Telecoms operators to get sweeping powers to block scams through amendment to Telecoms Act

The federal government has announced that it will change telecommunications laws to give telecommunications operators the ability to block fraudulent SMS messages.

“The regulatory amendment we have enacted gives the telecoms industry the authority it needs to block malicious SMS messages on a large scale and protect the Australian public from scammers,” Home Secretary Karen Andrews said. .

“The Morrison Government is committed to working with industry to tackle new and emerging threats to the Australian community, including scams that exploit digital technologies for nefarious purposes.”

The modifications consist of modifying the Telecommunications (Interception and Access) Act 1979 (TIA Act) so that telcos can intercept malicious SMS in order to block them.

The regulatory changes have been in the works for some time, with Interior Secretary Mike Pezzullo telling the Senate that his department was in talks with the telecom industry to give telecom carriers more powers to block spam and malicious content through TIA.

Telstra CEO Andy Penn said that in light of regulatory changes, his telecom operator is now developing a new cybersecurity capability designed to automatically detect and block fraudulent SMS messages as they travel through its network.

The capability is currently running as a pilot inside Telstra so that any fraudulent SMS messages sent to its staff can help “train” the systems to tell the difference between a legitimate SMS and a malicious SMS. This latest capability is part of Telstra’s Cleaner Pipes initiative which began last year.

Andrews also announced that a new joint police cybercrime coordination center – the JPC3 – will be operational from March 2022, which will focus specifically on preventing cybercriminals from defrauding, stealing and defrauding Australians. .

JPC3 operations will be led by Australian Federal Police (AFP) Deputy Commissioner Justine Gough, who will become AFP’s first full-time executive dedicated to the fight against cybercrime.

“The AFP-led JPC3 will target cybercriminals on a large scale who deceive businesses using compromised business emails or trigger mass phishing attacks, which can defraud individuals into obtaining personal information or money,” AFP said.

As Andrews announced these new cyber initiatives, AFP simultaneously said it had stopped cybercriminals from stealing A$24 million from local pension accounts through a recently exposed operation.

As part of Operation Zinger, AFP said it shut down a criminal market specializing in the online sale of cybercrime software, which contained more than 500,000 compromised online credentials.

By examining 500 gigabytes of data, AFP was able to identify the victims and perpetrators. AFP then contacted 20 pension fund companies and facilitated the remediation of more than 25 super managed information systems to protect 681 matched super accounts attached to members and 35 matched super accounts attached to employers.

AFP has also charged a Sydney man with stealing more than A$100,000 in an illegal text message phishing scam that targeted the banks and telecom accounts of more than 450 victims. The phishing scam involved luring victims to a fake web page, via text message, and asking them to provide personal information. The accused individual then used this information to gain access to the victims’ phone and bank accounts. He also created new accounts without their knowledge.

AFP worked with Commonwealth Bank of Australia, National Australia Bank and Telstra to identify victims who had entered information on these fake web pages. The companies have also placed additional security protocols on these account holders, helping to prevent the theft of more than A$4 million from the accounts of 16,000 other Australians, AFP said.

The accused individual, if convicted, could face up to 26 years in prison.

All of the new measures follow the theme of tackling cyber threats, as do other initiatives announced by Home Affairs in recent months, such as the Critical Infrastructure Bill currently awaiting Royal Assent, its plan to national action against ransomware and new principles for critical technologies. supply chain security.