Australia’s competition and corporate watchdogs used Netcraft technology to target 5579 scam websites over a three-week trial period.
The joint trial ran from June 29 to July 20 last year and used 5500 URLs submitted by the Australian Securities and Investment Commission (ASIC) and 79 URLs submitted by the Australian Competition and Consumer Commission (ACCC).
Many of the 5500 URLs ASIC removed with Netcraft related to cryptocurrency scams.
An ACCC spokesperson told iTnews that the 79 URLs it submitted were identified in 1757 scamwatch reports, referring to a website and service it runs targeting scams.
“The ACCC does not have capacity to undertake routine website removal which is resource intensive," the spokesperson said.
“The ACCC-submitted URLs that resulted in website removal requests were phishing (60 percent), fake online retailers (24 percent), technical support scams (six percent), malware (six percent) and cryptocurrency investment scams (2.5 percent).”
Manual blocking persists
According to documents obtained through a Freedom of Information (FoI) request by iTnews, in addition to the Netcraft trial, ASIC made 100 manual removal requests between 2015 and 2023.
ASIC sent the requests to hosting [pdf] and domain registration [pdf] providers, as well as to Meta, Google, Apple [pdf] and AWS.
They related to scams such as fake class actions promoted over Facebook [pdf], 206 “unlicensed binary options” apps hosted on Google Play, a Facebook Messenger account impersonating ASIC deputy chair Karen Chester [pdf] and an unauthorised financial services provider Union Standard International Group hosted on AWS [pdf].
All of these requests were made informally rather than through the use of section 313 of the Telecommunications Act 1997, which is potentially why they were not reported to the Australian Communications and Media Authority (ACMA).
Agencies’ obligation to report s313 takedowns to ACMA was brought in to prevent a repeat of a notorious 2013 incident where ASIC inadvertently blocked 250,000 legal, non-target websites in its attempts to take down one illegal website.
ASIC told a 2015 parliamentary inquiry into website-blocking that it "wasn’t aware" a single IP address could host multiple websites when it asked ISPs to block IP addresses hosting sites committing financial fraud.
iTnews' FOI reveals this mistake has not been repeated - and neither ASIC’s automated or manual removal requests have had collateral damage.
This is likely because since the 2013 incident, ASIC has mostly blocked specific URLs.
The parliamentary inquiry called for “reporting arrangements” and “whole-of-government guidelines for the use of section 313,” which ACMA released in 2017.
The guidelines for the website-blocking powers apply to federal, but not state and territory agencies.
Even if including the takedowns in ACMA’s annual reports could “jeopardise ongoing or planned investigations, operational activities” or pose “national security concerns”, the guidelines instruct agencies to “provide an annual aggregate number of requests to the ACMA for publication.”
However, ASIC and ACCC have not done this, potentially because the requests have been made as informal removal notices rather than formal legal requests submitted through s313.
The 2015 inquiry found only ASIC, AFP and the Attorney-General had used section 313 for website takedowns
S313 had never been interpreted as enabling federal, state and territory agencies to unilaterally block websites until a year before the ASIC incident when the AFP set the precedent by using it to block a list of child abuse sites.
Then minister for communications Stephen Conroy said this demonstrated s313 as an alternative to Labor’s mandatory, ISP-level, content filtering proposal at the time, which it ultimately ditched.
