The tax office has moved to reassure Australians it is not monitoring their phones, after a staffer posted step-by-step details of how to hack mobile devices on a social media site.
The disclosure revealed the Australian Tax Office’s (ATO) fraud investigation tactics and a push for powers normally associated with police and intelligence agencies.
The instructions showed how to bypass passwords and obtain data even if the phone battery is flat and lacks a sim card. It demonstrated how to retrieve deleted data and access text messages and phone call records.
The tax office was unaware of the breach when contacted for comment by the ABC. The material was taken offline within an hour.
The staff member was not suspended, but instead reminded of his responsibilities. The ABC understands his slideshow was shared within the office.
ATO says it’s not hacking
In a statement, the ATO’s chief information officer, Ramez Katf, said it would continue to use the software but only for criminal investigations.
“I would like to reassure the community about the ATO’s use of digital forensic capability, following media reports today,” he said.
Mr Katf said the technology was used on items seized by the ATO that may relate to suspected organised crime or tax evasion.
He said it was not correct to refer to the ATO practices as hacking, saying authorised staff only accessed phones with a warrant.
The employee, who published the material on LinkedIn, claimed to have worked on intelligence taskforces and researched the so-called dark web for the Government.
Justice Minister Michael Keenan said the Government was treating the disclosure “very seriously” and defended the ATO’s internal compliance measures.
“We are very concerned about that but we do have robust systems within the ATO to detect that,” he said.
“I don’t want to say too much, if someone has done the wrong thing then obviously, they are liable for those investigations to be concluded.”
Disclosure exposes influence of Cellebrite
The ATO’s new powers, often associated with police or intelligence agencies, is made possible by a controversial Israeli company, Cellebrite.
Chris Duckett, editor of technology website ZDNet Australia, told the ABC the company supplies software that can crack into a phone.
“It’s not like someone is sitting behind a counter and pressing a button and remotely logging into your phone,” he said.
The company reportedly helped the FBI break into the San Bernardino shooter’s iPhone — which became a crucial piece of evidence — when Apple refused to help.
Last year the ATO paid Cellebrite $42,747 to train their staff how to use the software.
Prime Minister Malcolm Turnbull referenced the case while pushing for laws to force technology companies to reveal encrypted messages, should there be security concerns.
“With the current debate we are seeing around encryption and our government wanting to get a way into devices so they can monitor devices under a warrant, who knows what the future holds,” Mr Duckett said.