On December 3, 2015, CRTC announced that it issued its first warrant under CASL to take down a “command-and-control server located in Toronto.” The warrant was issued as part of an international effort to disrupt the malware family Win32/Dorkbot, which infected more than one million computers in over 190 countries creating a “botnet”. A “botnet” is a group of computers that have been compromised by the installation of malware that can be instructed to steal information, such as passwords for online banking, and can be used in concerted efforts with other infected computers to overwhelm servers in coordinated attacks.
The CRTC is responsible for enforcement under CASL, and actions taken by the CRTC can include administrative monetary penalties, investigations, or taking action against those in contravention of CASL. Malware, and other malicious programs installed on a person’s computer through infected links or websites, are prohibited under section 8 of CASL, and action can be taken against persons who install programs on an individual’s computer where that individual did not expressly consent to the installation.
In its announcement, the CRTC expressed that it will continue to collaborate with local and international authorities to “aggressively pursue investigations of alleged violations under CASL. Charities and NPOs should take measures to ensure that their networks are not compromised by various forms of malware or viruses in order to protect themselves and their constituents from falling prey to these kinds of attacks.