The federal government has announced that it will amend telecommunications laws to allow telecommunications operators to block fraudulent SMS messages.
“The regulatory amendment we have enacted gives the telecommunications industry the authority it needs to block malicious SMS messages on a massive scale and protect the Australian public from scammers,” Home Secretary Karen Andrews said .
“The Morrison government is committed to working with industry to tackle new and emerging threats to the Australian community, including scams that exploit digital technologies for nefarious purposes.”
The changes result in the modification of the Telecommunications (Interception and Access) Act 1979 (TIA Law) so that telecom operators can intercept malicious SMS messages to be able to block them.
Regulatory changes have been in the works for some time, Home Affairs Secretary Mike Pezzullo telling Senate estimates his department was in talks with the telecoms industry to give telecom operators more powers to block spam and malicious content via the TIA law.
Telstra CEO Andy Penn said that in light of regulatory changes, his phone company is now developing a new cybersecurity capability designed to automatically detect and block fraudulent SMS messages as they travel on its network.
The capability is currently being exploited as a pilot within Telstra so that any fraudulent SMS message sent to its staff can help “train” systems to differentiate between a legitimate SMS and a malicious SMS. The latter capability is part of Telstra’s Cleaner Pipes initiative that started last year.
Andrews also announced that a new Joint Cybercrime Policing Coordination Center – JPC3 – will be operational from March 2022, which will focus specifically on preventing cybercriminals from defrauding, stealing and defrauding Australians. .
JPC3 operations will be led by Australian Federal Police (AFP) Deputy Commissioner Justine Gough, who will become AFP’s first full-time executive dedicated to the fight against cybercrime.
“The AFP-led JPC3 will broadly target cybercriminals who deceive businesses by using business email compromise or trigger mass phishing attacks, which can defraud personal information or money,” he said. AFP said.
With Andrews announcing these new cyber initiatives, AFP simultaneously said it had stopped cybercriminals from stealing AU $ 24 million from local retirement accounts in a recently exposed operation.
As part of Operation Zinger, AFP said it had shut down a criminal market specializing in the online sale of cybercrime software, which contained more than 500,000 compromised online credentials.
By examining 500 gigabytes of data, AFP was able to identify victims and offenders. AFP then contacted 20 pension companies and facilitated the remediation of over 25 super managed information systems to protect 681 matched super accounts attached to members and 35 super matched accounts attached to employers.
AFP also indicted a Sydney man for stealing more than A $ 100,000 in an illegal SMS phishing scam targeting the banks and telecommunications accounts of more than 450 victims. The phishing scam consisted of luring victims to a fake webpage, by texting them, and asking them to provide personal information. The accused then used this information to access the victims’ phone and bank accounts. He also created new accounts without their knowledge.
AFP worked with the Commonwealth Bank of Australia, National Australia Bank and Telstra to identify victims who entered information into these bogus web pages. The companies have also placed additional security protocols on these account holders, helping to prevent more than A $ 4 million from being stolen from the accounts of 16,000 other Australians, AFP said.
The accused person, if found guilty, faces up to 26 years in prison.
All of the new measures follow the theme of tackling cyber threats, as do other initiatives announced by Home Affairs in recent months, such as the Critical Infrastructure Bill currently awaiting Royal Assent, its plan to national action against ransomware and new principles for critical technologies. supply chain security.