State police helping crack Centrelink fraud suspects' passwords

By

By providing warrants to Services Australia.

State policing agencies are providing Services Australia with search warrants used to access password-cracking technology during investigations into welfare fraud. 

State police helping crack Centrelink fraud suspects' passwords
Cellebrite's Universal Forensic Extraction Device.

The Centrelink-administrator told senate estimates earlier this year that Services Australia can only use Cellebrite’s hacking tools when a search warrant is obtained by law enforcement.

“So that requires engagement with the Australian Federal Police, who execute that search warrant,” Services Australia deputy CEO Christopher Birrer said at the time.

Once extracted, the evidence is then supplied to Services Australia.

For example, a NSW Centrelink user told iTnews that after her and her daughter and ex-partner’s password-protected devices were seized, Services Australia questioned her about the contents of her WhatsApp messages to assert that she was in an undeclared relationship.

The agency has now clarified that access to the Israeli vendor’s "universal forensic extraction devices" is also supplied through search warrants provided by state policing agencies.

Responses [pdf], provided to questions taken on notice state that, “generally, search warrants are obtained and executed by the Australian Federal Police (AFP), however, there are some cases where search warrants are facilitated by state police.” 

The documents [pdf] provided to Parliament's Community Affairs Committee also state that no requests to law enforcement agencies for search warrants have yet been denied. 

“From June 1 2022 to May 31 2023, there were 16 agency-led matters that proceeded to a premises search warrant,” the documents read. 

“This figure does not include those matters where a search warrant was executed by prior arrangement with the individual or organisation.”

Spreading the workload of processing requests for search warrants across multiple agencies may increase the frequency of Services Australia’s access to the password-bypassing hardware and software.  

This is suggested by a statement Birrer made during the senate estimates; he said that law enforcement agencies' limited resources are taken into consideration when Services Australia decides whether to request a search warrant.

“We do have a process by which any investigation is considered, prioritised against agencies' resources and the seriousness of the matter. Quite often, these technologies are used to examine a suspect's device,” Birrer told Greens’ social services spokesperson Senator Janet Rice.

Both during the senate estimates and in the now-published answers to questions on notice, Services Australia refused to answer other details about its use of the tool.

It said both that it did not keep records of the requested details or that disclosure could prejudice the agency's investigations into fraud.

A response [pdf] to a question on notice said, "The agency does not track the number of applications of Cellebrite technologies during investigations" because the warrants are needed to seize and crack devices but not “specifically for use of the Cellebrite tools.” 

Although "a property seizure record is created as part of this process," [pdf] a property seizure record about a device does not specify whether its password had to be bypassed.

Despite this, at other times, the welfare agency has suggested that it has some records that can be used to provide general estimates of how frequently it uses Cellebrite. 

For example, a Services Australia spokesperson told The Sydney Morning Herald in 2017 that it had used Cellebrite "less than 50 times" in the 2016-17 financial year. 

Services Australia has also refused to provide detailed information about the types of investigations that Cellebrite assists, which could shed more light on the scale of its use. 

During senate estimates, Birrer said Cellebrite was only used to investigate “serious non-compliance” and not “general customer compliance.”

“What we mean by that [serious non-compliance] is an investigation that's commencing as a criminal investigation," he said.

“Sometimes they don't meet the standards for us to then refer a brief of evidence to the Commonwealth Director of Public Prosecution (DPP) for them to consider. And so that's why we use the term serious non-compliance."

According to its most recent annual reports, in 2021–22 Services Australia conducted 709 criminal investigations, 988 administrative investigations and made 203 referrals to the DPP.

Rice asked what “threshold” was required to tip a “general customer compliance” case into a "serious non-compliance investigation," such as how much money a Centrelink user would need to be suspected of receiving in overpayments.

"How much evidence do you need to have? You say there's not sufficient evidence to refer it to the DPP, but it's starting with a criminal case: What's your definition? What is the criteria? What is the threshold?" Rice asked.

Birrer said in response that "the threshold for any brief of evidence is whether there's sufficient evidence to justify the elements of the offences which are being investigated to the satisfaction of the Commonwealth Director of Public Prosecutions.

"There's also a public interest factor to be considered: whether or not it's in the public interest to pursue a particular criminal matter."

Services Australia chief executive officer Rebecca Skinner added at the time that “the threshold would be it being an investigation, not an engagement with a customer over an overpayment.” 

Another of Rice's questions - the type of data Cellebrite extracts - was also taken on notice, and has now been answered [pdf].

"It would not be appropriate to identify the type of evidence collected using the Cellebrite tool as this could reveal methodologies and evidence collection practices that may impact on current and future investigation matters," Services Australia responded.

A similar answer has been published in response [pdf] to another of Rice's questions: "Perhaps you might like to take on notice what other similar technologies you are using?"

"It is not appropriate to publicly discuss details about the agency’s criminal investigation capabilities," it responded.

"To do so could disclose lawful methods for preventing, detecting, or investigating possible breaches of the law, which could prejudice their effectiveness by alerting offenders of the capabilities of the agency."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?