The Canadian Radio-television and Telecommunications Commission (“CRTC”) has served the first-ever warrant under Canada’s anti-spam law (commonly known as “CASL”) to take down a malware command-and- control server located in Toronto, Canada as part of a coordinated international effort.
CASL creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to prohibit unsolicited or misleading commercial electronic messages, the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud. CRTC has the primary enforcement responsibility under CASL, and has various enforcement tools for that purpose (e.g. preservation demands, production notices and warrants).
CASL allows CRTC enforcement officers to obtain from a justice of the peace a warrant authorizing entry to a place (including a dwelling) to verify compliance with CASL, to determine whether CASL has been contravened or to assist an investigation or proceeding under foreign laws that are substantially similar to CASL. Persons executing a warrant to enter a place may, subject to the conditions specified in the warrant: examine anything found in the place; use any means of communication found in the place; use any computer system found in the place to examine data in, or available to, the system; prepare a document based on the data; make copies of documents; seize anything found in the place for examination or copying; or prohibit or limit access to all or part of the place.
On December 3, 2015, CRTC announced that it had served its first-ever CASL warrant to take down a Win32/Dorkbot command-and-control server located in Toronto, Canada. The enforcement action was part of a coordinated effort with domestic and international law enforcement agencies (including the FBI, Interpol and the RCMP) and Microsoft.
According to the CRTC announcement, the Dorkbot malware, which spreads through USB flash drives, instant messaging programs and social networks, has infected more than one million personal computers in over 190 countries, and can cause those computers to send spam, download and install additional malicious programs, steal passwords and participate in distributed denial of service attacks against other computers. A command-and-control server is a centralized computer that issues commands to a network of infected computers and receives reports back from those computers. The CRTC announcement does not provide details of the warrant or its execution.
The CRTC’s Chief Compliance and Enforcement Officer explained: “We are pleased to work alongside our partners during this investigation to mitigate the harm caused to Canadians and citizens in other countries by Dorkbot. These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud. This operation shows that partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats.” ▪