“Between 2018 and 2020, the AFP investigated several complex malware syndicates operating via ‘botnets’. A botnet can be described as a distributed network of computers infected by malware, which can be tasked by the malware syndicate to perform a variety of criminal activities, including banking fraud, ransomware and offensive cyber attacks, amongst others,” the AFP said in its submission to the review of the Surveillance Legislation Amendment (Identity and Disrupt) Bill 2020.
“In many cases, the computers which form the botnet belong to innocent people or companies, who are unaware their computers have been infected and are being used for criminal activities.”
It said the current legal framework prevented the police from stopping a cyber attack that hit more than 53,000 Australians, costing an estimated $10 million to $50 million.
New police powers
“However, Australian laws do not currently permit this sort of action – as computer access warrant powers are designed solely to facilitate evidence-gathering,” the AFP said.
“The new data disruption warrant will give the AFP another option to dismantle and disrupt these criminal syndicates by frustrating their offending. The AFP could alter the malware to reduce its reach and impact, disrupt malware infrastructure, while systematically remediating victims.”
The bill would amend the Surveillance Devices Act 2004 and Crimes Act 1914 to give new powers to the AFP and the Australian Criminal Intelligence Commission.
The amendments would introduce a “data disruption warrant” that would allow AFP and ACIC to access data on computers to disrupt criminal activity. It would also bring in a network activity warrant for the AFP and ACIC to collect intelligence on criminal networks online, as well as a takeover warrant to allow the AFP to take over a person’s online account to gather evidence of criminal activity.
The AFP said cybercrime costs the economy $1 billion annually and cited research that estimated 11 per cent of Australian computers were infected with malware, and 4.8 per cent of mobiles.
Twitter, in its submission, said the account takeover warrant, as currently written, would be divorced from standard due process…