Cybercriminals look to infect Australian computers because the country is considered “safe”.


Australia is emerging as a major conduit for targeted cyber attacks, a report shows, as online criminals shift their gaze towards Asia.

The country has become the main location of so-called “command and control” servers, which are used by cybercriminals when they attack governments and businesses.

According to a report by cyber security firm Trend Micro, 32 per cent of targeted attacks in the second quarter of 2013 involved a command and control server located in Australia.

Second-placed South Korea had 15 per cent, while Germany had 9 per cent


The servers are infected computers which act as a kind of middle-man in cyberattacks, said Jonathan Oliver, a software architect at Trend Micro.

The criminals first infect Australian computers with malware via spam emails and other common pathways.

This turns the computer into a command and control server, which unbeknownst to the user establishes an internet link with the actual target.

Sensitive information is fed back to the command and control server, and then back to the cybercriminals.

Australia had become a deeply sought-after server location as cybercriminals increasingly look to target Asian governments and businesses, Oliver said.

Cybercriminals look to infect Australian computers because the country is considered “safe”, he said.

If a government or business sees that their computer has linked with an internet address in Australia, they are less suspicious than if it came from Russia, China or other known cybercriminal hotspots, Oliver said.

“What the cybercriminals are hoping is that no one will notice this connection, and it won’t look that suspicious,” he said.

They’re trying to fly under the radar.”


Henry Sapiecha

blue cam line




Australia’s electronic spy agency reportedly has access to a top secret program that has successfully cracked the encryption used by hundreds of millions of people to protect the privacy of their emails, phone calls and online business transactions.

Documents disclosed by US intelligence whistleblower Edward Snowden reveal the program run by the US National Security Agency, codenamed Bullrun, has been used to secretly descramble high-level internet security systems globally.

They show the NSA and British Government Communications Headquarters (GCHQ) have successfully cracked the encryption used in personal communications such as email and telephone calls as well as global commerce and banking systems.

An undated ”briefing sheet” on the program, provided to British analysts when they are cleared for access to Bullrun, was published on Friday in The New York Times and The Guardian newspapers.

It states that the Australian Signals Directorate – until recently called the Defence Signals Directorate (DSD) – was expected to be granted access.

”In recent years there has been an aggressive effort, lead [sic] by NSA, to make major improvements in defeating network security and privacy involving multiple sources and methods, all of which are extremely sensitive and fragile,” the briefing paper says.

”These include: Computer Network Exploitation (CNE); collaboration with other intelligence agencies; investment in high performance computers; and development of advanced mathematical techniques.”

It explains the British intelligence agency, GCHQ, ”is also introducing BULLRUN … CSEC, DSD and GCSB are expected to do likewise”.

The New York Times reported that the full extent of the NSA’s decryption capabilities – including Bullrun – is only shared with members of the so-called ”Five Eyes”: the NSA and equivalent agencies in Britain, Canada, Australia and New Zealand.

The newspaper reported documents disclosed by Mr Snowden reveal the NSA has ”circumvented or cracked” much of the encryption that automatically protects emails, web searches and phone calls.

The Guardian reported the documents reveal Britain’s GCHQ has been working on ways to unscramble encryption used by service providers Hotmail, Google, Yahoo and Facebook.

Last month it emerged in other documents released by Mr Snowden, that the Australian Signals Directorate is in a partnership with British, American and Singaporean intelligence agencies to tap undersea fibre-optic telecommunications cables that link Asia, the Middle East and Europe. The cables carry much of Australia’s international phone and internet traffic.

In May, Mr Snowden, a former contractor for the NSA, disclosed documents revealing efforts by the US agency to track telephone conversations and internet traffic globally.

blue cam line

WikiLeaks releases documents on global surveillance industry


WikiLeaks has stepped up its campaign to expose the global surveillance industry with the release of a new collection of sensitive documents from private intelligence and information technology companies.

The transparency group has published 294 documents from 92 contractor firms providing surveillance and intelligence technology to governments around the world.

WikiLeaks publisher Julian Assange said “Spy Files 3”, the third tranche of documents released on the subject, was part of his organisation’s “ongoing commitment to shining a light on the secretive mass surveillance industry”.

“The files form a valuable resource for journalists and citizens alike, detailing and explaining how secretive state intelligence agencies are merging with the corporate world in their bid to harvest all human electronic communication,” he said.

The released documents include sensitive sales brochures and presentations used by companies to encourage security, intelligence and police services to acquire surveillance systems and services. Technologies on offer include “lawful interception” systems, mass telecommunications monitoring, network recording, signals and communications intelligence and listening devices.

The WikiLeaks release shows internet spying capabilities now being sold on the intelligence market include detecting encrypted and obfuscated internet usage such as Skype, BitTorrent, VPN, SSH and SSL. The documents also reveal how contractors work with intelligence and police agencies to obtain decryption keys.

The documents detail bulk interception methods for voice, SMS, MMS, email, fax and satellite phone communications. The released documents also show intelligence contractors are selling capabilities to analyse web and mobile interceptions in real-time.

One 2011 document shows how companies such as British-based Gamma Group, German-based Desoma and Swiss-based Dreamlab are working in concert to “create Telecommunications Intelligence Systems for different telecommunications networks to fulfil the customers’ needs” regarding “massive data interception and retention”.

Other documents in the release show evidence of these technologies being used to infect users in Oman with remote-controlled spyware. The FinFly ‘iProxy’ installation by Dreamlab shows how targets are identified and malware is covertly inserted alongside a legitimate download while keeping the intended download functioning as expected. The target identification methods mean that anybody connecting through the same network would be systematically and automatically intercepted and infected as well, even unintended targets.

British-based privacy advocacy organisation Privacy International said the latest WikiLeaks release “further reveals the extent of which Western corporations are equipping repressive regimes and non-democratic governments to target activists, journalists, and human rights defenders”.

“Unequivocally, the newest ‘Spy Files’ documents show that this dark industry only continues to grow, in both technical capability and customer base, all while amassing billions in profits off the suffering of individuals,” Privacy International researcher Kenneth Page said.

“The types of surveillance being marketed by these companies represent some of the most sophisticated technologies available – whether it’s intrusion software, data mining, Trojans, location tracking, deep packet inspection, facial recognition or mass monitoring,” he said.

“And just like an advertisement you would see on television or in a magazine, spy firms are marketing these tools with flashy graphics, sales-speak and guarantees on effectiveness. It’s quite jarring to see such dangerous technologies being presented in such an unthreatening fashion, given that these products represent one of the biggest threats to human rights in the 21st century.”

The global trade of surveillance technology is estimated to be worth up to $US5 billion ($5.5 billion) a year. By comparison, the “traditional” global trade in small arms (excluding the sale of ammunition) was worth $US4 billion a year.

WikiLeaks has also published information on the movement of private intelligence corporate executives and sales personnel, thereby revealing the geographical focus of their activities.

Mr Assange said the WikiLeaks “Counter Intelligence Unit” has been “tracking the trackers”.

“The WikiLeaks Counter Intelligence Unit (WLCIU) operates to defend WikiLeaks’ assets, staff and sources, and, more broadly, to counter threats against investigative journalism and the public’s right to know,” he said. “The WLCIU has collected data on the movements of key players in the surveillance contractor industry, including senior employees of Gamma, Hacking Team and others as they travel through Azerbaijan, Bahrain, Brazil, Spain, Mexico and other countries.”

No further details of the new unit have been revealed. However it is a matter of public record that former US intelligence contractor turned whistle-blower Edward Snowden has been associated with WikiLeaks since his travel from Hong Kong to Russia in June.


Henry Sapiecha

blue cam line