Related topics

Oz biz regulator discovers shared servers in EPIC FACEPALM

'Not aware' that one IP can hold more than one Website

Tactical facepalm

The Australian Securities and Investment Commission, which in 2013 accidentally blocked innocent Websites in an attempt to disrupt financial fraud, has told a government inquiry it didn't actually know what it was doing.

In using what are called “Section 313 notices” under the Act to shut down fraud sites, the financial regulator has said it didn't realise that IP addresses weren't a good mechanism because shared servers exist.

Section 313 of the telecommunications act obliges carriers to cooperate with law enforcement agencies to help prevent crimes; in the case of the Internet, that means the ASIC can ask carriers to block their networks against fraudsters. However, technical ignorance on the part of the commission resulted in a high degree of over-blocking.

“Our experience using s313 to block websites indicates that it is a useful measure for disrupting investment frauds and warning Australian investors that the investment being offered are not legitimate. However, our use of s313 has also highlighted the risk that other websites may be inadvertently blocked in the process,” the regulator says in this submission to the parliamentary inquiry into the use of Section 313 notices.

“We were subsequently advised that the IP address hosted approximately 1090 websites, including that of the fraudulent financial services entity and that of the Melbourne Free University.”

How could this take place? Let's stick with the submission:

“Our internal review identified that … the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites”.

It gets better: “We also undertook a review of other s313 requests to ascertain whether other non-fraudulent websites had been blocked. This review alerted us to an IP address that hosted in excess of 250,000 websites. A further review indicated that in excess of 99.6% of these sites contained no substantive content. This blocking request was removed.” ®

Sponsored: Network DDoS protection