- The Australian Internet Security Initiative (AISI)
- The AISI and Internet Service Providers
- What do ISPs need to do to participate in the AISI?
- The AISI and the Internet Industry Association’s icode
- Botnets and criminal activity
- ACMA Research into provider responses to security-compromised computers.
The ACMA developed the Australian Internet Security Initiative (AISI) to help address the problem of compromised computers (sometimes referred to as 'bots', or 'drones'). Computing devices can become compromised through the surreptitious installation of malicious software (malware) that enables the device to be controlled remotely for illegal and harmful activities without the user's knowledge.
Compromised computing devices are often aggregated into large groups known as 'botnets'. Among other things, botnets are used to assist the mass distribution of spam and malware, the hosting of 'phishing' sites and distributed denial of service (DDoS) attacks on websites.
The AISI collects data from various sources on computing devices exhibiting 'bot' behaviour on Australian internet protocol (IP) addresses. Using this data, the ACMA provides daily reports to internet providers identifying IP addresses on their networks that have generally been supplied to the ACMA in the previous 24-hour period. These providers can then inform the customer associated with that IP address that their computing device appears to be compromised and provide advice on how they can fix it.
Statistics on the number and type of infections reported each day through the AISI are available here.
The AISI was originally trialled in November 2005 with six Australian internet service providers — Telstra BigPond, OptusNet, Westnet, Uecomm, Pacific Internet and West Australian Networks. Following an evaluation of the trial in mid-2006, an extended rollout of the AISI occurred. The current 133 participants (including 16 universities) are:
These participants are estimated to cover more than 95 per cent of Australian residential internet users.
If you would like to participate in the AISI, contact the ACMA on 1300 855 180 or email email@example.com. You will be asked to provide:
- your IP address ranges (preferably in CIDR format);
- an email address to send the daily AISI email reports to (ideally the email to send reports to would be a generic address that does not need to change if there is a change in personnel responsible for managing the reports);
- a direct contact number(s) and email address to discuss technical or operational matters concerning the AISI;
- your Autonomous System Number (ASN) (if applicable); and
- the name by which you want your company to be listed on this webpage and in ACMA publicity about the AISI.
There are no costs associated with participation in the AISI. It is a free service provided by the ACMA to assist in reducing spam and to improve the security level of the Australian internet. By participating, you will contribute to the overall reduction of spam and e-security compromises, thereby reducing costs for all internet providers and users.
The number of compromises listed in the daily AISI reports will vary considerably for each provider, depending on the provider's customer base and the quantity of the information feeding into the AISI on a given day. Large providers may receive hundreds (and in some cases thousands) of compromises per day, whereas some smaller providers may rarely get any reports.
The ACMA is continually assessing and updating information feeds into the AISI to better capture information on the number of compromised computers on the Australian internet and the nature of these compromises.
In June 2010, the Internet Industry Association of Australia (IIA) launched a voluntary ISP code of practice, the ‘icode’, aimed to promote a security culture among the internet industry by reducing the number of compromised computers in Australia. This Code is designed to provide a consistent approach for Australian ISPs to help inform, educate and protect their customers in relation to cyber security risks.
The icode encourages all Australian ISPs to participate in the AISI and to take steps to respond to AISI reports. The icode is available on the Internet Industry Association website.
The icode commenced operating on 1 December 2010 and the associated website is at www.icode.net.au. The website provides information on the icode, a list of current participants, advice on avoiding infections and how to obtain professional help to address a compromise.
It is illegal for any person or organisation to remotely use and control another person’s computer without their knowledge or consent. Under the Criminal Code 1995 criminal penalties apply in the following circumstances:
- unauthorised access and modification of data via a carriage service. For example, accessing another person’s computer to install a bot. (Penalty—a 2 year maximum prison sentence.)
- unauthorised modification of data via a carriage service. For example, installing a bot on another person’s computer. (Penalty—a 10 year maximum prison sentence.)
- possession of data with intent to commit a computer offence. For example, possession of bot binaries and exploiting tools or installers. (Penalty—a 3 year maximum prison sentence.)
- producing, distribution or obtaining data with intent to commit a computer offence. For example, writing a bot code or selling a bot code. (Penalty—a 3 year maximum prison sentence.)
The ACMA refers information on such criminal activities to the Australian Federal Police or the relevant state or territory police force.
This ACMA research report identifies how AISI participants act on AISI malware reports and assist customers on their networks to resolve malware problems. It is based on interviews with 24 small, medium and large internet providers across Australia. The report also discusses potential improvements to the AISI.