The Australian Federal Police used controversial website blocking powers to block the spread of the Gameover Zeus botnet targeting banking credentials earlier this year, the agency admitted today.
The use of the section 313 notices under the Telecommunications Act is currently being investigated by a parliamentary committee to determine whether agencies such as the AFP are using the powers appropriately to disrupt illegal online activities.
Agency use of the provision - which has been in place for almost 15 years but was not used until recently - has been criticised after the Australian Securities and Investments Commission last year admitted it inadvertently blocked 250,000 websites in an effort to block just 1200 while using the section.
ASIC later admitted that the team which requested the block had not known one IP address could host multiple websites.
The AFP predominantly uses the legislation to block websites hosting child abuse material, but the federal police force today revealed in a submission to the inquiry that it had used section 313 in an effort to block the spread of malware earlier this year.
It issued a number of section 313 notices to "prevent the distribution of peer-to-peer malicious software (malware) which was designed to steal personal banking and financial credentials from the platforms of Australian computer users", the agency stated in its submission. It later revealed the malware targeted was the Gameover Zeus botnet.
"The AFP was aware that the domain supporting the malware was used for the exclusive purpose of distribution and updating the malware.
"The blocking by ISPs of this domain prevented the widespread distribution of this malware in Australia and the subsequent compromise of Australian’s financial details that potentially could have been used to undertake large scale fraud."
The AFP also lobbied for the continued ability to self-authorise the website blocking requests, and argued that the notices should be available to any law enforcement, regulatory or government agency involved with matters of national security and serious crime.
Industry representatives have asked for limits on the number of agencies able to use the legal provision, and have called for increased oversight on their use - including publishing the amount of section 313 notices issued annually.
The AFP said it welcomed annual reporting on the number of section 313 blocking requests, but warned providing specific details as to the nature of each request and the ISP to which it was made could have a "substantial adverse effect on the proper and efficient operations of the AFP and may be contrary to the public interest."
Update 4:33pm: The AFP said in a statement to iTnews it could not comment on the specific malware being targeted as that would "reveal operational methodology which would compromise its future use in protecting the Australian public".