Welcome to the Australian Communications and Media Authority's website. If you are utilising a screen reader, please read our accessibility information page for details as to how to gain access to content on our site in other formats.
Australian Government - Australian Communications and Media Authority

Australian Internet Security Initiative

Spam image

Report Spam

Current activity

Related information

The Australian Internet Security Initiative (AISI)

The ACMA developed the Australian Internet Security Initiative (AISI) to help address the problem of compromised computers (sometimes referred to as 'bots', or 'drones'). Computing devices can become compromised through the surreptitious installation of malicious software (malware) that enables the device to be controlled remotely for illegal and harmful activities without the user's knowledge.

Compromised computing devices are often aggregated into large groups known as 'botnets'. Among other things, botnets are used to assist the mass distribution of spam and malware, the hosting of 'phishing' sites and distributed denial of service (DDoS) attacks on websites.

The AISI collects data from various sources on computing devices exhibiting 'bot' behaviour on Australian internet protocol (IP) addresses. Using this data, the ACMA provides daily reports to internet providers identifying IP addresses on their networks that have generally been supplied to the ACMA in the previous 24-hour period. These providers can then inform the customer associated with that IP address that their computing device appears to be compromised and provide advice on how they can fix it.

Statistics on the number and type of infections reported each day through the AISI are available here.

The AISI and Internet Service Providers

The AISI was originally trialled in November 2005 with six Australian internet service providers — Telstra BigPond, OptusNet, Westnet, Uecomm, Pacific Internet and West Australian Networks. Following an evaluation of the trial in mid-2006, an extended rollout of the AISI occurred. The current 133 participants (including 16 universities) are:

  • AAPT Limited
  • Access Net Pty Ltd
  • Ace Internet Services
  • Activ8me
  • Adam Internet
  • AINS
  • Albury Local Internet Pty Ltd
  • Amnet
  • AOL
  • Apex Internet
  • Asian Pacific Telecommunications
  • ATU Internet Group
  • Aussie Broadband
  • Aust Domains
  • AUSTARnet
  • BarNet
  • Bekkers
  • Bendigo Community Telco
  • BigAir Group Limited
  • BKB Internet
  • Brennan Voice and Data Pty Ltd
  • Catholic Education Network
  • Catholic Network Australia
  • Central Data
  • Chariot
  • CI Internet
  • Cirrus Communications
  • ClubTelco
  • Comcen
  • Connectivity I.T.
  • CSIRO
  • Daraco Services
  • DCS Internet
  • Deakin University
  • Dedicated Servers
  • Dodo Australia
  • Dreamtilt
  • e-wire connection point
  • earthwave
  • ECN Pty Ltd
  • Edith Cowan University
  • EFTel
  • Enterprise IP
  • Enterprise IT Pty Ltd
  • EscapeNet
  • Exetel Pty Ltd
  • EZ ADSL
  • Flinders University
  • Fortana Networks Australia
  • FoundationIT
  • GCOMM
  • Global Dial
  • gotalk
  • GoWireless
  • Grapevine
  • HaleNET
  • Highway 1
  • Hotkey
  • HugoNET
  • IDL Internet
  • iiNet
  • Indigo Pty Ltd
  • Internet Information Group
  • Internode
  • Inticon
  • IntraPower
  • Ipera Communications
  • iPrimus
  • iseek
  • ispONE
  • KDDI Australia
  • La Trobe University
  • Legion Internet
  • M2 Telecommunications
  • Macquarie Telecom
  • Matilda Internet
  • Melbourne IT
  • Micron21
  • Monash University
  • Montimedia
  • Murdoch University
  • MyNetFone
  • Neighbourhood Cable
  • Net Logistics Pty Ltd
  • Net Niche Pty Ltd
  • Netbay Internet
  • Netspace
  • Netspeed
  • NetYP
  • NewSat
  • Nexon Asia Pacific
  • Nextep
  • Nowires Pty Ltd
  • Nuskope Pty Ltd
  • Oceania Business Solutions Pty Ltd
  • On Q Networks
  • OntheNet
  • Optus Internet
  • Orion Satellite Systems
  • Over The Wire Pty Ltd
  • Pacific Internet (Australia)
  • PPS Internet/StudentNet
  • Riverland Internet
  • Seccom Global
  • Select Communications
  • Servers Australia
  • SkyMesh
  • (The) Smelly Black Dog Company
  • Soul Communications
  • Speedweb Internet
  • Spin Internet
  • State Library of Victoria
  • Swinburne University of Technology
  • Symbiote IT
  • Telstra Bigpond
  • The Galaxy GateWay Computer System
  • TPG Internet
  • Uecomm
  • (The) Australian National University
  • (The) University of Adelaide
  • (The) University of Melbourne
  • (The) University of New South Wales
  • (The) University of Newcastle
  • (The) University of Western Australia
  • Unwired
  • UQconnect
  • Velocity Internet
  • Virgin Broadband
  • vividwireless
  • Vodafone Hutchison Australia
  • WAnet
  • West Australian Networks
  • Westnet

These participants are estimated to cover more than 95 per cent of Australian residential internet users.

What do internet providers need to do to participate in the AISI?

If you would like to participate in the AISI, contact the ACMA on 1300 855 180 or email aisi@acma.gov.au. You will be asked to provide:

  • your IP address ranges (preferably in CIDR format);
  • an email address to send the daily AISI email reports to (ideally the email to send reports to would be a generic address that does not need to change if there is a change in personnel responsible for managing the reports);
  • a direct contact number(s) and email address to discuss technical or operational matters concerning the AISI;
  • your Autonomous System Number (ASN) (if applicable); and
  • the name by which you want your company to be listed on this webpage and in ACMA publicity about the AISI.

There are no costs associated with participation in the AISI. It is a free service provided by the ACMA to assist in reducing spam and to improve the security level of the Australian internet. By participating, you will contribute to the overall reduction of spam and e-security compromises, thereby reducing costs for all internet providers and users.

The number of compromises listed in the daily AISI reports will vary considerably for each provider, depending on the provider's customer base and the quantity of the information feeding into the AISI on a given day. Large providers may receive hundreds (and in some cases thousands) of compromises per day, whereas some smaller providers may rarely get any reports.

The ACMA is continually assessing and updating information feeds into the AISI to better capture information on the number of compromised computers on the Australian internet and the nature of these compromises.

The AISI and the Internet Industry Association’s icode

In June 2010, the Internet Industry Association of Australia (IIA) launched a voluntary ISP code of practice, the ‘icode’, aimed to promote a security culture among the internet industry by reducing the number of compromised computers in Australia. This Code is designed to provide a consistent approach for Australian ISPs to help inform, educate and protect their customers in relation to cyber security risks.

The icode encourages all Australian ISPs to participate in the AISI and to take steps to respond to AISI reports. The icode is available on the Internet Industry Association website.

The icode commenced operating on 1 December 2010 and the associated website is at www.icode.net.au. The website provides information on the icode, a list of current participants, advice on avoiding infections and how to obtain professional help to address a compromise.

Botnets and criminal activity

It is illegal for any person or organisation to remotely use and control another person’s computer without their knowledge or consent. Under the Criminal Code 1995 criminal penalties apply in the following circumstances:

  • unauthorised access and modification of data via a carriage service. For example, accessing another person’s computer to install a bot. (Penalty—a 2 year maximum prison sentence.)
  • unauthorised modification of data via a carriage service. For example, installing a bot on another person’s computer. (Penalty—a 10 year maximum prison sentence.)
  • possession of data with intent to commit a computer offence. For example, possession of bot binaries and exploiting tools or installers. (Penalty—a 3 year maximum prison sentence.)
  • producing, distribution or obtaining data with intent to commit a computer offence. For example, writing a bot code or selling a bot code. (Penalty—a 3 year maximum prison sentence.)

The ACMA refers information on such criminal activities to the Australian Federal Police or the relevant state or territory police force.

October 2012 – ACMA Research into provider responses to security-compromised computers

This ACMA research report identifies how AISI participants act on AISI malware reports and assist customers on their networks to resolve malware problems. It is based on interviews with 24 small, medium and large internet providers across Australia. The report also discusses potential improvements to the AISI.

 

Last update: 18 February 2013 15:13