Information Technology

SAP has reached a settlement with US investigators to close a prosecution relating to the violation of economic sanctions and the illegal export of software to Iran. 

The cloud software vendor admitted to violating existing sanctions and an embargo placed on the country by the United States.  According to the US Department of Justice (DOJ), SAP violated both the Export Administration Regulations and the Iranian Transactions and Sanctions Regulations “thousands” of times over a period of six years.  On Thursday, the DoJ said the investigation into SAP’s practices — a global case also involving the Department of the Treasury, Office of Foreign Assets Control (OFAC), Department of Commerce, and Bureau of Industry and Security (BIS) — revealed two “principle” ways that economic sanctions had been broken.  From 2010 to 2017, SAP and overseas partners exported US-origin software — including upgrades and security fixes — to users in Iran over 20,000 times. The majority of ‘exports’ went to a total of 14 “Iranian-controlled front companies” located in countries including Turkey, UAB, and Germany, whereas others were directly downloaded from Iranian IPs.  During the same time period, SAP’s Cloud Business Group (CBGs) units allowed over 2,300 users in Iran to access US-based cloud services.  “Beginning in 2011, SAP acquired various CBGs and became aware, through pre-acquisition due diligence as well as post-acquisition export control-specific audits, that these companies lacked adequate export control and sanctions compliance processes,” the DoJ claims. “Yet, SAP made the decision to allow these companies to continue to operate as standalone entities after acquiring them and failed to fully integrate them into SAP’s more robust export controls and sanctions compliance program.”

SAP, as noted by US investigators, voluntarily admitted to the accusations, leading to a settlement worth $8 million to avoid further action and prosecution. Under the terms of the agreement, SAP will hand over $5.14 million in “ill-gotten gain.” The software giant has also spent over $27 million on remediation and compliance, including the development of geolocation IP blocking, the removal of user accounts that would violate sanctions, and the hiring of staff specialized in export controls.  “SAP will suffer the penalties for its violations of the Iran sanctions, but these would have been far worse had they not disclosed, cooperated, and remediated,” commented Assistant Attorney General John Demers. “We hope that other businesses, software or otherwise, will heed this lesson.” In a statement, SAP said the company “aims for the highest standards of corporate integrity” and welcomes the settlement.  “SAP conducted a thorough and extensive investigation into historical export controls and economic sanctions violations,” SAP said. “We accept full responsibility for past conduct, and we have enhanced our internal controls to ensure compliance with applicable laws. Our significant remediation efforts, combined with our full and proactive cooperation with US authorities, have led to a mutually agreeable resolution of the Iran investigation without the imposition of an external monitor.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

While some malware authors will try to create an air of legitimacy around their products to cover themselves from potential criminal cases in the future, one developer of a cryptocurrency stealer isn’t even trying.  According to Palo Alto Networks, malware authors peddling their creations in underground forums will often pretend their products are for educational or research purposes only — a limp attempt to create a legal defense, just in case.  However, a developer making the rounds with a new commodity cryptocurrency stealer has been described as “shameless” by the team.  Indeed, the malware — named WeSteal — is marketed as the “leading way to make money in 2021.” 
Palo Alto Networks
Cryptocurrency theft malware, WeSupply Crypto Stealer, has been sold online since May 2020 by a developer under the name WeSupply, and another actor, ComplexCodes, started selling WeSteal in mid-February this year.  An investigation into the sellers, thought to be co-conspirators, has also revealed potential ties to the sale of account access for streaming services including Netflix, Disney+, Doordash, and Hulu.  The team believes that WeSteal is an evolution of the WeSupply Crypto Stealer project. Marketing includes “WeSupply — You profit” and claims that WeSteal is the “world’s most advanced crypto stealer.”

An advertisement for the malware includes features such as a victim tracker panel, automatic start, antivirus software circumvention, and the claim that the malware leverages zero-day exploits. “It steals all Bitcoin (BTC) and Ethereum (ETH) coming in and out of a victim’s wallet through the clipboard, it also has plenty of features like the GUI/Panel which is just like a RAT [Remote Access Trojan],” the advert reads. 
Palo Alto Networks
Litecoin, Bitcoin Cash, and Monero have also been added to the cryptocurrency list.  

The researcher’s analysis of the Python-based malware revealed that the malware scans for strings related to wallet identifiers copied to a victim’s clipboard. When these are found, the wallet addresses are replaced with attacker-controlled wallets, which means any transfers of cryptocurrencies end up in the operator’s pocket. While the malware is also described as having RAT capabilities, the researchers are not convinced, believing that WeSteal has something closer to a simple command-and-control (C2) communication structure rather than containing features usually associated with Trojans — such as keylogging, credential exfiltration, and webcam hijacking.  The WeSteal developers offer C2s as a service and also appear to run some form of customer ‘service’ — however, the current user base appears to be small. “WeSteal is a shameless piece of commodity malware with a single, illicit function,” the researchers say. “Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. It’s surprising that customers trust their “victims” to the potential control of the malware author, who no doubt could, in turn, usurp them, stealing the victim “bots” or replacing customers’ wallets [..] it’s also surprising the malware author would risk criminal prosecution for what must surely be a small amount of profit.” A Remote Access Trojan (RAT), WeControl, was also added to the developer’s roster after the report was published and awaits further analysis.   Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The Internet Systems Consortium (ISC) has released an advisory outlining a trio of vulnerabilities that could impact the safety of DNS systems. 

This week, the organization said the vulnerabilities impact ISC Berkeley Internet Name Domain (BIND) 9, widely used as a DNS system and maintained as an open source project.The first vulnerability is tracked as CVE-2021-25216 and has been issued a CVSS severity score of 8.1 (32-bit) or 7.4 (64-bit). Threat actors can remotely trigger the flaw by performing a buffer overflow attack against BIND’s GSSAPI security policy negotiation mechanism for the GSS-TSIG protocol, potentially leading to wider exploits including crashes and remote code execution. However, under configurations using default BIND settings, vulnerable code paths are not exposed — unless a server’s values (tkey-gssapi-keytab/tkey-gssapi-credential) are set otherwise.  “Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers,” the advisory reads. “For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built.” The second security flaw, CVE-2021-25215, has earned a CVSS score of 7.5. CVE-2021-25215 is a remotely-exploitable flaw found in the way DNAME records are processed and may cause process crashes due to failed assertions.  The least dangerous bug, tracked as CVE-2021-25214, has been issued a CVSS score of 6.5. This issue was found in incremental zone transfers (IXFR) and if a named server receives a malformed IXFR, this causes the named process to crash due to a failed assertion.

The ISC is not aware of any active exploits for any of the bugs.   Vulnerabilities in BIND are treated seriously as it can take just one bug, successfully exploited, to cause widespread disruption to services. “Most of the vulnerabilities discovered in BIND 9 are ways to trigger INSIST or ASSERT failures, which cause BIND to exit,” the ISC says. “When an external user can reliably cause the BIND process to exit, that is a very effective denial of service (DoS) attack. Nanny scripts can restart BIND 9, but in some cases, it may take hours to reload, and the server is vulnerable to being shut down again.” Subscribers are notified of security flaws ahead of public disclosure, and if patches have not been applied for the latest trio of vulnerabilities, fixes should be issued as quickly as possible.  BIND 9.11.31, 9.16.15, and 9.17.12 all contain patches and the appropriate update should be applied.  CISA has also issued an alert on the security issues.  In other security news this week, Microsoft has disclosed bad memory allocation operations in code used in Internet of Things (IoT) and industrial technologies, with a range of vulnerabilities classified under the name “BadAlloc”. Microsoft is working with the US Department of Homeland Security (DHS) to alert impacted vendors.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Australia’s eSafety Commissioner is set to receive sweeping new powers like the ability to order the removal of material that seriously harms adults, with the looming passage of the Online Safety Act. Tech firms, as well as experts and civil liberties groups, have taken issue with the Act, such as with its rushed nature, the harm it can cause to the adult industry, and the overbearing powers it affords to eSafety, as some examples. Current eSafety Commissioner Julie Inman Grant has even previously admitted that details of how the measures legislated in the Online Safety Bill 2021 would be overseen are still being worked out.The Bill contains six priority areas, including an adult cyber abuse scheme to remove material that seriously harms adults; an image-based abuse scheme to remove intimate images that have been shared without consent; Basic Online Safety Expectations (BOSE) for the eSafety Commissioner to hold services accountable; and an online content scheme for the removal of “harmful” material through take-down powers.Appearing before the Parliamentary Joint Committee on Intelligence and Security as part of its inquiry into extremist movements and radicalism in Australia, Inman Grant said while the threshold is quite high in the new powers around take-down requests, it will give her agency a fair amount of leeway to look at intersectional factors, such as the intent behind the post. “I think that the language is deliberately — it’s constrained in a way to give us some latitude … we have to look at the messenger, we have to look at the message, and we have to look at the target,” she said on Thursday.The Act also will not apply to groups of people, rather simply individuals. The commissioner guessed this was due to striking a balance on freedom of expression.”To give us a broader set of powers to target a group or target in mass, I think would probably raise a lot more questions about human rights,” she said.

She said it’s a case of “writing the playbook” as it unfolds, given there’s no similar law internationally to help guide the Act. Inman Grant said she has tried to set expectations that she isn’t about to conduct “large scale rapid fire”.”Because every single removal notice or remedial action that we take is going to have to stand up in a court of law, it’s going to have to withstand scrutiny from the AAT, from the Ombudsman, and others,” she said. “So the threshold is high, it’s really probably going to target the worst of the worst in terms of targeted online abuse.”Of concern to the commissioner is that social media platforms have vast access to all sorts of signals that are happening on their platforms, yet they often step in when it’s too late.”I think what we saw with the Capitol Hill siege is it wasn’t really until the 11th hour that they consistently enforced their own policies,” she said. “So I think we’ve seen a real selective application of enforcement of some of these policies and we need to see more consistency.”AVOIDING WHACK-A-MOLEShe believes the BOSE will go some way to fixing that. Without setting these expectations, Inman Grant said she would be trying to energise her team to “play a big game of whack-a-mole”.On finding the same perpetrators using the same modus operandi to target others, Inman Grant said it’s a prime example of where safety by design is so important. “You’re building the digital roads, where are your guard rails, where are your embedded seatbelts, and what are you doing to pick up the signals?,” she said. “I don’t care what it is, whether you’re using natural language processing to look at common language that might be used or IP addresses, there are a range of signals that they can — they should be treating this like an arms race, they should be playing the game of whack-a-mole, rather than victims and the regulators.”The safety by design initiative kicked off in 2018 with the major platforms. Currently, eSafety is engaged with about 180 different technology companies and activists through the initiative.Inman Grant called it a “cultural change issue”, that is, tweaking the industry-wide ethos that moving fast and breaking things gets results.”How do we stop breaking us all?,” she questioned. “Because you’re so quick to get out the next feature, the next product, that you’re not assessing risk upfront and building safety protections at the front end. “I mean, how many times do we have to see a tech wreck moment when companies — even a startup company — should know better.”The solution, she said, isn’t the government prescribing technology fixes, rather a duty of care should be reinforced when companies aren’t doing the right thing, such as through initiatives like safety by design. Inman Grant said the BOSE will, to a certain degree, force a level of transparency.”We’re holding them to account for abuse that’s happening on their platforms, we’re serving as a safety net, when things fall through the cracks, and we’re telling them to take it down,” she said. “Platforms are the intermediaries … the platforms [are] allowing this to happen, but we are fundamentally talking about human behaviour, human malfeasance, criminal acts online targeting people.”Inman Grant said eSafety is currently working with the venture capital and investor community, “because they’re often the adults in the room” on developing an interactive safety by design assessment tool, one for startups and one for medium-sized and large companies, that should be made public within the next three weeks.LIKE THE REAL WORLD, JUST DIGITAL”It’s only been 50 years since seatbelts have been required in cars and there was a lot of pushback for that. It’s now guided by international standards. We’re talking about standard product liability — you’re not allowed to produce goods that injure people, with food safety standards you’re not allowed to poison people or make them sick — these should not be standards or requirements that technology companies should be shunning,” the commissioner said.”The internet has become an essential utility … they need to live under these rules as well. And if they’re not going to do it voluntarily, then they’re going to have a patchwork of laws and regulations because governments are going to regulate them in varying ways.”Inman Grant said eSafety is engaging with the social media platforms every day, and has garnered an 85% success rate in the removal of non-consensually shared intimate images and videos.”It tends to be what we would call the ‘rogue porn sites’ that are resistant to take down,” Inman Grant said. “And of course, we see a lot of similarities in terms of the hosting services and the kinds of sites that host paedophile networks or pro terrorist or gore content.”She said eSafety saw a spike in terms of all forms of online abuse over the COVID period, but it wasn’t due to the reason many would think.”We often talk about seeing a lot of child sexual abuse on the dark web, but we saw a lot more on the open web and out in the open on places like Twitter, Instagram, and Facebook —  up to 650% in some cases from the from the year prior,” she said.”It wasn’t just that simplistic explanation that more kids were online unsupervised [and there were more] predators targeting them, that certainly did happen, but really what was happening is a lot of the companies have outsourced their content moderation services to third parties, and many of these are in the Philippines and Romania, in developing countries where these workers were sent home and couldn’t look at the content.”She said with the content moderation workforce unable to view the content and the preponderance of more people online, created a “perfect storm”. “You saw some of the companies using more AI and analytic tools, but they’re still really very imperfect. And almost all of the platforms that do use AI tools always use a portion of human moderation because it’s just not up to par.”RELATED COVERAGE More

Image: Getty Images
The Australian Federal Police (AFP) on Thursday revealed executing a search warrant at a premises in Wollongong, New South Wales, regarding an alleged fraudulent technical support business.The AFP said the search warrant was executed following an investigation under Operation Rayko, which was focused on an Australian business that purports to offer genuine Microsoft technology support to Australian customers.It alleged the business instead linked Australian victims to offshore scammers who would request remote access to their computers.”Once the scammers had access to the computer, they would convince their victims to purchase new software to fix genuine computer issues,” AFP said. “That software was outdated and sold at an inflated price.”AFP said while remotely accessing a victim’s computer, the scammers deactivated antivirus software and other protection programs, and conducted further unauthorised remote access.The company in question, AFP said, has a professional website, an Australian 1800 business number, and uses Microsoft logos to give its operations an air of legitimacy.The AFP said it worked closely with Microsoft to gather information about the products being sold and offshore entities linked to the Australian business.

During the search, AFP investigators seized documents and electronic devices, which will be subject to analysis by AFP Cybercrime Operations. The investigation is ongoing and the AFP is not ruling out charges as a result of the search warrant activity, it said.”Police are assessing evidence seized and will continue to work with Microsoft and IDCARE to determine how many Australian customers may have been affected by these types of scams,” the AFP said.AFP Commander Goldsmid took the opportunity to caution people to only download software from the Microsoft store or official Microsoft partner websites. He said the public needs to be aware of the risks associated with unlicensed businesses and carefully vet who they allow to access their computers.”Be wary of downloading software from third-party sites, as some of them might be outdated or may have been modified to include malware and other threats,” he said.”In this instance the offending involved charging victims for products they didn’t need, and products the business was not authorised to sell. However, the consequences can be much worse — allowing scammers access to your computer may put you at risk of malware, computer viruses, or even the theft of your identification details and sensitive personal information via remote access that can occur without your knowledge.”Goldsmid said it’s an important reminder of how scams have evolved.”They’re not as obvious as an email from a Nigerian prince anymore,” he added. “Modern-day scammers are very technologically savvy and they will exploit victims’ trust in respected institutions to gain a profit.”MORE FROM THE AFP More

Singapore and Thailand have inked a bilateral agreement that enables users in both nations to transfer funds using the recipient’s mobile number. The pact taps the respective country’s peer-to-peer payment systems and is part of a regional payment initiative to ease cross-border payments. The new partnership helped establish connectivity between Singapore’s PayNow and Thailand’s PromptPay platforms, to enable fund transfers of up to SG$1,000 ($753.4) or THB25,000 ($793.96) using mobile numbers. Touted as the first of its kind globally, the deal was the result of “years of extensive collaboration” between the two countries’ central banks, according to a joint statement released by the Monetary Authority of Singapore (MAS) and Bank of Thailand (BOT).

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

Customers of participating banks in both countries would not be required to provide information such as the recipient’s full name or bank account, needing only a mobile number to facilitate the cross-border payment. The service would work in the same way PayNow and PromptPay transfers were carried out, with senders tapping their mobile banking or payment apps to make peer-to-peer fund transfers. Such transactions typically are completed within minutes, rather than an average of one to two working days for the usual cross-border remittance services. Banks participating on both platforms had pledged to set their fees against market rates, according to MAS and BOT. “The fees will be affordably priced and transparently displayed to senders prior to confirming their transfers,” they said. “Senders will also be able to view the applicable foreign exchange charges prior to sending their funds, with these rates benchmarked closely to prevailing market rates.”The connectivity between PayNow and PromptPay was part of efforts initiated under Asean Payment Connectivity, which was set up in 2019 to drive faster, cheaper, and more transparent cross-border payment pacts. The new Singapore-Thailand digital payment deal would continue to expand to include more participants and offer bigger transfer limits to facilitate business transactions, both countries said.

BOT’s governor Sethaput Suthiwartnarueput noted that PromptPay also supported QR-enabled cross-border payments with Japan, Lao PDR, Cambodia, and Vietnam. “Today’s PayNow-PromptPay linkage…will effectively address customers’ long-standing pain points in the area of cross-border transfers and remittances, including long transaction times and high costs,” Suthiwartnarueput said.MAS’ managing director Ravi Menon added: “[The partnership] shows that existing payments infrastructure and the banking system have the potential to provide seamless cross-border payment options to retail customers.”MAS’ shared objective with BOT is to work with our Asean counterparts to expand this bilateral linkage into a network of linked retail payment systems across Asean. With the rise of the digital economy, we want to empower individuals and businesses in the region with simple, swift, and secure cross-border payments through just a few clicks on their mobile phones,” Menon said.RELATED COVERAGE More

The security research group for Azure Defender for IoT, dubbed Section 52, has found a batch of bad memory allocation operations in code used in Internet of Things and operational technology (OT) such as industrial control systems that could lead to malicious code execution. Given the trendy vulnerability name of BadAlloc, the vulnerabilities are related to not properly validating input, which leads to heap overflows, and can eventually end at code execution. “All of these vulnerabilities stem from the usage of vulnerable memory functions such as malloc, calloc, realloc, memalign, valloc, pvalloc, and more,” the research team wrote in a blog post. The use of these functions gets problematic when passed external input that can cause an integer overflow or wraparound as values to the functions. “The concept is as follows: When sending this value, the returned outcome is a freshly allocated memory buffer,” the team said. “While the size of the allocated memory remains small due to the wraparound, the payload associated with the memory allocation exceeds the actual allocated buffer, resulting in a heap overflow. This heap overflow enables an attacker to execute malicious code on the target device.” Microsoft said it worked with the US Department of Homeland Security to alert the impacted vendors and patch the vulnerabilities.

The list of affected products in the advisory includes devices from Google Cloud, Arm, Amazon, Red Hat, Texas Instruments, and Samsung Tizen. CVSS v3 scores range from 3.2 in the case of Tizen to 9.8 for Red Hat newlib prior to version 4. As with most vulnerabilities, Microsoft’s primary piece of advice is to patch the affected products, but with the possibility of industrial equipment being hard to update, Redmond suggests disconnecting devices from the internet if possible or putting them behind a VPN with 2FA authentication, have a form of network security and monitoring to detect behavioural indicators of compromise, and use network segmentation to protect critical assets. “Network segmentation is important for zero trust because it limits the attacker’s ability to move laterally and compromise your crown jewel assets, after the initial intrusion,” the team wrote. “In particular, IoT devices and OT networks should be isolated from corporate IT networks using firewalls.” Related Coverage More

The Department of Home Affairs has a dedicated team to find content on social media sites that promotes hate, incites violence, or points to terrorist propaganda. The team then works with social media platforms to have that content removed.In the 12 months to 31 March 2021, 1,559 pieces of terrorist and violent extremist content were referred. 95% of that, or 1,486 items, were in the religiously motivated violent extremism space. 3%, or 51 pieces of content, were defined as being ideologically motivated violent extremist material. The remaining 2% was not defined. The team has a budget of around AU$3 million.Appearing before the Parliamentary Joint Committee on Intelligence and Security (PJCIS) as part of its inquiry into extremist movements and radicalism in Australia, Dr Richard Johnson, first assistant secretary of Home Affairs’ Social Cohesion team, said this isn’t necessarily reflective of the amount of content that’s out there, as the platforms themselves engage in their own takedown procedures.But there are some platforms that don’t have a referral function, which Johnson said points usually to the nature of those particular sites. While the Home Affairs team deals with the more mainstream platforms — such as Facebook and Instagram and Twitter — it also engages the likes of Telegram and 4chan.”We have referred material before, whether we’re successful very much depends on the nature of the platform, how they’re operating in a particular jurisdiction, and also the ethos of the particular platform,” he clarified.

Senators were concerned the 1,559 figure was at odds with other statistics they have seen.See also: Facebook tightens screws on QAnon and US militia groups”Firstly, platforms themselves do a lot of work in the first instance, to remove such materials. Not all platforms do. Secondly, we work in the open source … space. So we’re not seeing everything that’s on the internet — we’re not working in encrypted chat rooms, etc,” he said. “Thirdly … some of the material falls short of the thresholds in the first instance. Some of the platforms that host some of the material just don’t have a referral function. So part of their raison d’etre, so to speak, is to host such content.”Johnson said violent extremist material in particular is what the team is looking for, but it also tracks down the likes of manifestos or content that advocates or instructs on how to commit a terrorist offence.”The online team is principally about understanding the narrative focal points … it’s certainly not tracking individuals in that sense,” Johnson said, responding to questioning on whether an individual displaying symbolism, such as a radical flag, on their own personal Facebook page.That work, he said, falls more in the hands of the teams that work with community leaders, as one example, in prevention activities and material that is counter to extreme ideological perspectives individuals might be exposed to.One such program run on behalf of the Department of Home Affairs by Icon Agency is Rapt!. Rapt!, its website says, celebrates the many ways Muslim Australians contribute to society and its culture, by sharing stories and reflecting on different beliefs and opinions. With a presence already on Facebook and Instagram, as well as the web, Johnson said a YouTube channel will launch soon.Johnson was asked by Shadow Minister for Home Affairs Kristina Keneally in her capacity as a PJCIS member how the department is helping people understand, for example, what “shitposting” is.”We’ve run a couple of digi-engage forums for young people to specifically take them through what they’re seeing on the internet, what some of the tropes are … there’s ironic nodes that some of these groups use, for example, how to see it, to recognise it, and even to engage with it in an attempt to challenge it, if that’s appropriate,” Johnson said. “So we’ve got a capability set of work that we do precisely for that on the online environment.”With Department of Foreign Affairs and Trade counter terrorism ambassador Roger Noble pointing to the “dark web” as making violent and extremist material more accessible in his testimony earlier in the day, Home Affairs was asked what legislation would help law enforcement activities in the space.Must read: Intelligence review recommends new electronic surveillance Act for AustraliaChris Teal, Home Affairs deputy secretary of social cohesion and citizenship and also the counter-terrorism and counter foreign interference coordinator, told Senators the Counter-Terrorism Legislation Amendment (High Risk Terrorist Offenders) Bill 2020 is of need, as is the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 and the Telecommunications Legislation Amendment (International Production Orders) Bill 2020.”One of the flow-ons from Dr Johnson’s evidence is that a lot of this is occurring out of sight, on the dark web … one of the reasons I would contend that the numbers are as they are in relation to takedowns is because we’re on what I think is known as the surface web and apparently there’s a bad thing underneath it,” he said. “I think that the numbers that we’ve been talking about is not demonstrative of what’s out there. It’s demonstrative of what we can see.””The International Production Orders legislation currently before the Parliamentary Joint Committee will create a step change in the way in which Australia can request information directly from US companies and the evidence that Dr Johnson outlined about some of the companies that we work with … this will short circuit what is a very long process in mutual recognition and mutual exchange of information processes,” explained first assistant secretary of Home Affairs’ Cyber, Digital and Technology Policy team, Hamish Hansford.”The committee will consider that our marching orders on that legislation,” PJCIS chair Senator James Paterson declared.Appearing earlier in the day before the PCJIS, Australian Security Intelligence Organisation (ASIO) Director-General of Security Mike Burgess said the security legislation before Parliament would certainly help law enforcement, but said ASIO was content with the powers it is awarded under the Telecommunications and other Legislation Amendment (Assistance & Access) Act 2018 (TOLA Act).”With TOLA, our investments in our capability to deal with this evolving — I’m satisfied at this point in time, we have the right legal mechanisms in place for my agency, noting my federal police colleagues have other needs that they’re prosecuting the case for now,” Burgess said.RELATED COVERAGE More