Australia's Spies Want To Put Members Of The Public At Risk By Using Them To Pass On Malware to Suspected Terrorists

from the not-thinking-it-through dept

Last year we wrote about the German police using malware to spy on members of the public. Now ASIO, Australia’s national secret service, has come up with a new variant on the idea:

A spokesman for the Attorney-General’s Department said it was proposing that ASIO be authorised to ”use a third party computer for the specific purpose of gaining access to a target computer”.

The problem seems to be that even suspected terrorists are getting the hang of this security stuff:

The department said technological advances had made it ”increasingly difficult” for ASIO to execute search warrants directly on target computers, ”particularly where a person of interest is security conscious.”

So the idea seems to be to infect the computer of someone that the alleged terrorists know, and then use that trusted link to pass on malware:

Australians’ personal computers might be used to send a malicious email with a virus attached, or to load ”malware” onto a website frequently visited by the target.

That probably seemed like a really clever ruse to the people who thought it up, but it overlooks some basic flaws.

First, that once ASIO has taken control of an intermediary’s computer it can do anything — including poking around to see what’s there. After all, if intermediaries are known to suspected terrorists, it’s possible that they too might be terrorists.

The authorities are insisting that the warrant to break into somebody’s computer would not authorize ASIO to obtain “intelligence material” from it. But you don’t have to be clairvoyant to predict that at some point in the future, “exceptional” circumstances will be invoked to justify doing precisely that: once security services start down a slippery stop, they never seem to be able to stop.

Secondly, as the German experience shows, if a computer has been compromised by malware in this way, it’s not just the government agencies that can take control: anyone who has obtained the malware and analyzed it will be able to look for ways to send their own instructions. That could leave innocent members of the public vulnerable to privacy breaches and economic losses that would be directly attributable to the spy agency’s digital break-in.

Finally, this approach seems to overlook the fact that presumed terrorists are unlikely to be best pleased with any person that unwittingly sends them government malware. If they notice and really are ruthless terrorists, they might decide to take revenge on that person and his or her immediate circle of family and friends. Either the Australian spy agency hasn’t really thought this through, or it is being extremely cavalier with the lives of the members of the public it is supposed to protect.

Follow me @glynmoody on Twitter or, and on Google+

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Australia's Spies Want To Put Members Of The Public At Risk By Using Them To Pass On Malware to Suspected Terrorists”

Subscribe: RSS Leave a comment
doug (profile) says:

spys is spys

For many thousands of years, combatants wore “uniform-s”
Combatants out of “uniform” (spys) were automatically hung, for their actions endangered non-combatants (you and i).
As these simple rules are subsumed in never ending Hollywood propaganda making subterfuge fun, “war” is changed;
In the US Civil war, 750,000 combatants died and perhaps a thousand civilians (mostly in Kansas).
WWI nine combatants for every civilian death.
WWII one combatant for every ten civilian deaths (perhaps a million mostly women and children died on a Saturday morning 10 March 1945).
1965-1973 in SE Asia, we lost 59 thousand men, they lost 3-6 million with “strategic bombing”.
My father had to remove his buttons and all Navy insignia in WWII when flying into or out of the Azores, Peru & Galapagos Is or Ireland.
Rules is rules.

Old Man in The Sea says:

Re: spys is spys - WWII

Some figures I found when looking at the number of civilians who died in Europe alone indicate that the ratio of combatant to civilian deaths may have been as low as 1 combatant death for every 110 civilians killed. This was some years ago now.

How accurate that is I don’t know it could have been much worse than this.

art guerrilla (profile) says:

Re: Re: spys is spys - WWII

in general, before about WWI & II, military to civilian deaths averaged about 1 civilian for every 10 military; since that time, the stats have basically flipped where it is 10 civilians for 1 military…
because we are the MOST CIVILIZEDEST nekkid apes EVAHHHHHH!

…just ask anyone in power, they’ll tell you so !

art guerrilla
aka ann archy

G Thompson (profile) says:

Re: Re:

Good question John (just saw your site too.. looks good and we most likely have prob met or passed each other at a Comp show years ago – If you dealt with the Australian Business Index in late 90s then we have)

Seeing as this is only a proposal by a spokesperson who is probably only gauging the public and business response (it was given to News Ltd remember) then until at such time it becomes more I wouldn’t worry about it. Though my answer to the question is most likely no unless you had foreknowledge of the installation.

This situation will always be a problem for ASIO and the AFP (who are more likely to want this then ASIO). But it has major chilling effects on what constitutes a third party machine, who has vicarious liability, what checks are in place for abuse from all sides, and would there be 3rd, 4th party or more liability for someone innocently destroying the code.

Have a great weekend from here in stinking hot Sydney (42 where I am at moment) and I gotta drive home soon in Sydney traffic.. to where its currently 45. blah!

Old Man in The Sea says:

This is ASIO we are talking about

Just remember this is ASIO we are talking about. You know the organisation that is so competently run that they are the masters of the comedic scenario.

I had a colleague who in his youth went for a job with them and the report of the interview included that dark glasses and trench coats were the order of the day. We didn’t initially believe him till he swore an oath that it was so.

Should we be worried, probably and more for what other groups will do with the facilities than what ASIO will be able to do.


If it is not officially marked by ASIO, how can you not remove it? Though I suppose, if this comes to pass, you could always ring ASIO to verify first and if they so that they are not monitoring the machine then you could just go ahead and remove it (get the confirmation as email, voice recording or letter first). I am sure that ASIO will set up a helpline for these matters as a service to the IT industry.

Jessica (profile) says:

Let Them Do Their Job

They have to consider this from all sides before even submitting a proposal, which is regarded with severe scrutiny before being allowed to pass. It’s not a slippery slope to abusing intellectual property. That’s paranoia and your article fearmongers to put a stop to something that could very well protect the public. Until the day happens when it fails, it deserves to be let alone to see how it works. Any moron who watches too much television can say ‘the secret service will abuse the public’, but let’s face it, they are not exactly doing that now and have probably got the power to should they desire to do so. They don’t need to pass this measure in order to plant evidence or anything like that. Quit being so stupid. That is not their job. Let them do their job to protect their country and butt out. Your article is presented as one-sided, ill informed and slanted toward exploiting the fears of others toward paranoia to sell your schlep. I am so glad no one pays for the retarded newsletter. It is the articles like this that have made me turn away from Techdirt in disgust. Most days, I just hit Delete when it surfaces in my inbox. This time I just had to say something. I’d swear Techdirt’s so-called “journalists” such as Glyn Moody are just couch critic consiracy theorists who view government agencies as The Man, forever getting in the way of Freedom. *sigh*

Anonymous Coward says:

It is pretty much a given that they have been doing this for some time already. They simply want it to now be above board and on the books because keeping secrets is very expensive and most tidbits gathered are not admissible in court. I’m guessing these things are not admissible for at least two reasons, 1) you would blow your cover, 2) you would be confessing to an illegal act.

I imagine that adding this sort of thing to the law books would require some sort of ambiguity or possibly a section of the law that is kept secret, because they would not want to divulge any details of their methods. Hence, secret laws and tribunals – what a wonderful world in which to live. Just remember boys and girls, ignorance of the law is no excuse and you have nothing to fear if you have done nothing wrong. Don’t worry, be happy.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...