CRTC serves its first-ever warrant under CASL in botnet takedown

News Release

December 3, 2015 – Ottawa–Gatineau – Canadian Radio-television and Telecommunications Commission (CRTC)

The Canadian Radio-television and Telecommunications Commission (CRTC) today announced that it served its first-ever warrant under Canada's anti-spam law (CASL) to take down a command-and-control server located in Toronto, Ontario as part of a coordinated international effort.

Law enforcement agencies from around the globe have disrupted one of the most widely distributed malware families: Win32/Dorkbot. This malware family has infected more than one million personal computers in over 190 countries.

Dorkbot spreads through USB flash drives, instant messaging programs, and social networks. Once a computer becomes compromised, it can be instructed to: steal passwords used for online banking and payments; download and install dangerous malware; and join other infected computers in sending multiple requests to a specific server in the hopes of overwhelming its capacity to respond (known as a distributed denial of service attack).

As part of this investigation, the CRTC is working in close collaboration with its partners, including the Federal Bureau of Investigation, Europol, Interpol, Microsoft Inc., the Royal Canadian Mounted Police (RCMP), Public Safety Canada and the Canadian Cyber Incident Response Centre.

The CRTC will continue to collaborate with its domestic and international partners to aggressively pursue investigations of alleged violations under Canada's anti-spam legislation (CASL) to protect Canadians from online threats.

Canadians are encouraged to report spam to the Spam Reporting Centre. The information sent to the Centre is used by the CRTC, the Competition Bureau and the Office of the Privacy Commissioner to enforce Canada's anti-spam law.

The CRTC does not comment on active investigations, nor does it name the individuals or companies under investigation.

Quick Facts

• Canada's anti-spam law protects Canadians while ensuring that businesses can continue to compete in the global marketplace.
• The CRTC has a number of enforcement tools at its disposal and is using cutting-edge cyber security techniques to prevent and/or investigate alleged violations of Canada's anti-spam law.
• The warrant was granted by a judge of the Ontario Court of Justice and was carried out with the assistance from the RCMP.
• A botnet is a set of computers that have been compromised through the installation of malware and which can be instructed to send spam, install additional malicious programs and steal passwords, among other illicit activity.
• A command-and-control server is the centralized computer that issues commands to a botnet and receives reports back from the co-opted computers.

Quote

Associated Links

• Spam Reporting Centre
• How do I know if Canada's Anti-spam legislation applies to my business or organization?
• Information session on Canada's Anti-Spam Legislation
• Guidelines to help businesses develop corporate compliance programs: Information Bulletin CRTC 2014-326
• Guidelines on the use of toggling as a means of obtaining express consent under Canada's anti-spam legislation: Information Bulletin CRTC 2012-549
• Guidelines on the interpretation of the Electronic Commerce Protection Regulations: Information Bulletin CRTC 2012-548

- 30 -

Contacts

Media Relations
(819) 997-9403

General Inquiries
(819) 997-0313
Toll-free 1 (877) 249-CRTC (2782)
TTY (819) 994-0423
Ask a question or make a complaint

Stay Connected
Follow us on Twitter @CRTCeng
Like us on Facebook www.facebook.com/crtceng

• The warrant was granted by a judge of the Ontario Court of Justice and was carried out with the assistance from the RCMP.

Canadian Radio-television and Telecommunications Commission Government and Politics