Welcome to the Australian Communications and Media Authority's website. If you are utilising a screen reader, please read our accessibility information page for details as to how to gain access to content on our site in other formats.
Australian Government - Australian Communications and Media Authority

Australian Internet Security Initiative

 

Spam image

  Lodge a complaint

Current activity

Related information

The Australian Internet Security Initiative (AISI)

The ACMA developed the Australian Internet Security Initiative (AISI) to help address the emerging problem of compromised computers (sometimes referred to as 'zombies', 'bots', or 'drones'). Computers can become compromised through the surreptitious installation of malicious software (malware) that enables the computer to be controlled remotely for illegal and harmful activities without the computer user's knowledge.

Compromised computers are often aggregated into large groups known as 'botnets'. Among other things, botnets are used for the mass distribution of spam and spyware, the hosting of 'phishing' sites and distributed denial of service (DDoS) attacked on websites.

The AISI collects data from various sources on computers exhibiting 'bot' behaviour on the Australian internet. Using this data, the ACMA provides daily reports to ISPs identifying IP addresses on their networks that have been reported in the previous 24-hour period. ISPs can then inform their customer that their computer appears to be compromised and provide advice on how they can fix it.

The AISI and Internet Service Providers

The AISI was originally trialled in November 2005 with six Australian ISPs—BigPond, OptusNet, Westnet, Uecomm, Pacific Internet and West Australian Networks.

Following an evaluation of the trial in mid-2006, an extended rollout of the AISI was announced in October 2006 involving an additional 19 ISPs. Some of these ISPs subsequently merged and new ISPs continue to join the AISI. The current 75 members are:

  • AAPT Limited
  • Access Net Pty Ltd
  • Ace Internet Solutions
  • Adam Internet
  • AINS
  • Albury Local Internet Pty Ltd
  • All Hours Communications
  • AOL
  • ATU Internet Group
  • Aussiewide Internet
  • AUSTARnet
  • Bekkers
  • Bendigo Community Telco
  • Castaway Travel
  • Central Data
  • Chariot
  • Comcen
  • Dodo Australia
  • Dreamtilt
  • earthwave
  • Edith Cowan University
  • EFTel
  • Enterprise IP
  • Enterprise IT Pty Ltd
  • EscapeNet
  • Exetel Pty Ltd
  • EZ ADSL
  • FoundationIT
  • GCOMM
  • Global Dial
  • gotalk
  • GoWireless
  • Grapevine
  • HaleNET
  • Highway 1
  • Hotkey
  • HugoNET
  • Hutchison 3G Australia Pty Ltd
  • IDL Internet
  • iiNet
  • Internode
  • Inticon
  • IntraPower
  • Ipera Communications
  • iPrimus
  • iseek
  • ispONE
  • KDDI Australia
  • Neighbourhood Cable
  • Netspace
  • NetYP
  • Nextep
  • Nowires Pty Ltd
  • Optus Internet
  • Orion Satellite Systems
  • Over The Wire Pty Ltd
  • Overflow
  • Pacific Internet (Australia)
  • PPS Internet/StudentNet
  • Riverland Internet
  • Seccom Global
  • (The) Smelly Black Dog Company
  • Soul Communications
  • Speedweb Internet
  • Spin Internet
  • Telstra Bigpond
  • TPG Internet
  • TSN Communications
  • Uecomm
  • The Univeristy of Western Australia
  • Unwired
  • Virgin Broadband
  • West Australian Networks
  • Westnet
  • Wideband Networks

The ACMA intends to progressively increase the number of ISPs participating in the AISI, to ensure that more compromised hosts on the Australian internet are identified and their owners notified of the compromise.

Botnets and criminal activity

It is illegal for any person or organisation to remotely use and control another person’s computer without their knowledge or consent. Under the Criminal Code 1995 criminal penalties apply in the following circumstances:

  • unauthorised access and modification of data via a carriage service. For example, accessing another person’s computer to install a bot. (Penalty—a 2 year maximum prison sentence.)
  • unauthorised modification of data via a carriage service. For example, installing a bot on another person’s computer. (Penalty—a 10 year maximum prison sentence.)
  • possession of data with intent to commit a computer offence. For example, possession of bot binaries and exploiting tools or installers. (Penalty—a 3 year maximum prison sentence.)
  • producing, distribution or obtaining data with intent to commit a computer offence. For example, writing a bot code or selling a bot code. (Penalty—a 3 year maximum prison sentence.)

The ACMA refers information on such criminal activities to the Australian High Tech Crime Centre or the relevant state or territory police force.

What do ISPs need to do to participate?

If you would like to participate in the AISI, contact the ACMA on 1300 855 180 or email aisi@acma.gov.au. You will be asked to provide:

  • your IP address ranges (preferably in CIDR format);
  • an email address to send the daily AISI email reports to (ideally the email to send reports to would be a generic address that does not need to change if there is a change in personnel responsible for managing the reports);
  • a direct contact number(s) and email address to discuss technical or operational matters concerning the AISI;
  • your Autonomous System Number (ASN) (if applicable); and
  • the name by which you want your company to be listed on this webpage and in the ACMA publicity about the AISI.

There are no costs associated with participation in the AISI. It is a free service provided by the ACMA to assist in reducing spam and to improve the security level of the Australian internet. By participating, you will contribute to the overall reduction of spam and e-security compromises, thereby reducing costs for all ISPs and internet users.

The number of compromises listed in the daily AISI reports will vary considerably for each ISP, depending on the customer base of the ISP and the quantity of the information feeding into the AISI on a given day. Large ISPs may receive hundreds (and in some cases thousands) of compromises per day, whereas some smaller ISPs may rarely get any reports.

The ACMA is continually assessing and updating information feeds into the AISI to better capture information on the number of compromised computers on the Australian internet and the nature of these compromises.

 

Last update: 18 January 2010 14:13