15  mitigates online attacks that have compromised personal identity information PII by notifying the public and private sector organisations whose customers or clients have been affected;  publishes security bulletins 1  publishes papers, policy submissions to government relating to ICT and Internet security and computer security and cyber crime surveys , which are available from the AusCERT web site including security bulletins about specific cyber threats affecting Australian networks and Internet users; 2  provides public outreach, education and awareness raising about Internet security issues including via the media; ;  provides information and expertise to law enforcement about specific cyber attacks affecting or emanating from Australian networks;  participates in government, CERT and industry multi-lateral meetings including actively participates in cyber security exercises with a range of global partners;  communicates, cooperates and builds relationships with industry, domain name registries, telecommunication providers and national CERT counterparts overseas which AusCERT relies upon to help provide assistance to Australian Internet users being attacked from sources in overseas constituencies

2.1. Incident Handling Statistics

A large part of AusCERTs core business involves analysis of online cyber attacks. While these are not the only incidents handled by AusCERT, they represent a common form of cyber attack and show clear upward trends associated with these set of criminally-motivated activities. Figure 1 shows the number of malware and phishing sites handled by AusCERT in 2007. The temporary drop in phishing attacks is due to a change in the reporting and handling arrangements that were previously in place, and are not a reflection of reduced activity of this nature. The peaks in malware activity are attributed to increased levels of storm botnet activity. 1 See AusCERT security bulletins: https:www.auscert.org.au1. AusCERT restricts public access to a small selection of security bulletins and papers in order to retain member value. AusCERT relies on membership subscriptions to cover its operating costs - in the delivery of member services and national CERT functions. 2 See AusCERT publications http:www.auscert.org.au1920 16 Each incident represents a single unique URL or domain name that is hosted by one or more compromised computers for the purpose of stealing sensitive information and access credentials from other computers. Multiple incidents can be associated with each attack, which is the set of compromised computers needed to launch the attack and collect the stolen data. The number of IP addresses associated in a single incident and a single attack is variable but can range from 1 to around 5,000. This graph does not include specific compromised hosts involved in any single attack or incident - only URLs and domain names. Nor does this depict the number of computer infections compromised hosts that occur due to each malware attack of which there is generally many hundreds or thousands. Figure 1 The figures above are representative of specific types of incidents handled by AusCERT. Total incidents handled are much greater. 17 Figure 2

2.2. Security bulletins and blogs