Australian bill cracks down on cyber abuse

Plus, new revelations about Clubhouse and an inmate conducts romance fraud from prison

Parliament in Australia is reviewing the proposed Online Safety Bill 2021, which would in essence extend the cyberbullying rules protecting children so that adults are protected in the same way. The bill also expands children’s protection by giving them the right to be free from harmful content not only in the realms of social media, but also within games, on websites, and using other online services.

The eSafety Commissioner would gain the right to issue content takedown notices directly to the offending services and end users, with the mandated takedown time halved from 48 to 24 hours. Noncompliant entities would face penalties of up to AU$550,000 for companies and AU$111,000 for individuals. 

“Sadly, social media has become a breeding ground for cyberbullies who abuse the anonymity provided by the platforms,” commented Avast Security Evangelist Luis Corrons. “When this gets to a certain level, such as involving death threats, justice can intervene. In other cases, however, that hasn’t been an option. Hopefully this new bill adds new tools that protect people from being harassed online.” The punishments for cyberbullying do get more serious when the harassment becomes criminal behavior, such as in sextortion scams where bad actors try to intimidate victims into paying money to stop the release of embarrassing content. A second piece of legislation called the Online Safety (Transitional Provisions and Consequential Amendments) Bill 2021 was also introduced to Parliament, which brings heavier penalties to cybercriminals, such as increasing the maximum sentence from 3 years to 5 years. See ZDNet for more. 

Does Clubhouse share data with China?

A report by the Stanford Internet Observatory (SIO) confirmed that the popular, audio-only hang-out app Clubhouse has ties to China, which could indicate that app data may be shared with the Chinese government. SIO learned that Agora, the Silicon Valley company that provides the real-time voice platform for the app, is actually the U.S. extension of its Shanghai-based headquarters. Under People’s Republic of China (PRC) rule, the government can seize any data from any company if it pertains to a criminal investigation. This is of particular concern to Chinese citizens who used the new app to chat freely about forbidden topics before the PRC blocked its use on February 8. To learn more about the trendy new app, check out our in-depth look at Clubhouse

Inmate commits romance fraud from behind bars

A recently released ex-convict shared his romance fraud adventures with BBC News, explaining how he swindled money from multiple lonely hearts while he was serving a prison sentence. “I just saw how easy it was,” the fraudster told the BBC, recounting how he picked targets by looking for women who seemed lonely and lacking attention from others on the dating app. Once he was convinced they were falling in love with him, he began asking them for money. The UK reported almost 7,000 cases of romance fraud in 2020, costing victims a collective £70 million, and there’s been a 20% increase to those numbers the pandemic started. If you’re navigating the online dating world, be sure to read Avast Senior Writer Emma McGowan’s deep dives into which dating apps protect your privacy and how often online daters Google each other

Ukraine claims DDoS attacks came from Russia

According to Bleeping Computer, Ukraine’s National Security and Defense Council (NSDC) is accusing bad actors on Russian networks of launching DDoS attacks upon government websites in the Ukranian defense and security sector since mid-February. The organization discovered new malware was being used in the attacks, which hijacked the victimized machines, making them into part of the botnet. Some experts believe the attacks are acts of retaliation for the arrests of certain alleged members of the Egregor ransomware threat group, apprehended recently by Ukranian law enforcement. 

Botnet hides backup IP in bitcoin blockchain 

Analyzing a botnet found in the wild, researchers discovered it was using the bitcoin blockchain to store its backup IP address. If the botnet’s command-and-control IP address were to be compromised, the botnet was programmed to use a backup IP it was to find by decoding the last two transactions of a certain bitcoin wallet. It would then use an algorithm to convert the transaction amounts into a new IP address that could then regain control of the botnet. By using the blockchain, the botnet operators ensured that their data could never be blocked, taken down, or censured. Unfortunately for them, it was easily foiled all the same. Adding any new transaction to the wallet, such as a deposit in the minimum amount of 0.0004 cents, changes the data retrieved by the botnet, disrupting its backup plan. Read more on Ars Technica

This week’s ‘must-read’ on The Avast Blog

Many child monitoring apps use marketing that focuses heavily on scare tactics. While it might be tempting to track kids without their knowledge, doing so might hurt your relationship with your child — and it could even make them less safe.

--> -->