Connect with us

Cyber Security

AFP has Submitted 98 Telco Data Requests to the United States

Avatar

Published

on

Data requests

After failing to do so when the committee called for submissions earlier this year, the Australian Federal Police (AFP) submitted a request to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) for its review of the nation’s pending Telecommunications Legislation Amendment (International Development Orders) Bill 2020 (IPO Bill).

The review sought to determine whether the IPO Bill, as drafted, is fit for purpose and appropriately addresses issues such as human rights in granting access to data on communications held overseas, specifically in the US.

The IPO Bill is intended to amend the Telecommunications (Interception and Access) Act 1979 (TIA Act) to create a mechanism for Australian agencies to obtain access to stored telecommunications data from international licensed communications providers in countries that have an Australian arrangement, and vice versa.

In order to implement the US Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), the Bill is a precondition for Australia to obtain a proposed bilateral agreement with the United States.

In appearing earlier this month before the PJCIS, the AFP announced it had provided US telecommunications carriers with 44 data requests in 2019 to support investigations.

This received testimony that the current Mutual Assistant Request (MAR) process had made a total of 209 requests over the past five years.

In its [PDF] submission, which also served as a answer to questions taken on notice during the hearing, AFP further outlined its MAR past, disclosing that, from 1 July 2014 to 30 June 2019, 98 of its MARs had directly requested communications data from U.S. communications service providers (CSPs).

Of those 98, 91 have sought internet content data and internet non-content data, such as subscriber and traffic information. Six MARs requested internet data only for non-content, and one MAR requested subscriber data for telephone information.

“Although the type of assistance requested under a MAR is not classified in the same way as the IPO Bill (i.e. surveillance, communications data stored or telecommunications data), the above MARs will be classified as either ‘stored communications data’ or ‘telecommunications data’ under the IPO law,” wrote AFP. “None of those interception demands”

Of the 98 MARs, 29 were related to drug offenses, 26 were related to terrorism offenses, 24 were related to child sex offenses, 11 were related to money laundering, four were related to international bribery, three were related to human trafficking and one was identified as a “spectrum of extreme, unspecified offenses.”

One MAR may contain various forms of crime, and various CSPs can also look for data retained by a single MAR.

Deputy commissioner Karl Kent of Specialist and Support Operations at the AFP, repeating remarks made by others speaking before the committee, said the current MAR mechanism can sometimes cause considerable delays to investigations.

“We rely heavily on our Mutual Assistant Request scheme, which was introduced in 1987 when the internet was, of course, in its infancy, for accessing information beyond our borders,” Kent told the PJCIS.

He also said that the nature of the existing MAR process has actively discouraged its use and that by comparison, he expected the powers granted under the IPO Bill to be used more frequently.

“We wouldn’t be in a position to provide an exact figure of how many times it will be used … if we look at the existing phase there are 44 requests submitted in 2019, and we’d expect a substantial increase — I think it’s magnitude orders greater than 44 and it’s likely to increase over time as the phase ‘s familiarity and our investigators increased,” he said at the time.

The AFP used its submission for detailed case studies where it used the MAR method. It also highlighted where the powers of the IPO Bill to assist investigations would be better equipped.

The AFP said it is currently investigating an Australian person who has used a domain and related services to build, advertise, and sell malware, specifically a remote access trojan (RAT).

“While similar to the legitimate RAT software used by ICT helpdesks to serve remote clients, the RAT differed in that it contained unlawful features such as covert deployment, covert webcam operation and keylogging,” explained the AFP.

“The AFP first approached the Australian Central Authority in November 2018 to make a MAR in this matter. As of April 2020, the request remains ongoing and so far no material has been received.”

The AFP said the international provider was told not to offer email content unless it could show that the particular emails it requested were specifically linked to the offence.

“It in turn allowed the AFP to procure from the foreign provider the proof it needed before we could reach the evidentiary requirement for that information to be published under a MAR,” the AFP wrote.

“The data will only be kept by the telecommunications company concerned for 360 days before that data is destroyed. Under current MAR arrangements this may be insufficient time to secure the data.”

The AFP said it was sure for this particular investigation that there were “fair grounds to presume” that the US provider had information applicable to the full scope of the actions of the alleged offender. It clarified that if it had been able to receive an IPO from an Australian issuing authority, it would have made applications to the Australian Central Authority and then directly to the international service provider “much quicker” so that relevant content data could be supplied in order to begin the investigation with “less time for the risk of the person moving infrastructure to obstruct law”.

The AFP added that the ability to acquire evidence more quickly would also allow it to apprehend suspected criminals and ensure that international evidence needed for trial is available in time for the AFP to deliver briefs to the court.

Under the current domestic framework, an AFP authorized officer may access telecommunications data under the Interception and Access Act, but in order to obtain an IPO for telecommunications data under the IPO Bill scheme, an issuing authority would have to approve the AFP.

When asked earlier this month if it was unfair for the IPO applications to have an independent search but none for when AFP was seeking access to data kept in Australia, Kent said it was a requirement provided by the United States.

“It is my understanding that it is a US necessity that explains the need for that degree of authorisation to make them comfortable with the fact that their communications providers will receive an order directly,” he said.

Source: https://cybersguards.com/afp-has-submitted-98-telco-data-requests-to-the-united-states/

Cyber Security

Expert Reaction On Millions of LiveAuctioneers Passwords for Sale

Avatar

Published

on

Researchers at CloudSEK claim to have found evidence of the sale of a database containing 3.4 million users of online art and antique auction website.

Source: https://www.informationsecuritybuzz.com/expert-comments/millions-of-liveauctioneers-passwords-offered-for-sale-following-data-breach/

Continue Reading

Cyber Security

Security firm G4S fined by Serious Fraud Office

Avatar

Published

on

Security firm G4S has been fined £44m by the Serious Fraud Office (SFO) as part of an agreement that will see it avoid prosecution for overcharging the Ministry of Justice for the electronic tagging of offenders, some of whom had died.

The SFO said G4S had accepted responsibility for three counts of fraud that were carried out in an effort to “dishonestly mislead” the government, in order to boost its profits.

Source: The Guardian

Source: https://www.itsecurityguru.org/2020/07/14/security-firm-g4s-fined-by-serious-fraud-office/?utm_source=rss&utm_medium=rss&utm_campaign=security-firm-g4s-fined-by-serious-fraud-office

Continue Reading

Cyber Security

Highly-Critical SAP bug that could let attackers take over corporate servers patched

Avatar

Published

on

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications.
The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity firm Onapsis, which uncovered the flaw.

Source: The Hacker News

Source: https://www.itsecurityguru.org/2020/07/14/highly-critical-sap-bug-that-could-let-attackers-take-over-corporate-servers-patched/?utm_source=rss&utm_medium=rss&utm_campaign=highly-critical-sap-bug-that-could-let-attackers-take-over-corporate-servers-patched

Continue Reading
AR/VR3 hours ago

Educational Tool HistoryMaker VR Steps Onto Steam in August

AR/VR3 hours ago

PSVR Exclusive Iron Man VR Hangs Onto Top 10 In UK Sales Charts

Automotive3 hours ago

2021 Ford Bronco First Edition reservations sell out, Bronco website overwhelmed

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Automotive3 hours ago

2021 Ford Bronco Sport vs Jeep Cherokee, Compass Trailhawks | How they compare on paper

AR/VR4 hours ago

Firmament’s 2020 Launch ‘Wildly Optimistic’, now Expected in 2022

Crowdfunding4 hours ago

Royal Bank of Scotland’s Tyl Contactless Payment Service Reports Solid Uptake

the-mother-korean-airs-infamous-nut-rage-executive-was-convicted-of-assaulting-her-chauffeur.jpg
Business Insider4 hours ago

The mother Korean Air’s infamous ‘nut rage’ executive was convicted of assaulting her chauffeur

Crowdfunding4 hours ago

Square Announces Acquisition of Operations Management Platform Stitch Labs

Business Insider4 hours ago

BANK OF AMERICA: Buy these 7 pharma stocks now as they race to develop COVID-19 treatments and vaccines

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Automotive4 hours ago

2021 Ford Bronco trim breakdown | All seven trims and how they differ

the-canadian-biotech-medicago-is-betting-it-can-make-a-coronavirus-vaccine-out-of-plants-and-it-just-started-testing-it-in-humans.jpg
Business Insider4 hours ago

The Canadian biotech Medicago is betting it can make a coronavirus vaccine out of plants, and it just started testing it in humans

6-in-10-us-workers-support-going-back-to-in-person-learning-in-the-fall-but-a-lot-of-people-are-worried-schools-arent-ready.png
Business Insider4 hours ago

6 in 10 US workers support going back to in-person learning in the fall, but a lot of people are worried schools aren’t ready

Business Insider4 hours ago

Under Thomas Kurian, Google Cloud is announcing some heavyweight enterprise customers and it’s a good sign for his ultimate ambitions (GOOG, GOOGL)

Crowdfunding4 hours ago

Update: Snowball Money Hits $600,000 Maximum Funding Goal Reached on Republic

Crowdfunding4 hours ago

Fintech in Need of Finance? Report States COVID-19 May Necessitate £825 Million in New Financing

CNBC4 hours ago

Delta posts second-quarter net loss of $5.7 billion, biggest in more than a decade, driven by coronavirus

CNBC4 hours ago

Coronavirus updates: Hong Kong grapples with new cluster; U.K. study says immunity may wane after two months

CNBC4 hours ago

Citigroup is set to report second-quarter earnings. Here’s what Wall Street expects

Publications4 hours ago

JPMorgan shares jump after record trading revenue drives stronger-than-expected second quarter profit

CNBC4 hours ago

Amazon is rolling out grocery carts that let shoppers skip checkout lines, bag their groceries and walk out

AI4 hours ago

VC Funding – Outlook Bumpy, But Some Optimism

Publications4 hours ago

Pricefx raises $65M Series C for its cloud-based pricing software

AR/VR4 hours ago

UofL and Penn State bring immersion to education

Publications4 hours ago

Liteboxer, the Peloton for boxing, enters the ring

Private Equity4 hours ago

Valor Equity Partners passes $1bn in fifth flagship fundraise

Ecommerce4 hours ago

India’s Flipkart secures $1.2 billion from Walmart and other shareholders

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications4 hours ago

Here’s a breakdown of Delta’s Q2 earnings results

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications4 hours ago

Here’s a breakdown JPMorgan’s Q2 earnings results

Crowdfunding4 hours ago

UK Fintech Lanistar Secures £15 Million in Additional Capital to Support Upcoming Launch this Year

Private Equity5 hours ago

Align Capital follows $450m Fund II close with deal for PE-backed-business advisory firm WilliamsMarston

Cyber Security5 hours ago

Expert Reaction On Millions of LiveAuctioneers Passwords for Sale

BBC5 hours ago

News outlets will digitally watermark content to limit misinformation

Publications5 hours ago

Stock futures rise ahead of big bank earnings

Publications5 hours ago

Verizon partners with Airtel to launch BlueJeans in India

Blockchain5 hours ago

MAS completes multi-currency blockchain testing

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications5 hours ago

Sterling headed to parity with euro if no Brexit deal is agreed, strategist says

Private Equity5 hours ago

EQT sells Fund VII investment to EQT VIII, IX and TA Associates in €3bn-plus deal

Automotive5 hours ago

BYD Enviro400EV bus for National Express West Midlands

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications6 hours ago

Covid-19 pandemic has only accelerated trends like lack of inclusion, WEF founder says

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications6 hours ago

WEF founder: Must prepare for an angrier world

Trending