhibit 13, Internet Industry Code of Practice, p.11
[93] Mr
Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.14.
[94] Mr
Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.14.
[95]
AusCERT, Exhibit 23, p.3; Eco-Association of the German Internet
Industry, Quick remedy for botnet infections, 14 December 2009; John
Leyden, German ISPs teams up with gov agency to clean up malware, The
Register, 9 December 2009.
[96]
AusCERT, Exhibit 23, Eco-Association of the German Internet
Industry, Quick remedy for botnet infections, 14 December 2009; John Leyden,
German ISPs teams up with gov agency to clean up malware, The Register,
9 December 2009.
[97]
AusCERT, Exhibit 23, Comcast, Comcast Unveils Comprehensive
‘Constant Guard’ Internet Security Program, Press Release, 8 October 2009.
[98]
ACMA, Submission 56, p.15; Symantec, Submission 32, p.2.
[99]
Symantec, Submission 32, p.2.
[100]
ACMA, Submission 56, p.15.
[101]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.5.
[102]
ACMA, Submission 56, p.15.
[103]
ACMA, Supplementary Submission 56.1, p.5.
[104]
ACMA, Supplementary Submission 56.1, p. 5.
[105]
ACMA, Supplementary Submission 56.1, p.5.
[106]
AGD, Supplementary Submission 44.2, p.4.
[107]
Nick Wingfield, Microsoft wins ‘botnet’ order, The Wall Street Journal
Asia, 26 February 2010, p.6; William Jackson, Microsoft unplugs spammer
botnet with legal strategy, Government Computer News, 1 March 2010 http://gcn.com/Articles/2010/03/010, viewed 3
March 2010.
[108]
Australian Bureau of Statistics, Internet Activity, Australia, Cat.
No. 8153.0, December 2008.
[109]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.
[110]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.
[111]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.
[112]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.
[113]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.8.
[114]
<http://www.us-cert.gov/nav/report_phishing.html>,
viewed 1 March 2009.
[115]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.9.
[116]
Mr Bruce Mathews, ACMA, Transcript of Evidence, 21 October 2009, p.9.
[117]
Australian Computer Society, Transcript of Evidence, 9 October 2010,
pp.34-35.
[118]
Clauses 6, 10.1 and 10.4, Spam Code of Practice.
[119]
DCITA, Report on the Spam Act 2003 Review, June 2006, p.77.
[120]
DCITA, Report on the Spam Act 2003 Review, June 2006, p.104.
[121]
Domain name servers (DNS) convert web addresses into Internet Protocol
addresses and routes the computer user to the correct location. Thirteen root
DNS servers cover the entire Internet along with a number of local servers.
Once reconfigured, the DNS can send users to any number of websites and
seriously compromise the entire Internet system. In the case of Domain Name
Server poisoning, the list of addresses in a DNS server are altered so that a
legitimate URL address points to an illegitimate Internet Protocol address, the
fraudulent web site (Brody, R.G., Mulig, G., and Kimball, V. 2007, ‘Phishing,
pharming and identity theft’, Academy of Accounting and Financial Studies
Journal) as cited AFP, Submission 25, p.4.
[122]
<http://www.icann.org/en/topics/new-gtlds/strategy-faq.htm>,
viewed 1 March 2010.
[123]
See, for example, AusCERT, Submission 30, p.15; Abacus – Australian
Mutuals, Submission 55, p.4; Australian Computer Society, Transcript
of Evidence, 9 October 2009, p.39.
[124]
Australian Computer Society, Transcript of Evidence, 9 October 2009,
p.39.
[125]
Abacus – Australian Mutuals, Submission 55, p.4.
[126]
AusCERT, Submission 30, p.15.
[127]
The APWG is an international industry association focused on eliminating
phishing.
[128]
AusCERT, Submission 30, p.15.
[129]
APWG, Best Practices Recommendations for Registrars, October 2008,
p.1.
[130]
Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8
October 2009, p.1.
[131]
In fact, there are five country codes associated with Australia - .au for
Australia, .cc for Cocos Islands, .cx for Christmas island, .hm for Heard and
MacDonald Island and .nf for Norfolk Island.
[132]
ICANN, Submission 40, p.1.
[133]
Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8
October 2009, p.2; the domain name system
security extension protocol is discussed in Chapter 11 of this report.
[134]
ICANN, Supplementary Submission 40.1, p.1.
[135]
Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8
October 2009, p.2
[136]
Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8
October 2009, p.1-12; DBCDE, Submission 34.1, p.1.
[137]
Mr Neil Brown QC, The New Internet – The Expansion of Top Level Domains –
An Update, Domain Times, <http://www.domaintimes.info/>,
viewed 1 March 2010.
[138]
Ms Holly Raiche, Executive Director, Internet Society of Australia, Transcript
of Evidence, 9 October 2009, p.6.
[139]
Ms Holly Raiche, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.6.
[140]
As noted in Chapter 2, ‘domain hijacking’ is where a cyber criminal takes
control of a domain name by stealing the identity of a domain name owner, then
uses this domain name to host a malicious website. ‘Typo-squatting’ is also
sometimes known as website hijacking. This where a person registers domain
names with a common typographical error in an established domain name to divert
traffic to an illegitimate site.
[141]
ICANN, Security and Stability Advisory Committee, Domain Name Hijacking:
Incident, Threats, Risks and Remedial Actions, July 2005, p.5.
[142]
ICANN, New gTLD Program Explanatory Memorandum, Process for Amendments to
New gTLD Registry Agreements, 15 February 2010; ICANN, New gTLD Explanatory
Memorandum, Mitigating Malicious Conduct, 3 October 2009.
[143]
More detail is available at <http://www.icann.org/en/topics/new-gtlds/mitigating-malicious-conduct-04oct09-en.pdf>;
ICANN, Supplementary Submission 40.1, p.1.
[144]
Mr Paul Twomey, Senior President, ICANN, Transcript of Evidence, 8
October 2009, p.9-10.
[145]
ICANN, Supplementary Submission 40.1, p.3.
[146]
Ms Holly Raiche, Executive Director, Internet Society of Australia, Transcript
of Evidence, 9 October 2009, p.1; see also, ICANN, Supplementary
Submission 40.1, p.3.
[147]
For example, the gov.au Domain Name Registrar function is delegated to the
Australian Government Information Management Office.
[148]
.auDA, Proposed Changes to the Regulation of Registrar-Appointed Resellers,
October 2003, pp.1-3.
[149]
DBCDE, Supplementary Submission 34.1, p.1.
[150]
See, clause 3 of the .au Domain Name Supplies Code of Practice,
2004-04, 14 October 2004.
[151]
Clause 15.4 of the .auDA Registrar Agreement (Approved Version 3-1
June 2008).
[152]
Ms Holly Raiche, Internet Society of Australia, Transcript of Evidence,
9 October 2009, p.39.
[153]
DBCDE, Supplementary Submission 34.1, p.1.
[154]
DBCDE, Supplementary Submission 34.1, p.1.
[155]
DBCDE, Supplementary Submission 34.1, p.1.
[156]
DBCDE, Supplementary Submission 34.1, p.1.
[157]
DBCDE, Supplementary Submission 34.1, p.1.
[158]
ACCC, Submission 46, p.7.
[159]
ACCC, Submission 46, p.7.
[160]
ACCC, Submission 46, p.7.
[161]
ACCC v Chen [2003] FCA 897 at 25; ACCC, Submission 46, p.7; Justice
Sackville granted declaratory relief and an injunction under the Trade Practices
Act 1952 (Cth) to mark its disapproval. The injunction in this case was
granted to facilitate cooperation with the US Federal Trade Commission to take
measures under US law to prevent Mr Chen from publishing misleading or
deceptive material relating to the Sydney Opera House.
[162]
The standard definition of ‘phishing’ is fraudulent activity to acquire
sensitive information such as usernames, passwords and credit
card details by masquerading as a trustworthy entity in an electronic
communication.
[163]
The APWG best practice guide applies only to domain names registered solely
for a fraudulent or criminal purpose. The procedures recommended do not apply
to websites of a legitimate domain that is compromised and used by criminals to
attack or compromise other computers; APWG, Best Practices Recommendations
for Registrars, October 2008, p.3.
[164]
British Telecommunications plc v One in a Million Ltd [1998] 4 All ER
476, [1999] 1 WLR 903, [1999] FSR 1, [1998] NLJR 1179, [1998] All ER (D) 362
(Held: the court has jurisdiction in a passing off action to injunct the
registration of a domain name calculated to infringe the rights of others. The
registration was regarded as having equipped another with an instrument of
fraud. A threat to infringe the trade mark of another was established because
the defendant (registrant) sought to sell domain names which were confusingly
similar to registered trademarks); see also .auDomain Administration Ltd v
Network.com.au Pty Ltd [2004] ATMO 36 (29 June 2004) where the registration
of www.network.com.au as a trade mark was opposed
on the grounds that the company was not the licence holder of the domain name.
Chapter 8 Consumer Protection
[1]
ACCC, Submission 46, p.2.
[2]
ACCC, Submission 46, p.3.
[3]
ACCC, Submission 46, p.3.
[4]
ACCC, Submission 46, p.2.
[5]
ACCC, Submission 46, p.6.
[6]
ACCC, Supplementary Submission 46.1, p.7.
[7]
ACCC, Submission 46, p.5.
[8]
ACCC, Supplementary Submission 46.1, p.1.
[9]
ACCC, Supplementary Submission 46.1, p.1.
[10]
ACCC, Supplementary Submission 46.1, p.1.
[11]
Detective Inspector William van der Graff, NSW Police Force, Transcript
of Evidence, 8 October 2009, p.77.
[12]
ACCC, Submission 46, p.6.
[13]
See Article 4 (a) to (f) of Memorandum on the Establishment and Operation
of the International Consumer Protection and Enforcement Network, agreed to at
the Conference in Jeju, Republic of Korea, 26-28 March 2006.
[14]
Available at <http://www.ftc.gov/os/2000/07/ftcacccagrmnt.htm>,
viewed 10 April 2010.
[15]
ACCC, Supplementary Submission 46.1, p.14.
[16]
ACCC, Supplementary Submission 46.1, p.14.
[17]
ACCC, Supplementary Submission 46.1, p.1.
[18]
ACCC, Submission 46, p.1.
[19]
Mr Scott Gregson, Group General Manager, Enforcement Operations, ACCC, Transcript
of Evidence, 18 November 2009, p.6.
[20]
ACCC, Submission 46, p.7.
[21]
ACCC, Supplementary Submission 46.1, p.3.
[22]
ACCC v Bindert (Ben) Loosterman & Ors FCA 1391/2008; Resolved by
consent with final orders available on the Federal Court Website at: <https://www.comcourts.gov.au/file/Federal/P/NSD1391/2008/3549912/event/25652026/document/150771>,
viewed 10 April 2010.
[23]
The Trade Practices Amendment (Australian Consumer Law) Bill 2009 passed
both Houses of Parliament on 17 March 2010. State and Territory Governments
will introduce application legislation to apply the entire Australian Consumer
Law in each jurisdiction.
[24]
The Foreign Judgments Act 1991 (Cth) provides a mechanism for the
registration and enforcement of overseas judgments on the basis of ‘substantial
reciprocity of treatment’ (s.5(1)).
[25]
ACCC v Chen [2003] FCA 897 at 62.
[26] CLPC,
Supplementary Submission 62.1, p.4.
[27] CLPC,
Supplementary Submission 62.1, p.5.
[28] CLPC,
Supplementary Submission 62.1, p.5.
[29] DCITA,
Taking Care of Spyware, September 2005, p.3.
[30] K
Howard, Mallesons Stephen Jacques, Computers and Law, March 2006, p.17.
[31] CLPC,
Submission 62, p. 7.
[32] Paul
Clarke, Do we need a Spyware Act?, Internet Law Bulletin, Volume 8 Issue
4, p. 58.
[33] DICITA,
Outcome of the Review of the Legislative Framework on Spyware, 2004
[34] DICITA,
Outcome of the Review of the Legislative Framework on Spyware, 2004.
[35] CLPC,
Supplementary Submission 62.1, p.8.
[36] ACCC,
Supplementary Submission 46.1, p.11.
[37] CLPC,
Supplementary Submission 62.1, p.8. Emphasis added.
[38] CLPC,
Supplementary Submission 62.1, p.7.
[39] CLPC,
Supplementary Submission 62.1, p.8.
[40] CLPC,
Supplementary Submission 62.1, p.6.
[41]
CLPC, Supplementary Submission 62.1, p.8.
[42] CLPC,
Supplementary Submission 62.1, p.5.
[43] Note
also that corporate liability can apply where the fault element is attributable
to a body corporate that has expressly, tacitly or impliedly authorised the
commission of the offence. See Chapter 2 of the Criminal Code.
[44] CLPC,
Submission 62, p. 6.
[45]
ACCAN, Submission 57, p.11.
[46]
ACS, Submission 38, p.4; ACCAN, Submission 57, Surfing on
Thin Ice: Consumers and Malware, Adware, Spam & Phishing, p.11.
[47]
ASCCA, Submission 63, p.4.
[48]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.19.
[49]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.20.
[50]
Mr Peter Coroneos, IIA, Transcript of Evidence, 11 September 2009,
p.19.
[51]
ACS, Submission 38, p.10; AusCERT, Submission 30, p.4;
Internet Safety Institute, Submission 37, p.6; see also, C Wilson, Botnets,
Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress,
CRS Congress Research Paper, Updated January 29, 2008, p.26.
[52]
Internet Safety Institute, Submission 37, p.6; viewed 13 April 2010,
<http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf
page 18>.
[53]
AusCERT, Submission 30, p.4.
[54]
AusCERT, Submission 30, p.4.
[55]
AusCERT, Submission 30, p.4.
[56]
ACS, Submission 38, p.10.
[57]
ACS, Submission 38, p.10.
[58]
ACCAN, Surfing on Thin Ice: Consumers and Malware, Adware, Spam &
Phishing, p.24.
[59]
Sensis, E-Business Report: The Online Experience of Small and Medium
Enterprises, July 2008, p.5; Sensis, E-Business Report: The Online
Experience of Small and Medium Enterprises, August 2009, pp.5 and 11.
[60]
ACS, Submission 38, p.11.
[61]
Australasian Information Security Evaluation Program.
[62]
<http://www.commoncriteriaportal.org/theccra.html>
[63]
AusCERT, Submission 30, p.21.
[64]
AusCERT, Submission 30, p.21.
[65]
Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009,
p.7.
[66]
ACS, Submission 38, p.11.
[67]
AusCERT, Submission 30, p.20.
[68]
AusCERT, Submission 30, p.20.
[69]
Microsoft Australia, Submission 35, p.1.
[70]
Symantec, Submission 32, p.12.
[71]
Science and Technology Committee, Personal Internet Security, Volume
1 Report, House of Lords, August 2007, pp.41-42.
[72]
See discussion, Transcript of Evidence, 18 November 2009, pp.12-15.
[73]
The
latter means the goods should be free from defects not obvious at the time of
purchase and be of reasonable quality and performance taking into account the
price and description at the time of purchase.
[74]
Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009,
p.15.
[75]
Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009,
p.15.
Chapter 9 Privacy Measures to Combat Cyber Crime
[1]
See for example: Australian Merchant Payments Forum, Submission 17,
p.1; Internet Industry Association, Submission 54, p.4; Internet Society
of Australia, Submission 45, p.5.
[2]
OVPC, Submission 33, p.2.
[3]
OPC, Submission 3, pp.3-7.
[4]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.263-264.
[5]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.267.
[6]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.2381-2382.
[7]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.2382.
[8]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.2382.
[9]
See: ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.2377-2412.
[10]
OVPC, Submission 33, p.3.
[11]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.110-129.
[12]
Department of the Prime Minister and Cabinet, ALRC Privacy Report,
DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.
[13]
OVPC, Submission 33, pp.4-8; OPC, Submission 3, p.8; Symantec
Corporation, Submission 32.1, p.3; Australian Communications Consumer
Action Network, Submission 57, p.72.
[14]
Employee records are protected by law in some States, such as Victoria.
[15]
OVPC, Submission 33, p.4.
[16]
OVPC, Submission 33, p.4.
[17]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.1356.
[18]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.1392-1398, 1355-1356.
[19]
Department of the Prime Minister and Cabinet, ALRC Privacy Report,
DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.
[20]
OVPC, Submission 33, p.4.
[21]
Symantec Corporation, Submission 32.1, p.3.
[22]
Fujitsu Australia Ltd, Submission 13, p.7.
[23]
OPC, Guide to handling personal information security breaches, OPC,
August 2008.
[24]
Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009,
p.41; Ms Alana Maurushat, Cyberspace Law and Policy Centre, Transcript of
Evidence, 8 October 2009, p.33; Mr Michael Sinkowitsch, Fujitsu Australia
Ltd, Transcript of Evidence, 11 September 2009, p.5.
[25]
OPC, Submission 3, p.12; OVPC, Submission 33, p.8.
[26]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.1696.
[27]
Department of the Prime Minister and Cabinet, ALRC Privacy Report,
DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.
[28]
OPC, Submission 3, p.12; OVPC, Submission 33, p.8; Symantec
Corporation, Submission 32.1, p.3; Australian Communications Consumer
Action Network, Submission 57, p.72.
[29]
RSA, Submission 28, p.4.
[30]
Symantec Corporation, Submission 32, p.11.
[31]
OVPC, Submission 33, pp.5-6.
[32]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.710.
[33]
OVPC, Submission 33, pp.4-7.
[34]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.732.
[35]
Australian Government, First Stage Response to the Australian Law Reform
Commission Report 108, Australian Government, October 2009, p.39.
[36]
Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009,
p.40.
[37]
OVPC, Submission 33, pp.4-5.
[38]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.706.
[39]
OVPC, Submission 33, pp.4-5.
[40]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.706.
[41]
OVPC, Submission 33, p.5.
[42]
Australian Government, First Stage Response to the Australian Law Reform
Commission Report 108, Australian Government, October 2009, p.40.
[43]
Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009,
pp.39-40.
[44]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.219, 224-225.
[45]
Department of the Prime Minister and Cabinet, ALRC Privacy Report,
DPMC, 19 March 2010, viewed 12 April 2010, <http://www.dpmc.gov.au/privacy/alrc.cfm>.
[46]
OPC, Submission 3, pp.9-10.
[47]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.263-264.
[48]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.264.
[49]
See for example: Yahoo! Group Australia & New Zealand, Submission 18,
p.2; PayPal, Submission 60, pp.8-9.
[50]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, p.1356.
[51]
IIA, Privacy Code Draft, IIA, 2010, viewed 13 April 2010,
<http://www.iia.net.au>.
[52]
IIA, Internet Industry Privacy Code of Practice Consultation Draft 1.0,
IIA, pp.3-4.
[53]
OPC, Privacy Codes Register, OPC, 2010, viewed 13 April 2010, <http://www.privacy.gov.au>.
[54]
OPC, Submission 3, p.10.
[55]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.1081-1082.
[56]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.1104.
[57]
Australian Government, First Stage Response to the Australian Law Reform
Commission Report 108, Australian Government, October 2009, p.77.
[58]
OPC, Submission 3, pp.10-11.
[59]
Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009,
p.45.
[60]
OPC, Submission 3, p.6.
[61]
The Hon Nicola Roxon, Personally Controlled Health Records for all
Australians, media release, Parliament House, 11 May 2010, viewed 12 May
2010.
[62]
Government 2.0 Taskforce, Engage: Getting on with Government 2.0,
Australian Government, December 2009, pp.xvii-xviii.
[63]
AusCERT, Submission 30, p.9; Lockstep, Submission 36, p.10;
ATO, Submission 59, p.4; Mr Michael Cranston, ATO, Transcript of
Evidence, 16 September 2009, p.2.
[64]
OVPC, Submission 33, pp.7-8.
[65]
ALRC, For Your Information: Australian Privacy Law and Practice,
ALRC, Report 108, May 2008, pp.1569-1570, 1580.
[66]
Australian Government, First Stage Response to the Australian Law Reform
Commission Report 108, Australian Government, October 2009, p.86.
[67]
Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009,
p.41.
[68]
Dr Anthony Bendall, OVPC, Transcript of Evidence, 8 October 2009,
p.41.
Chapter 10 Community Awareness and Education Initiatives
[1] Attorney
General’s Department (AGD), Cyber Security Strategy, Australian
Government, 2009, p.vii.
[2]
AGD, Cyber Security Strategy, Australian Government, p.30.
[3]
ACCC, Submission 46, p.2.
[4]
ACMA, Cybersmart program, ACMA, 6 October 2009, viewed 2 March
2010, <http://www.acma.gov.au>.
[5]
See for example: Australian Council of State School Organisations, Submission
42, p.6; ROAR Film Pty Ltd, Submission 64, p.19.
[6]
DBCDE, Submission 34, p.5.
[7]
Parliament of the Commonwealth of Australia, House of Representatives,
Votes and Proceedings, No. 152, 11 March 2010, p.1687; Parliament of the
Commonwealth of Australia, Senate, Journals of the Senate, No. 115, 11
March 2010, p.3296.
[8]
AGD, Cyber Security Strategy, Australian Government, p.17; DBCDE, Submission
34, p.12; Senator the Hon Helen Coonan, Launch of collaborative online
security initiative, media release, Parliament House, 23 October 2006,
viewed 2 February 2009, <http://www.minister.dbcde.gov.au/coonan/media/media_releases/launch_of_collaborative_online_security_initiative>.
[9]
DBCDE, Submission 34, p.12.
[10]
DBCDE, Submission 34, p.12; Australian Government, Stay Smart
Online Alert Service User Guide, Australian Government, 2008, p.1.
[11]
ACCC, Submission 46, p.4.
[12]
ACCC, Submission 46, p.4; Mr Nigel Ridgway, ACCC, Transcript of Evidence,
18 November 2009, p.11.
[13]
The ACFT is a partnership of nineteen Australian and New Zealand government
regulatory agencies and departments including the ACCC (chair), AGD, ACMA, AFP,
DBCDE, ATO and State and Territory fair trading agencies.
[14]
See for example: NSW Government, Submission 49, p.3.
[15]
Australian Government, Cyber smart website, 2010, <http://www.cybersmart.gov.au/>.
[16]
See for example: ACCC, Submission 46, p.4; AFP, Technology
Enabled Crime, AFP, 2 September 2009, viewed 4 February 2010, <http://www.afp.gov.au/national/e-crime.html>;
AGD, Identity security, AGD, updated 2 February 2010, viewed 4 February
2010, <http://www.ag.gov.au/identitysecurity>; NSW Government, Submission
49, p.3; ATO, Submission 59, pp.9-11; ACCC, ‘The Little Black Book
of Scams’, Exhibit 16, p.43; DBCDE, Submission 34.1, p.8.
[17]
ATO, Submission 59, pp.9-11; AFP, Submission 25, p.11; NSW
Government, Submission 49, p.3; NT Government, Submission 53,
p.3; Tasmanian Government, Submission 51, p.3; WA Government, Submission
48, p.2; Queensland Government, Submission 67, p.4; Mr Bruce
Matthews, ACMA, Transcript of Evidence, 21 October 2009, p.6.
[18]
AGD, Dealing with Identity theft: protecting your Identity,
Australian Government, 2009.
[19]
ACCC, Little Black Book of Scams, Exhibit 16.
[20]
See for example: Mr Bruce Matthews, ACMA, Transcript of Evidence, 21
October 2009, p.6; Mr Peter Coroneos, IIA, Transcript of Evidence, 11
September 2009, p.20; McAfee Australia, Submission 10, p.6; Symantec
Corporation, Symantec Exposes the Truth about the Internet Black Market and
Takes a Stand against Cyber Crime, media release, Symantec Corporation, 11
September 2009, p.2; APCA, Submission 50, p.5; Telstra, Submission
43.1, p.3; ASCCA, Submission 63, p.12.
[21]
Mr Allan Asher, ACCAN, Transcript of Evidence, 8 October 2009,
pp.14-15; ACCAN, Submission 57.1, p.2.
[22]
See for example: AusCERT, Submission 30, p.12; ASCCA, Submission
63, p.3.
[23]
Mr Bill Gibson, ATO, Transcript of Evidence, 16 September 2009, p.8.
[24]
ACCAN, Submission 57.1, p.5.
[25]
See for example: Consumers’ Telecommunications Network, Surfing on thin
ice: consumers and malware, adware, spam and phishing, CTN, November 2009,
p.25; Internet Safety Institute, Submission 37, p.10.
[26]
Mrs Nancy Bosler, ASCCA, Transcript of Evidence, 28 October 2009,
p.5.
[27]
AGD, Cyber Security Strategy, Australian Government, p.17; DBCDE, Submission
34, pp.11-12; AFP, Submission 25, p.11.
[28]
DBCDE, Submission 34, pp.11-12; Australian Government, National
E-security Awareness Week 2009 partnerships, Stay Smart Online, 2009,
viewed 5 March 2009, <http://www.staysmartonline.gov.au/news-events/partners>.
[29]
DBCDE, Submission 34, p.12.
[30]
Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November 2009,
p.5.
[31]
ACCC, Submission 46, p.5; NSW Government, Submission 49, p.4.
[32]
Mr Nigel Ridgway, ACCC, Transcript of Evidence, 18 November 2009,
p.10.
[33]
ACCAN, Submission 57.1, p.5; Telstra, Submission 43, p.4; Microsoft
Australia, Submission 35, p.16; Internet Safety Institute, Submission
37, p.10.
[34]
Internet Society of Australia, Submission 45, p.5.
[35]
South Australia Police (SAP), Submission 2, p.2.
[36]
See for example: ACCAN, Submission 57.1, p.5; Telstra, Submission
43, p.4; Mr Peter Coroneos, IIA, Transcript of Evidence, 11
September 2009, p.18; Ms Johnson, Australian Information Industry Association, Transcript
of Evidence, 11 September 2009, p.29; Mr Bill Gibson, ATO, Transcript of
Evidence, 16 September 2009, p.8; Mr Alastair MacGibbon, Internet Safety
Institute, Transcript of Evidence, 11 September 2009, p.64.
[37]
See for example: Mr Bill Gibson, ATO, Transcript of Evidence, 16
September 2009, p.8; Mr Alastair MacGibbon, Internet Safety Institute, Transcript
of Evidence, 11 September 2009, p.64.
[38]
Commander Neil Gaughan, AFP, Transcript of Evidence, 9 September
2009, p.18.
[39]
Mr Allan Asher, ACCAN, Transcript of Evidence, 8 October 2009, p.19.
[40]
DBCDE, Submission 34.1, p.9.
[41]
DBCDE, Submission 34.1, p.9.
[42]
DBCDE, Submission 34, pp.12-13.
[43]
Mr Keith Besgrove, DBCDE, Transcript of Evidence, 25 November 2009,
p.5.
[44]
ASCCA, Submission 63.1, p.1; Department of Families, Housing,
Community Services and Indigenous Affairs, Broadband for Seniors,
FAHCSIA, 2009, viewed 4 March 2010, <http://fahcsia.gov.au>.
[45]
See for example: AFP, Submission 25, pp.12-13; Microsoft Australia, Submission
35, p.17.
[46]
ThinkUKnow Australia, What is ThinkUKnow?, 2010, viewed 4 March
2009, <http://www.thinkuknow.org.au>.
[47]
Telstra, Submission 43.1, p.3.
[48]
Mrs Nancy Bosler, ASCCA, Transcript of Evidence, 28 October 2009,
p.3; ASCCA, Submission 63, p.12.
[49]
See for example: ACCAN, Submission 57.1, p.5; Queensland Government,
Submission 67, p.7.
[50]
ACMA, Australia in the Digital Economy: Report 1 – Trust and Confidence,
ACMA, March 2009, p.35.
[51]
ASCCA, Submission 63, p.3.
[52]
Microsoft Australia, Submission 35, p.17; Mr Terry Hilsberg, ROAR
Film Pty Ltd, Transcript of Evidence, 8 October 2009, p.68.
[53]
Telstra, Submission 43, p.4; Microsoft Australia, Submission 43,
p.17.
[54]
ROAR Film Pty Ltd, Submission 64, pp.2-4, 19.
[55]
Mr Terry Hilsberg, ROAR Film Pty Ltd, Transcript of Evidence, 8
October 2009, p.68.
[56]
ACCAN, Submission 57.1, p.5.
[57]
EXIN South Pacific, EXIN to take over International Computer Driving
Licence (ICDL) in Australia, media release, July 10 2008, viewed 4 March
2010, <http://www.acs.org.au/icdl/>.
[58]
ACCAN, Submission 57.1, p.5.
[59]
DBCDE, Submission 34.1, p.8.
[60]
See for example: ACCAN, Submission 57.1, p.5; Mr Bill Gibson, ATO, Transcript
of Evidence, 16 September 2009, p.7; Mr Tony Burke, ABA, Transcript of
Evidence, 8 October 2009, pp.50-51; SAP, Submission 2, p.2; Mr
Darren Kane, Telstra, Transcript of Evidence, 11 September 2009, p.34;
Internet Safety Institute, Submission 37, p.10.
[61]
See for example: ROAR Film Pty Ltd, Submission 64, p.2; Microsoft
Australia, Submission 35, p.16; SAP, Submission 2, p.2; ABA, Submission
7, p.12.
[62]
See for example: ASCCA, Submission 63, p.3; Mr Bill Gibson, ATO, Transcript
of Evidence, 16 September 2009, p.7; Microsoft Australia, Submission 35,
p.16; Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9
October 2009, p.53.
[63]
ACCAN, Submission 57.1, p.5; UK Cabinet Office, Cyber Security
Strategy of the United Kingdom, UK Cabinet Office, June 2009, p.18.
[64]
ABA, Submission 7, p.12.
[65]
See for example: ACCAN, Submission 57, p.3; ASCCA, Submission 63,
p.4; ACCAN, Submission 57.1, pp.5-6; Microsoft Australia, Submission
35, p.16; IIA, Submission 54, p.6; Mr Alastair MacGibbon, Internet
Safety Institute, Transcript of Evidence, 11 September 2009, p.64; IIA, Submission
54, p.6.
[66]
See for example: ACCAN, Submission 57, p.3; Telstra, Submission
43, p.4.
[67]
Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9
October 2009, p.53; ROAR Film Pty Ltd, Submission 64, pp.2-3,19.
[68]
See for example: ACCAN, Submission 57.1, p.5; Queensland Government,
Submission 67, p.7.
Chapter 11 - Emerging Technical Measures to Combat Cyber Crime
[1]
See for example: Commonwealth Scientific and Industrial Research
Organisation (CSIRO), Submission 26, p.4; Australian Institute of
Criminology (AIC), Submission 41, p.17; Australian Security Intelligence
Organisation, Submission 47, p.4; AusCERT, Submission 30,
pp.21-22.
[2]
See for example: AusCERT, Submission 30, p.21; Mr Stephen Wilson,
Lockstep Technologies Pty Ltd, Transcript of Evidence, 9 October 2009,
p.45; Smart Card Alliance, Smart Card Primer, Smart Card Alliance, 2010,
viewed 28 January 2010, <http://www.smartcardalliance.org/pages/smart-cards-intro-primer>.
[3]
Lockstep Technologies Pty Ltd, Submission 36, p.16.
[4]
See for example: AusCERT, Submission 30, p.21; Australian Payments
Clearing Association (APCA), Submission 50, p.5.
[5]
Mr Stephen Wilson, Lockstep Technologies Pty Ltd, Transcript of
Evidence, 9 October 2009, p.45
[6]
Lockstep Technologies Pty Ltd, Submission 36, p.16.
[7]
See for example: AusCERT, Submission 30, p.22; APCA, Submission
50, p.6.
[8]
AusCERT, Submission 30, p.22.
[9]
AIC, Submission 41, p.17.
[10]
See for example: Australia Post, Submission 27, p.7; Z Ramzan, Phsihing
and Two-Factor Authentication, blog entry, Symantec Security Blogs, July
11 2006, viewed 28 January 2009, <http://www.symantec.com/connect/blogs/phishing-and-two-factor-authentication>.
[11]
See for example: Australia Post, Submission 27, p.6.; Mr John
Geurts, Commonwealth Bank of Australia, Transcript of Evidence, 8
October 2009, p.59.
[12]
Lockstep Technologies Pty Ltd, Submission 36, pp.13-14.
[13]
Australia Post, Submission 27, p.6.
[14]
Australian Taxation Office, Submission 59, p.15.
[15]
Biometrics Institute Ltd, FAQ – Answers, Biometrics Institute Ltd, 2
July 2009, viewed 28 January 2009, <http://www.biometricsinstitute.org>.
[16]
See for example: Mr Wilson, Lockstep Technologies Pty Ltd, Transcript of
Evidence, 9 October 2009, p.42; Ms Caroline Pearce, APCA Ltd., Transcript
of Evidence, 11 September 2009, p.73.
[17]
Dr Russell Smith, AIC, Transcript of Evidence, 19 August 2009, p.16.
[18]
Mr Peter Watson, Microsoft Pty Ltd, Transcript of Evidence, 9
October 2009, p.17.
[19]
Microsoft Corporation, Microsoft’s vision for an identity metasystem,
Web services technical articles, Microsoft Corporation, May 2005, viewed 28
January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.
See also: Microsoft Australia, Submission 35, pp.14-15.
[20]
See for example: Mr Peter Watson, Microsoft Australia, Transcript of
Evidence, 9 October 2009, p.17; Microsoft Corporation, Microsoft’s
vision for an identity metasystem, Web services technical articles,
Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.
[21]
See for example: Mr Peter Watson, Microsoft Australia, Transcript of
Evidence, 9 October 2009, p.17; Microsoft Corporation, Microsoft’s
vision for an identity metasystem, Web services technical articles,
Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.
[22]
See for example: Mr Peter Watson, Microsoft Australia, Transcript of
Evidence, 9 October 2009, p.17; Microsoft Corporation, Microsoft’s
vision for an identity metasystem, Web services technical articles,
Microsoft Corporation, May 2005, viewed 28 January 2009, <http://msdn.microsoft.com/en-us/library/ms996422.aspx>.
[23]
Educause, 7 things you should know about DNS, Educause, January
2010, p.1, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.
[24]
See for example: Dr Paul Twomey, Internet Corporation for Assigned Names
and Numbers (ICCAN), Transcript of Evidence, 8 October 2009, p.3;
Educause, 7 things you should know about DNS, Educause, January 2010,
viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.
[25]
See for example: Dr Paul Twomey, ICCAN, Transcript of Evidence, 8
October 2009, p.3; Educause, 7 things you should know about DNS,
Educause, January 2010, viewed 1 February 2010, <http://net.educause.edu/ir/library/pdf/EST1001.pdf>.
[26]
CSIRO, Submission 26, pp.12-14.
[27]
See for example: Office of the Privacy Commissioner (OPC), Submission 3,
p.13; Office of the Victorian Privacy Commissioner, Submission33, p.7.
[28]
Dr Peiyuan Zhu, Submission 61, pp.1-4.
[29]
OPC, Submission 3, pp.13-14.
[30]
Australian Bankers’ Association (ABA), Submission 7.1, p.2; Sophos
Pty Ltd, Submission 66, p.5.
[31]
Symantec Corporation, Symantec delivers groundbreaking reputation-based
security technology, media release, Symantec Corporation, 10 September
2009, p.2; McAfee, Submission 10, pp.9-10.
[32]
Threat Matrix Pty Ltd, Submission 19, p.16.
[33]
Senator the Hon Stephen Conroy (Minister for Broadband, Communications and
the Digital Economy), Measures to improve safety of the internet for
families, Parliament House, 15 December 2009, viewed 29 January 2009, <http://www.minister.dbcde.gov.au/media/media_releases/2009/115>.
[34]
Web Management Interactive Technologies, Submission 68, p.3.
[35]
See for example: ABA, Submission 7.1, p.2; Sophos Pty Ltd, Submission
66, p.5; ICANN, Submission 40.1, p.3.
[36]
ABA, Submission 7.1, pp.2-3.
[37]
See for example: ABA, Submission 7.1, p.3; ICANN, Submission
40.1, p.3.
[38]
See for example: Mr Bruce Matthews, Australian Communications and Media
Authority, Transcript of Evidence, 21 October 2009, p.4; AusCERT, Submission
30.1, p.3.
[39]
Detective Inspector William van der Graaf, NSW Police, Transcript of
Evidence, 8 October 2009, p.79.
[40]
CSIRO, Submission 26, p.10.
[41]
CSIRO, Submission 26, p.11.
[42]
CSIRO, Submission 26, p.10.
[43]
See for example: Fujitsu Australia Ltd, Submission 13, p.8; C Patrikakis,
M Masikos and O Zouraraki, ‘Distributed Denial of Service Attacks’, Internet
Protocol Journal, Vol.7(4), December 2004, viewed 1 February 2010, <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-4/dos_attacks.html>.
[44]
CPatrikakis, M Masikos and O Zouraraki, ‘Distributed Denial of Service
Attacks’, Internet Protocol Journal, Vol.7(4), December 2004, viewed 1
February 2010, <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-4/dos_attacks.html>.
[45]
Timesavers International Pty Ltd, Submission 14, pp.3-10.
[46]
Timesavers International Pty Ltd, Submission 14, p.11.
[47]
Mr Craig Scroggie, Symantec Corporation, Transcript of Evidence, 9
October 2009, p.53.
[48]
See for example: Sophos, Submission 66, p.4; Lockstep Technologies
Pty Ltd, Submission 36, p.14; Mr Peter Watson, Microsoft Australia, Transcript
of Evidence, 9 October 2009, p.17.
[49]
Mr Andrew Littleproud, McAfee Australia Pty Ltd, Transcript of Evidence,
9 October 2009, p.70.
[50]
See for example: ABA, Submission 7, p.15; Mr Peter Coroneos,
Internet Industry Association, Transcript of Evidence, 8 October 2009,
p.23.
[51]
Dr Paul Twomey, ICCAN, Transcript of Evidence, 8 October 2009, p.6.
[52]
Symantec Corporation, Submission 32, p.12.
[53]
Australian Computer Society Inc., Submission 38, p.11.
[54]
Symantec Corporation, Submission 32, pp.10-11.
Supplementary Remarks — The Hon Tony Smith MP
[1]
Emphasis added.
Appendix D — Commonwealth Computer Offences
[1]
The offence set out in subsection 477.1 (1) applies where conduct is
caused by means of a carriage service and involves an intention to commit or
facilitate a serious offence under Commonwealth, State or Territory law.
Subsection 477.1(4) does not require the use of the Internet and is limited to
the intention to commit or facilitate a crime under Commonwealth law.
[2]
Subsection 477.2(9) of the Criminal Code.
[3] AGD, Submission
44, p.19.
Appendix E — Proposed Commonwealth Identity Fraud Offences -
[1]
AGD, Supplementary Submission 44.1, p.3.
Back to top