• Home
• About us
• Technology enabled crime types
  • Computer intrusion and denial-of-service
  • Harassment, threats and defamation
  • Mule recruitment
  • Offensive and prohibited Internet content
  • Online child sex exploitation
  • Online fraud
  • Phishing
  • Racial vilification
  • Spam
• Key partners
• Frequently asked questions
• News and Information

Computer intrusion and denial-of-service

Computer intrusion is any unauthorised access of a computer or network of computers.

Denial-of-service is the deliberate disruption or impairment of a service or communication. 

In general, for a matter to fall within the jurisdiction of Australian police, when an unauthorised system intrusion, disruption or impairment occurs:

• the system or computer server where the content is hosted must be in Australia, or
• the offender causing the intrusion, disruption or impairment must be an Australian citizen.

On this page:

• 'Hacking' of free email services
• Malicious software
  • What to do if your computer is infected
  • Pop-up advertising
  • What you can do
• Report a computer intrusion online

'Hacking' of free email services

If your free email account has been 'hacked' and an unauthorised person is using it, the first course of action you should take is to contact the provider of the email service and seek their assistance in fully resolving the problem.

If you know who the perpertrator is, they reside within Australia, and you consider the matter serious enough to warrant reporting to police, you may choose to report it to the State or Territory police where you live. See our Key Law Enforcement Partners.

In most cases - unless the perpertrator resides in Australia, or the computer server of the company that provides the free email service is located in Australia - Australian law enforcement will not have the jurisdication to take action.

Malicious software

Malware, botnets, Trojans and computer viruses (or virus writing) are all tools used by offenders to gain unauthorised access to a computer system or network.

The discovery of these sorts of tools on your computer system or network should be reported to your anti-virus software and firewall provider.

What to do if your computer is infected

If your home computer is infected with malicious software such as a virus, spyware or adware, you should use commercially available anti-virus software to quarantine and remove the malicious software.

If the virus was sent to you via an infected email from someone you know, then you should advise them their computer is probably also infected.

If you cannot solve the problem yourself, you may need to engage the services of your local computer shop or IT professional for assistance. Auscert also provides information about protecting your computer from malicious code and how to deal with infection.

If you believe you were intentionally infected with a virus and you have evidence as to the identity of the person who sent you the virus, then you may choose to report it to the State or Territory police where you live. See our Key Law Enforcement Partners.

If you have information about anyone involved in the creation or distribution of these tools, please report it to the AHTCC: Malware, Botnets, Trojans and virus writing - Online Crime Reporting.

Pop-up advertising

Pop-up advertising on Internet sites can be annoying and can appear as a result of unknowingly having 'adware' and 'spyware' programs installed on your computer.

What you can do

Programs designed to defeat adware and spyware, and browsers with built in pop-up blockers, can be found on CDs supplied with some computer magazines, downloaded from program creators' websites, or purchased from retail computer software outlets.

Report a computer intrusion or denial-of-service online

You may use the online form to report a computer intrusion or denial-of-service to police via the AHTCC.

When evaluating an incident, police will need to know:

• Level of affect – Has there been destroyed data or loss of service?
• Sophistication – Was the nature of the attack highly sophisticated?
• Nature of target – Was the target a website (e.g. for the purposes of defacement) or a hardened network?
• Target significance – How important is the target? How big is the target? How big was the impact?

To fully assess the report of a systemintrusion and determine an appropriate response, police will require all logs from your network or system, and information from your administrators describing what happened at the time of the attack(s).

This information should include, where possible and/or appropriate:

• How access to the system is controlled
• How access was gained (dial-up/on site/administrator/root access/virus)
• What access was gained
• What time access was gained and for how long
• The user name that was utilised
• The password utilised
• The IP address utilised to enter from outside
• What actions were performed by the person accessing once they were in the system
• What files were accessed/modified/deleted
• Where the files were taken from
• Any information copied from the system and any settings changed
• Any logs or information your Internet Service Provider may have captured in relation to this matter
• Information about how much data has been recovered/retrieved from back-up tapes.

How to protect yourself

Any computer connected to the Internet will eventually be scanned by individuals attempting to gain unauthorised access. This is especially true for home systems and those who have 'always on' broadband Internet connections.

Personal firewalls, virus scanners and intrusion detection systems are an important part of securing home computers as they can prevent and respond to the security incidents that commonly occur across the Internet.

Some common terms and their meanings:

• Firewalls restrict the data passed between a computer and a network, usually the Internet. Firewalls typically restrict communication to a combination of safe, allowable programs and computers.
• Intrusion detection systems (IDS) also monitor network traffic; however they focus on identifying traffic patterns which may indicate common attacks from the network, also typically the Internet.
• Virus scanners monitor areas of a computer such as its memory, files on a disk, email messages and Internet browsers where computer viruses and Trojans (malicious software) most often reside. Most virus scanners can detect and remove all common malicious software.

The distinction between firewalls and IDS is becoming less clear, as IDS functions are increasingly being integrated into personal firewall programs.

It is important to remember that no program is perfect at interpreting network and computer activity. In security terms, monitoring software will sometimes produce 'false positives' and 'false negatives':

• False positives occur when a program interprets harmless activity as an intrusion. Examples of this include:
  
  • remote computers which legitimately attempt to access a local computer, such as an Internet service provider legitimately monitoring account usage
  • programs installed on a computer which need to obtain information from the Internet, such as news or stock quotes, or 'call home' to download updates.
    
• False negatives occur when malicious activity is interpreted as harmless. This usually occurs when the configuration of security programs degrades over time because of excessive 'allowed' rules, or security settings have been loosened, or security programs have not been regularly updated.

Recommendations

• The AHTCC recommends that firewalls, IDS and virus scanners be installed on any computer connected to a network, especially the Internet. More information including links to free sources of these programs can be found on the NetAlert and AusCERT web sites.
• Security programs are only fully effective if they are configured correctly. Although programs are pre-configured with 'typical' settings, these configurations may not be appropriate to your specific installation. Therefore it is important to read the documentation and review your configurations to ensure maximum security for your situation.
• As program configurations such as firewall rules change over time, it is important to regularly review the settings to ensure they are still providing an appropriate level of security.
• Regularly using the 'update' features in security programs is vital to ensuring they can recognise and respond to new vulnerabilities.
• When a security program reports an error, it can be difficult to determine exactly what has occurred, how it has occurred, and how harmful it is. In such cases we recommend you:
  
  
  • determine what action the security program has taken. In most cases, if a security program has reported an incident, it has already taken the necessary preventative action, and no further action is required
  • review any information provided by the security program that describes the event in order to determine exactly what has occurred. Conduct searches on the Internet using details from the event if more information is required
  • review the advice above regarding false positives and false negatives, and consider whether the incident could be one of these
  • perform a virus scan to identify any malicious programs which may be present, ensuring you have the latest virus updates

If you believe a security incident has occurred, organisations such as AusCERT and NetAlert are able to provide more details on the specific vulnerability and how to recover from it.