ATO looks to “unattributable exploration” of social media and the internet – Security – Software


The Australian Taxation Office is to buy software to enable “unattributable exploration” of social media and of “surface, deep and dark” web properties.



The software is intended to build on work commenced last year to introduce open-source intelligence or OSINT tooling to assist in protecting Australia’s tax and superannuation systems.

The tax office said in tender documents overnight that OSINT had already allowed it “to take proactive steps to protect Commonwealth revenue and the integrity of the superannuation and taxation systems.”

It now wants one or more OSINT tools to support intelligence, operational and data science use cases.

“Several dedicated intelligence teams” and operational teams oversee protection of the tax and superannuation systems, the ATO said.

“The intelligence and operational teams have a consistent and growing requirement to keep pace with the online behaviours of the criminals and threat actors dodging, exploiting, or harming Australian citizen’s taxes, identities and Commonwealth agencies,” it said.

Data science is more inward-focused, aimed at “internal monitoring, detection and prevention of potentially fraudulent activity.”

This appears to be a reference to behavioural analytics software that the ATO sought in late 2023 to help it deal with insider threat activity.

The ATO is now specifying a desire for tools “to complete advanced targeted digital data collection across multiple platforms such as Facebook, Instagram, Twitter [now x], Telegram, Gab, Reddit, 4chan, 8kun, VK [and] Discord.”

“Capability to collect information across an extensive list of dark web forums and marketplaces is also required,” it said.

“This will provide the ATO, TPB [Tax Practitioners Board] and ACNC [Australian Charities and Not-for profits Commission] with an essential capability and allow us to be at the forefront of detecting, intercepting, and disrupting serious financial crime which is increasingly being exploited by criminals.”

The ATO suggested a relatively small number of staff would have access to the tooling – starting at about 40 people, with a possible doubling over time.

“Operational and tactical users” – who make up the biggest user base, about 28 people initially – are intended to have the most technical capabilities at their disposal.

Among a set of “highly desirable” features are unattributable mechanisms that would allow ATO investigators “to fully blend in with traffic” while performing searches; the ability to geolocate “persons of interest”; and the “ability to set or perform attribution tracing/tracking, similar to advertising identification software deployed by Apple, Google and Microsoft.”



Source link