The Australian Signals Directorate (ASD) and the UK Government Communications Headquarters (GCHQ) were involved in an operation to crack down on stolen credit card numbers.
Contained in an opening statement that was accepted into Hansard rather than read out by newly installed director-general of ASD, Rachel Noble, on Wednesday evening last week, ASD said the operation was undertaken with powers it gained in July 2018 to prevent overseas cybercrime.
"ASD, in collaboration with our UK counterpart GCHQ, identified over 200,000 stolen credit cards globally, including over 11,000 stolen Australian cards. These stolen credit cards represent potential losses of over AU$90 million globally, and over AU$7.5 million domestically," Noble said.
"This case also demonstrates how our intelligence actions offshore, can directly impact online safety and security here at home."
Noble said it was an example of criminals selling credit card details on the dark web.
"That's an example where we have used our powers to look into the dark web to understand the nature of activity by criminals," she said.
"We are working with the private sector -- in this case, Visa and Mastercard -- to start to prevent that criminality by helping them work through the cancellation of those cards and the management of their customers."
In its annual report released in October, GCHQ said it had undertaken Operation Haulster, which "automatically flagged fraudulent intention against more than one million stolen credit cards".
Noble noted that GCHQ has powers to prevent cybercrime onshore, whereas ASD does not. However, an exchange with Senator Jacqui Lambie revealed ASD had used its powers domestically.
"ASD is prohibited via legislation from producing intelligence on Australian persons except in rare circumstances. Have any of those rare circumstances occurred in the last 12 months?" Lambie asked.
"Yes," replied Noble, who added that to give an example would involve classified material.
The opening statement also said Toll Group had called in the Australian Cyber Security Centre (ACSC) following an infestation of Mailto ransomware that saw the logistics giant fall back to manual processes.
"Our assistance has included providing technical experts to identify the nature and extent of the compromise, and provide Toll with tailored mitigation advice," Noble said.
ACSC has used its Cyber Incident Management Arrangements (CIMA), which handles co-ordination between governments in Australia during "national cyber incidents", twice since July 2019, with one instance being when Emotet malware re-emerged.
"The ACSC coordinates CIMA activations through its role on the National Cyber Security Committee," Noble's statement said.
"Partnership with our state and territory counterparts is essential to the successful detection and response to multi-jurisdictional cybersecurity incidents."
In testimony from last Wednesday, Noble revealed that a Citrix vulnerability announced over Christmas could have been used by malicious actors to access a database of Australian Defence recruitment details.
"On the 24th of January ... through sensitive other sources, had a concern that the Department of Defence and its contractor running the DFRN [Defence Force Recruiting Network] may have been vulnerable to a malicious act as a result of the Citrix issue," Noble said.
ASD believed no data was compromised, but it did see attempts to access the network related to the vulnerability.
"Given the global nature of the vulnerability which affected companies worldwide, I don't think they would have been the only one," Noble said.
Australia's Parliament downplayed a leaked report saying its cybersecurity was 'at a low level of maturity', claiming it's OK now. But parliaments and politicians are high-value cyber espionage targets.
Can lawmakers continue to ignore the well-founded criticisms of the ever-increasing powers given to law enforcement and intelligence agencies? Can agencies continue to be so secretive?
There's no sign of mass surveillance, but the Independent National Security Legislation Monitor suggests a UK-style 'double lock' system for authorising access to encrypted communications.
The first seven months of Australia's controversial encryption laws didn't see an explosion of decryptions. Worry instead about the cops bypassing judges to get their interception warrants approved.
There is content on the envelope. A Senate committee has been told that law enforcement agencies sometimes get full URLs from telcos, despite government reassurances.