This special report considers the relationship between our business and trade positioning in the context of the impacts of Covid, natural disasters and the actions of coercive trading partners.
Global economic integration has enabled the spread of ideas, products, people and investment at never before seen speed. International free trade has been a goal of policy-makers and academics for generations, allowing and fostering innovation and growth. We saw the mechanism shudder in 2008 when the movement of money faltered; the disruption brought about by COVID-19 has seen a much more multi-dimensional failure of the systems by which we share and move. The unstoppable conveyor belt of our global supply chain has ground to a halt. This time, what will we learn?
ASPI’s latest research identifies factors that have led to the erosion of Australia’s policy and planning capacity, while detailing the strengths of our national responses to recent crises. The authors recommend an overhaul of our current business and trade policy settings, with a view to building an ‘agenda that invests in what we’re good at and what we need, values what we have and builds the future we want.’
The authors examine the vulnerabilities in Australia’s national security, resilience and sovereignty in relation to supply chains and the intersection of the corporate sector and government. To protect Australia’s business interests and national sovereignty, the report highlights recent paradigm shifts in geopolitics, whereby economic and trade priorities are increasingly relevant to the national security discussion.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/15003954/SR172-New-beginnings_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-09-14 06:00:002025-03-06 15:02:30New beginnings: Rethinking business and trade in an era of strategic clarity and rolling disruption
To mark its establishment in August 2001, the Australian Strategic Policy Institute has published an intellectual history of its work over two decades: An informed and independent voice: ASPI, 2001–2021.
ASPI’s mission is to ‘contribute an informed and independent voice to public discussion’. That was the vision embraced by the Australian Government in creating ‘an independent institute to study strategic policy’, designed to bring ‘contestability’ and ‘alternative sources of advice’ to ‘key strategic and defence policy issues’.
The story of how the institute did that job is told by ASPI’s journalist fellow, Graeme Dobell. He writes that ASPI has lived out what its name demands, to help deliver what Australia needs in imagining ends, shaping ways and selecting means.
An informed and independent voice covers the terrorism era and national security; the work of the Defence Department; Australia’s wars in Iraq and Afghanistan; the evolution of Australia’s strategy in the Indo-Pacific; relations with China and the US; cyber and tech; Japan, India and the Quad; Indonesia and Southeast Asia; Australia’s island arc—the the South Pacific and Timor-Leste; Northern Australia; Women, peace and security; Climate change; Antarctica; 1.5 track dialogues; the work of the digital magazine The Strategist; and ‘thinking the ASPI way’.
The submission to cabinet on ASPI’s founding said that the principles of contestability had ‘not yet been effectively implemented in relation to defence and strategic policy, despite the vital national interests and significant sums of money that are at stake’. That demand, at the heart of the institute’s creation, has been met and still drives its work.
Introduction: sometimes we will annoy you
A senior diplomat from one of Australia’s close ‘Old Commonwealth’ partners tells a story about hosting an Australian visit from his country’s defence minister, an aspiring political operator. The minister came to ASPI for a 90-minute roundtable with senior staff. Mark Thomson briefed on Defence’s budget woes—this was one of those years when financial squeezing was the order of the day, and a gap was quietly appearing between policy promises and funding reality.
Andrew Davies reported on the challenges of delivering the Joint Strike Fighter, the contentious arrival of the ‘stop-gap’ Super Hornet and the awkward non-arrival of the future submarine. Rod Lyon spoke about the insurmountable problems of Iraq and Afghanistan, the rise of the People’s Republic of China (PRC) and our own government’s foreign policy foibles. It was, like many ASPI meetings, a lively and sustained critique of policy settings. Driving back to the High Commission, a somewhat startled minister muttered to his diplomatic escort: ‘Thank God we don’t have a think tank like that back home!’
The genius of ASPI is that it’s designed to be a charming disrupter. Sufficiently inside the policy tent to understand the gritty guts of policy problems, but with a remit to be the challenger of orthodoxies, the provider of different policy dreams (as long as they’re costed and deliverable), the plain-speaking explainer of complexity, and a teller of truth to power. Well, that’s perhaps a little too grand. ASPI aims to be a helpful partner to the national security community, not a hectoring lecturer. But the institute ceases to have any value if it just endorses current policy settings: the aim is to provide ‘contestability of policy advice’. Not always easy in a town where climbing the policy ladder is the only game.
The story of ASPI’s creation has been told by several present at the creation1 and, very enjoyably, by Graeme Dobell in the second chapter in this volume. With the release of the Howard government cabinet records for the year 2000, we now get to see that the National Security Committee of cabinet deliberated carefully over ASPI’s composition, charter, organisational location, geographical location and underlying purpose. The annual expenditure proposed ($2.1 million) was, by Defence’s standards, trivial even in 2000. What the government was chewing over was the sense or otherwise of injecting a new institution into the Canberra policymaking environment.
The case for a strategic policy institute was set out in a cabinet submission considered on 18 April 2000:
There are two key reasons to establish an independent institute to study strategic policy.
The first is to encourage development of alternative sources of advice to Government on key strategic and defence policy issues. The principles of contestability have been central to our Government’s philosophy and practice of public administration, but 2 An informed and independent voice: ASPI, 2001–2021 these principles have not been effectively implemented in relation to defence and strategic policy, despite the vital national interests and significant sums of money that are at stake. The Government has found in relation to the COLLINS Class Submarines project for instance, and more recently in relation to White Paper process, that there are almost no sources of alternative information or analysis on key issues in defence policy, including the critical questions of our capability needs and how they can best be satisfied. The ASPI will be charged with providing an alternative source of expertise on such issues.
Second, public debate of defence policy is inhibited by a poor understanding of the choices and issues involved. The ASPI will be tasked to contribute an informed and independent voice to public discussion on these issues.2
‘An informed and independent voice’. There couldn’t be a better description of what the institute has sought to bring to the public debate; nor could there be a more fitting title for this study of ASPI’s first 20 years by Graeme Dobell, ably assisted by the voices and insights of many ASPI colleagues.
The April cabinet meeting agreed that ASPI should be established, but the government went back to Defence a second time to test thinking about the institute’s organisational structure.
In July, the department proposed several options, including that ASPI could be added as an ‘internal Defence Strategic Policy Cell’, or operate as an independent advisory board to the Minister for Defence, or be based at a university, or be a statutory authority, executive agency or incorporated company. Having considered other possibilities, the government accepted Defence’s recommendation (endorsed by other departments) that ASPI be established as a government-owned incorporated company managed by a board ‘to enhance the institute’s independence within a robust and easy to administer corporate structure’.3
The most striking aspect of this decision is that the government opted for the model that gave ASPI the greatest level of independence. There were options that would have limited the proposed new entity, for example, by making it internal to Defence or adding more complex governance mechanisms that might have threatened the perception of independence. Those options were rejected. A decision to invite a potential critic to the table is the decision of a mature and confident government. It’s perhaps not surprising that there aren’t many ASPI-like entities. Prime Minister Howard was also keen to see that the institute would last beyond a change of government. ASPI was directed to be ‘non-partisan’, above daily politics. The leader of the opposition would be able to nominate a representative to the ASPI Council. ASPI would also be given a remit to ‘pursue alternate sources of funding and growth’, giving the institute the chance to outgrow its Defence crib.
Interestingly, the August 2000 cabinet decision to establish ASPI as a stand-alone centre structured as an incorporated company and managed by a board of directors also stated that: ‘The Cabinet expressed a disposition to establish the centre outside of the Australian Capital Territory.’4 By the time ASPI was registered in August 2001 as an Australian public company limited by guarantee, the institute’s offices were located in Barton in the ACT, where they remain to this day.
The government appointed Robert O’Neill AO as the chair of the ASPI Council, and the inaugural membership of the council was appointed in July 2001, meeting for the first time on 29 August 2001. That month, the council appointed Hugh White AO as the institute’s executive director and Hugh set about building the initial ASPI team. A fortnight later, the world fundamentally changed. Terrorist attacks on New York’s World Trade Center and the Pentagon and one unsuccessfully aimed at the White House jolted the strategic fabric of the Middle East and the world’s democracies. ASPI couldn’t have started at a more challenging time for strategic analysis.
Writing in ASPI’s first annual report, Hugh White reported that the institute in 2001–02 ‘did a small amount of work directly for government, including a substantial assessment for the Minister for Defence, Senator Hill, of the implications of September 11 for Australia’s defence’.5
ASPI’s first public report was a study by Elsina Wainwright, New neighbour, new challenge: Australia and the security of East Timor. This was followed by the first of Mark Thomson’s 16 editions of The cost of Defence: the ASPI defence budget brief 2002–03. This included a rundown of the top 20 defence capability acquisition projects. The slightly cheeky cartoon covers—state and territory seagulls pinching Defence spending chips is my favourite—didn’t start until 2003–04, but the first Cost of Defence began the trend to report Defence’s daily budget spend: $39,991,898.63. (The 2021–22 Cost of Defence records the daily spend at $122,242,739.73.)
Hugh White closed off his 2001–02 Director’s report with ‘Clearly the task of defining our role in the policy debate will take some time to complete, but we believe we have made a good start.’ It was quite a foundation year: tectonic global security shifts, challenging regional deployments, defence budget and capability analysis. ASPI’s course was set, and the rest, as they say, makes up the history that Graeme Dobell and ASPI colleagues cover in this book. Graeme’s analysis makes sense of what, to the participants, might have felt from time to time like one damned thing after another. But patterns do emerge, and they coalesce into the realisation that ASPI’s first 20 years have marked some of the most turbulent shifts in Australia’s security outlook. All of which puts, or should put, a tremendous premium on the value of strategic policy, contestable policy advice, an informed and engaged audience and a new generation of well-trained policy professionals.
ASPI today is a larger organisation working across a wider area of strategy and policy issues.
The annual report for 2019–20 lists 64 non-ongoing (that is, contracted) staff, of whom 45 were full time (22 female and 23 male) and 15 were part time (11 female and four male). The overall ASPI budget was $11,412,096.71, of which $4 million (35%) was from Defence, managed by a long-term funding agreement. A further $3.6 million (32%) came from federal government agencies; $0.122 million (1%) from state and territory government agencies; $1.89 million (17%) from overseas government agencies, most prominently from the US State Department and Pentagon and the UK Foreign and Commonwealth Office. Defence industry provided $0.370 million (3%); private-sector sponsorship was $1.241 million (11%) and finally, funding from civil society and universities was $0.151 million (1%).6
Behind those numbers is a mountain of effort to grow the institute and sustain it financially.
Think tanks need high-performing staff, and high-performing staff need salaries that will keep them at the think tank. The nexus between money and viability is absolute. Around the world, there are many think tanks that don’t amount to much more than a letterhead and an individual’s dedicated effort in a spare room at home. The reality is that building scale, research depth, a culture of pushing the policy boundaries and a back-catalogue of high-quality events and publications takes money. In the early stages of ASPI’s life, I recall the view expressed that the institute couldn’t possibly be regarded as independent if the overwhelming balance of its resources came from the Department of Defence. More recently, the charge is that the ‘military industrial complex’ or foreign governments must be the tail that wags the dog. The Canberra embassy of a large and assertive Leninist authoritarian regime can’t conceive that ASPI could possibly be independent in its judgements because, well, no such intellectual independence survives back home. ASPI must therefore be the catspaw of Australian Government policy thinking.
None of those contentions are borne out by looking at the content of ASPI products over the past two decades. There are plenty of examples (from critiques of the Port of Darwin’s lease to a PRC company; analysis of key equipment projects such as submarines and combat aircraft; assessments of the Bush, Obama, Trump and now the Biden presidencies; assessments of the Defence budget; differences on cyber policy) in which the institute’s capacity for feisty contrarianism has been on full display. In my time at ASPI, I haven’t once been asked by a politician, public servant, diplomat or industry representative to bend a judgement to their preferences. It follows that, for good or ill, the judgements made by ASPI staff, and our contributors, are their views, and their views alone. ASPI is independent because it was designed to operate that way. Its output demonstrates that reality every day.
And as you will see in these pages, ASPI has views aplenty. It became clear several years ago that the institute needed to broaden its focus away from defence policy and international security more narrowly conceived to address a wider canvas of security issues. That’s because the wider canvas presents some of the most interesting and challenging dilemmas for Australia’s national security. We sought to bring a new policy focus to cyber issues by creating the ASPI International Cyber Policy Centre. This was followed by streams of work addressing risk and resilience; counterterrorism; policing and international law enforcement; countering disinformation; understanding the behaviour of the PRC in all its dimensions; and, most recently, climate and security.
Does ASPI’s work have real policy effect? One of the curiosities of the Canberra environment is that officials will often go to quite some length to deny that a think tank could possibly shift the policy dial. To do so might be to acknowledge an implicit criticism that a department or agency hasn’t been on its game. Changing policy is often more like a process of erosion than a sudden jolting earthquake. It can take time to mount and sustain a critique about policy settings before the need for change is finally acknowledged. And it has to be said that the standard disposition of Canberra policymakers is to defend current policy settings. That shouldn’t be too surprising: current policy settings in many cases will be the result of government decisions, and, at times, the role of the public service is to raise the drawbridge and defend the battlements. So, it’s often the case that a department’s response to the arrival of an ASPI report isn’t a yelp of joy so much as the cranking up of a talking points brief for the minister that explains why current policy settings are correct, can’t be improved upon and quite likely are the best of all possible worlds.
ASPI’s influence is therefore more indirect than that of the Australian Public Service (APS), but, as Sun Tzu reminds us, ‘indirect methods will be needed in order to secure victory.’7 The institute has some natural strengths in this approach. ASPI has the advantage of being small and flexible; it has a charter to look beyond current policy settings; it can talk to a wide range of people in and out of government to seed ideas; it can engage with the media; it allows expertise to develop because more than a few ASPI staff have stayed in jobs for years and built a depth of knowledge not necessarily found in generalist public servants who frequently change roles.
Taking a longer view, I would suggest that ASPI has indeed managed to influence the shape of policy in a number of areas. The institute has helped to create a more informed base of opinion on key defence budget and capability issues. This has helped to strengthen parliamentary and external scrutiny of the Defence Department and the ADF. ASPI is really the only source providing detailed analysis of defence spending and has helped to lift public understanding about critical military capability issues, such as the future submarine project, the future of the surface fleet, air combat capabilities, the land forces, space, and joint and enabling capabilities.
ASPI has had substantial impact on national thinking about dealing with the PRC, and that has helped at least set the context for government decision-making on issues such as the rollout of the 5G network, countering foreign interference, strengthening security consideration of foreign direct investment and informing national approaches to fuel and supply-chain security.
ASPI has sought to make policy discussions about cyber, critical and emerging technologies more informed and more accessible. The institute has offered many active, informed and engaged voices on critical international issues of importance to Australia, from the Antarctic to the countries and dynamics of the Indo-Pacific, the alliance with the US, the machinery of Defence and national security decision-making, the security of northern Australia and even re-engaging with Europe.
It’s best left to others to judge the success or otherwise of the institute. Both from the approval, and sometimes disapproval, that ASPI garners, we can see that people pay attention to the institute’s work. That’s gratifying and motivates the team to keep doing more.
Coincidentally to ASPI’s 20th anniversary, the Australian Parliament’s Senate Foreign Affairs, Defence and Trade References Committee has been conducting an inquiry into funding for public research into foreign policy issues. In making a submission to that inquiry, I offered what I hoped was useful advice about the contours of what a notional ‘foreign policy institute’ should look like if the government wanted to promote in the field of foreign policy what ASPI seeks to do for defence and strategic policy. That led me to suggest the following seven approaches, presented here with minor edits:
A foreign policy institute must be genuinely independent, with a charter that makes its core functions clear and a governance framework that supports its independence. If the Department of Foreign Affairs and Trade (DFAT) were to be the prime source of funding, it should be made clear that DFAT should not influence the policy recommendations of the institute’s work. A government-appointed council, including a representative of the leader of the opposition, should provide overall strategic direction for the institute. Any entity that is part of a larger government department will inevitably come to reflect the parent. A clear separation between the parent department and the institute is essential.
The institute should not be part of a university, because university priorities would weaken the institute’s capacity to retain a sharp focus on public policy. The committee might like to test this proposition by seeing whether it can identify any contemporary foreign policy research outfit that is part of a university which has substantially shaped Australian foreign policy. My view is that you will search in vain. This is true in the main because universities have priorities other than shaping public policy outcomes. How universities recruit, reward and promote, what they teach and the outcomes they regard as constituting excellence are shaped towards other ends than providing contestable and implementable foreign policy.
The institute needs scale to develop excellence. Successful think tanks—such as those at the top end of the University of Pennsylvania’s ‘Go To’ index—attract people interested in policy ideas and with lateral thinking skills and with some entrepreneurial flair. The quality of their thinking is strengthened by being able to test their ideas with colleagues and collaborate on interesting policy work. Some scale is needed to bring a group of people like that together, offering terms and conditions that allow people to develop skills over a few years. This approach stands in contrast to the instinct of some departments to offer one-off, short-term, small funding grants. In my experience, multiple ‘penny-packet’ grants become difficult for departments to administer, produce reports that lack an understanding of how public policy is really done and do not develop skills.
The institute will need some time to establish itself. ASPI is 20, and every day is a story of how we manage the tasks of offering policy contestability, engaging with our stakeholders and sustaining ourselves financially. It took probably 15 years for an acceptance to be built in the rather tightknit defence and security community that ASPI was not simply to be tolerated but could add value and even be constructively brought into policy discussions. A foreign policy institute will take a similar amount of time to build an accepted place for itself. Hopefully, an institute would start producing good material on day one, but it will take years for such a group to be seen as a natural (indeed, essential) interlocutor in critical foreign policy discussions.
The institute must be non-partisan, reaching out to all parts of parliament. Because foreign policy is a public policy good, it is appropriate and likely that the bulk of funding for a foreign policy institute will come from the public sector. If it is successful, the institute will survive through changes of governments, ministers and senior officials. As such, it can’t afford to be partisan in the way that many private think tanks are. That will still leave scope for engaged debate on policy options, which leads to approach number 6.
Accept that the institute will, from time to time, annoy you. This is the price of contestability of policy advice. There is no question that ASPI has annoyed governments, oppositions and officials over the years on all manner of issues, from key bilateral relationships to defence equipment acquisitions, military operations, budgets and the rest. To advance policy thinking, it’s necessary from time to time to question existing policy orthodoxies. The test for the institute’s stakeholders is whether the value of contestable policy advice is worth the occasional annoyance. The test for the foreign policy institute will be whether the issue in question has been appropriately researched and thought through.
A professional outfit needs appropriate funding. To succeed, a foreign policy institute needs to be able to attract a mix of staff who can be remunerated in line with their skills. As in all walks of life, one gets what one pays for. Funding of between $2 million and $3 million would set up an institute able to build some critical mass, working out of offices fitted out to an appropriately modest APS standard. The institute should have a remit to grow its funding base through its own efforts. This would be sufficient to enable a promising start to a potentially nationally important organisation.
ASPI was designed to place the executive director position at (approximately) the level of the APS Senior Executive Service Band 3 (deputy secretary) level. Salary and conditions are determined by the Remuneration Tribunal. The executive director, on direction from the ASPI Council, determines salary levels for ASPI’s staff, who are recruited on contracts. The intent is to recruit people with the mix of policy skills and hands-on public policy experience who can realistically shape policy thinking. Government departments and agencies are, in general, willing to support staff taking positions at ASPI, using options for leave without pay from the APS. For more senior staff, the hope is that some time spent at ASPI will enhance their careers, perhaps enabling them to return to the APS with new skills and capacities. For more junior staff, the aim is to equip them with skills that will make them attractive new hires for departments and agencies.8
Of course, I was doing little more than describing the ASPI business model developed more than 20 years ago and validated through two decades of enthusiastic policy research and advocacy by many dozens of ASPI staff.
Speaking personally, it has been the privilege of my professional life to spend almost a decade as the executive director of the institute since April 2012, and a few more years before that as ASPI’s director of programs between 2003 and 2006. My commitment to the organisation comes about because of the value I believe it adds to Australia’s defence and strategic policy framework. These policy settings matter. They’re the foundation of the security of the country, the security of our people and the very type of country that Australia aspires to be. Australia would be better defended if we had more lively debates about the best ways to promote our strategic interests. ASPI has truly been a national gem in sustaining those debates.
At the core of this book is Graeme Dobell’s sharp take on the intellectual content of hundreds of ASPI research publications, thousands of Strategist posts and many, many conferences, seminars, roundtables and the like. Graeme has done a wonderful job of breathing life into this body of work, reflecting some of the heat and energy that came from ASPI staff and ASPI contributors investing their brain power into Australia’s policy interests. In these pages, you read the story of Australia’s own difficult navigation through the choppy strategic seas of the past 20 years. It’s a thrilling ride and a testament to the many wonderful people who have worked at or supported the institute.
We should all hope that ASPI reaches its 40-year and even 50-year anniversaries, because there’s no doubt in my mind that Australia will continue to need access to contestable policy advice in defence and strategic policy. The coming years will be no less difficult and demanding than the years recounted here. In fact, Australia’s future is likely to face even greater challenges.
Never forget that strategy and policy matter. Profoundly so. That’s why ASPI matters.
The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices.
ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements. It is incorporated as a company, and is governed by a Council with broad membership. ASPI’s core values are collegiality, originality & innovation, quality & excellence and independence.
ASPI’s publications—including this report—are not intended in any way to express or reflect the views of the Australian Government. The opinions and recommendations in this report are published by ASPI to promote public debate and understanding of strategic and defence issues. They reflect the personal views of the author(s) and should not be seen as representing the formal position of ASPI on any particular issue.
Important disclaimer
This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.
This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.
ISBN 978-1-925229-67-7 (print) ISBN 978-1-925229-68-4 (online pdf)
Funding statement: No specific sponsorship was received to fund production of this report
See, for example, Kim Beazley, John Howard et al., ASPI at 15, ASPI, Canberra, October 2016, online. ↩︎
Cabinet memorandum JH00/0131—Establishment of the Australian Strategic Policy Institute—Decision, 18 April 2000, online. ↩︎
Cabinet decision JH00/0216/CAB—Australian Strategic Policy Institute—alternate models to establish a strategic policy research centre—Decision, online. ↩︎
Australian Strategic Policy Institute, Annual report 2001–2002, ASPI, Canberra, October 2002, 10, online. ↩︎
Australian Strategic Policy Institute, Annual report 2019–2020, ASPI, Canberra, October 2020, online; staff numbers are on page 10; funding data is on page 154. ↩︎
Sun Tzu, The art of war, translated by Lionel Giles, Chapter V, 5, online. ↩︎
My submission to the inquiry is available via the internet home page of the Senate Foreign Affairs, Defence and Trade References Committee, Inquiry into funding for public research into foreign policy issues, online. ↩︎
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/03/19133610/ASPI20-banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-08-26 06:00:002025-03-19 13:40:17An informed and independent voice: ASPI, 2001-2021
New funding opportunities in the right-wing extremist online ecosystem
What’s the problem?
As mainstream social media companies have increased their scrutiny and moderation of right-wing extremist (RWE) content and groups,1 there’s been a move to alternative online content platforms.2
There’s also growing concern about right-wing extremism in Australia,3 and about how this shift has diversified the mechanisms used to fundraise by RWE entities.4 This phenomenon isn’t well understood in Australia, despite the Australian Security Intelligence Organisation (ASIO) advising in March 2021 that ‘ideological extremism’5 now makes up around 40% of its priority counterterrorism caseload.6
Research by ASPI’s International Cyber Policy Centre (ICPC) has found that nine Australian Telegram channels7 that share RWE content used at least 22 different funding platforms, including online monetisation tools and cryptocurrencies, to solicit, process and earn funds between 1 January 2021 and 15 July 2021. Due to the opaque nature of many online financial platforms, it’s difficult to obtain a complete picture of online fundraising, so this sample is necessarily limited. However, in this report we aim to provide a preliminary map of the online financial platforms and services that may both support and incentivise an RWE content ecosystem in Australia.
Most funding platforms found in our sample have policies that explicitly prohibit the use of their services for hate speech, but we found that those policies were often unclear and not uniformly enforced. Of course, there’s debate about how to balance civil liberties with the risks posed by online communities that promote RWE ideology (and much of that activity isn’t illegal), but a better understanding of online funding mechanisms is necessary, given the growing concern about the role online propaganda may play in inspiring acts of violence8 as well as the risk that, like other social divisions, such channels and movements could be exploited by adversaries.9
The fundraising facilitated by these platforms not only has the potential to grow the resources of groups and individuals linked to right-wing extremism, but it’s also likely to be a means of building the RWE community both within Australia and with overseas groups and a vector for spreading RWE propaganda through the engagement inherent in fundraising efforts. The funding platforms mirror those used by RWE figures overseas, and funding requests were boosted by foreign actors, continuing Australian RWEs’ history of ‘meaningful international exchange’ with overseas counterparts.10
What’s the solution?
The ways online funding mechanisms can be exploited by individuals and groups promoting RWE ideology in Australia are an emerging problem. Any response must include strong policies and programs to address the drivers of right-wing extremism. However, another strategy that Australian law enforcement, intelligence agencies, policymakers and civil society should explore involves undermining the financial incentives that can help sustain and grow RWE movements.
This response should include examining whether emerging online funding platforms have obligations under Australian laws aimed at countering terrorism financing, as well as enhancing the transparency of platform policies and enforcement actions related to fundraising activity by individuals and groups promoting RWE and other extremist content. The authorities could also explore whether the financial activities of RWE individuals in Australia may in some cases fall under legal prohibitions against the commercial exploitation of a person’s notoriety from criminal offending.
In addition, the Australian Government should create systems to better monitor hate crimes and incidents that can be used to assess linkages of crimes to extremist ideologies and groups, and to track trends to inform the formulation of policy responses related to RWE fundraising. Likewise, more research should be supported to examine the relationships between online content creation and fundraising by RWE influencers, radicalisation, mobilisation to violence, and the potential financial and social influence appeal of online funding and content-production mechanisms when disengaging people from RWE groups and movements.
Defining right-wing extremism
ASIO has said that ‘right-wing extremism is the support for violence to achieve political outcomes relating to ideologies, including but not limited to, white supremacism and Neo-Nazism’.11 That definition points to the central role of violence in defining RWE for law enforcement, but also highlights the role of supporting rather than perpetrating violence. For ASIO, it’s ‘an individual or group’s support for violence’ that triggers the agency’s interest.12
However, international attention is being paid to RWE content and activities that might not fit neatly within existing counterterrorism or violent extremism13 frameworks.14 That work also recognises a ‘post-organisational’ understanding15 of RWE that isn’t limited to membership of defined or static groups.16 This has brought a focus on how threats such as ‘lone wolf’ attacks can emerge from the broad environment of right-wing or other extremism, especially via online ecosystems that can operate as a culture of inspiration for violence.
In this report, we use the term ‘right-wing extremism’ in the following way, as described by Macquarie University’s Department of Security Studies and Criminology in its report on online right-wing extremism in NSW, to denote:
communities and individuals committed to an extreme social, political, or ideological position that is pro-white identity (the ‘in-group’), and actively suspicious of non-white others (the ‘out-group’).
It is characterised by individuals, groups, and ideologies that reject the principles of democracy for all and demand a commitment to dehumanising and/or hostile actions against out-groups.
RWE can be used as an umbrella phrase which incorporates a collection of terms that have been adopted internationally to describe this diverse social movement, including the ‘far-right’, ‘alt-right’, ‘extreme-right’ etc. RWE communities actively misappropriate the language of conservative, right wing political philosophy to reject democratic norms and values.17
This working definition is useful because of the difficulty in scrutinising right-wing extremism in Australia.18 Hate crime is rarely prosecuted here, and individuals who have committed crimes motivated by right-wing extremism may have been charged with other offences.19 Nor do we have any central open registry of ‘crimes motivated by offenders’ bias against race, gender, gender identity, religion, disability, sexual orientation, and ethnicity’ similar to the US Federal Bureau of Investigation’s Uniform Crime Reporting (UCR) Program that would allow us to better understand the issue and identify potential risks and escalations.20 So far, only one RWE group, the Sonnenkrieg Division, has been designated as a terrorist organisation by the Australian Government.21 And Australia lacks research entities that make hate group designations, such as the Southern Poverty Law Center (SPLC) in the US. Our understanding is also complicated by volatile allegiances among people who hold and act on such beliefs and by their geographical dispersal.22
This vacuum in Australia could make right-wing extremism an attractive avenue for foreign adversaries seeking to exploit and exacerbate existing social cleavages, because any governmental response will be sluggish and probably politically fraught, further exacerbating the problem.23 Clearly, there’s also an important debate about how to approach these issues while ensuring that the expression of diverse beliefs and views, including views that other members of Australian society may find distasteful, remains possible.
Given these challenges, we also note other work tracking US RWE fundraising that has relied in part on the SPLC’s hate group designations and draw on those designations in our sample where they occur recognising that they may be imperfect when removed from the US context.24 However, content from US hate groups was shared among the report’s sample, and some channels declared direct affiliations.
The SPLC defines a hate group as:
an organization or collection of individuals that—based on its official statements or principles, the statements of its leaders, or its activities—has beliefs or practices that attack or malign an entire class of people, typically for their immutable characteristics.25
Those characteristics include race, religion, ethnicity, sexual orientation or gender identity. However, the SPLC doesn’t consider the committing of violence to be a prerequisite for being listed as a hate group ‘because a group’s ideology can inspire hate violence even when the group itself does not engage in violent activity’.26 Of course, the SPLC is a private organisation, so its designation of hate groups carries no legal consequence (i.e. prosecution).
There’s evidence that some RWE figures and groups have intentionally toned down their more extreme rhetoric in order to reach a broader audience while avoiding the scrutiny of law enforcement.27 As the Macquarie University’s Department of Security Studies Studies and Criminology report found:
few, if any, groups explicitly and publicly advocate the use of violence against those considered part of the out-group such as Muslims, Jews or immigrants, but rather adopt a longer term opportunistic strategy.28
Likewise, the report of the New Zealand royal commission into the 2019 Christchurch terrorist attack discussed how many individuals and groups that use ‘dehumanising and divisive rhetoric’ against others ‘are careful to avoid direct engagement with, or endorsement of, violence’.29 Nevertheless, it suggested that such rhetoric can serve to normalise Islamophobia or anti-immigrant sentiment in a way that may encourage or legitimise the use of violence.30 ASIO Director-General Mike Burgess has also voiced concern about the internet’s role in this milieu, stating that ‘extremists are security conscious and adapt their security posture to avoid attention. In their online forums and chat rooms, they show that they’re savvy when it comes to operating at the limits of what is legal… The online environment is a force multiplier for extremism; fertile ground for sharing ideology and spreading propaganda’.31
Research methodology
For this analysis, we drew on a dataset of nine Australian Telegram channels that shared RWE content between 1 January 2021 and 15 July 2021. Due to the rapid evolution of online ecosystems, the use of encrypted platforms and the difficulties of tracking financial transactions, especially in cryptocurrencies, this snapshot is necessarily limited. The sample size is small; however, we seek to provide a preliminary survey of the online financial platforms promoted by RWE Telegram channels in Australia before a more comprehensive analysis of the ecosystem.32
The nine channels were chosen by a version of ‘snowball sampling’ (a technique, often used for studying specific groups that are hard to reach, in which research participants are asked to help researchers identify further subjects) adapted for a digital messaging platform built around forwarded messages and link sharing. The first Telegram channel was chosen because it shared RWE content such as posts that glorified Hitler as a martyr and called for a White Australia, and is connected to an individual who has a documented history of connection with Australian RWE groups. The next eight channels were chosen by following forwarded links from other channels (a function of the Telegram platform) to provide a sample (Figure 1).
Figure 1: How the nine Telegram channels were connected by forwarded links between 1 January and 15 July 2021.
Nine Telegram channels were chosen to form the sample based on the following characteristics:
An initial assessment of content (posts, images, videos, website links) shared in the channel revealed its ideological alignment with RWE, as defined above.
or
The channel shared content from or was affiliated with groups designated by the SPLC as hate groups, such as the Proud Boys, and the channel:
was linked to Australia
promoted at least one platform that offers online fundraising
had at least 100 subscribers as a baseline of audience reach.
This report seeks only to provide a preliminary mapping of where the Australian RWE ecosystem fundraises online. It doesn’t claim to be representative of the complete RWE ecosystem in Australia or assess the overall presence of certain ideologies. Nor do we attempt to analyse the scale or legality of RWE fundraising activity in Australia, how much is raised overall or how funds are ultimately used.
In recognition of work identifying the dangers of amplifying RWE and providing ‘breadcrumbs’ for the public into these ecosystems, only figures who are already well known to the public due to criminal charges and convictions highlighted in Australian media are named here.33 As shown in Figure 1, they include Thomas Sewell, whose affiliations with RWE groups have been covered extensively by Australian media and who is facing armed robbery, assault and violent disorder charges as recently as June 2021.34
This report examines the use of online funding platforms used by RWE Telegram channels in our sample but doesn’t analyse their broader uses and audiences. In general, those platforms weren’t intentionally built for RWE content; however, we note where platforms have purposefully taken a more laissez-faire approach to content moderation in stated opposition to more mainstream platforms.
Data collection and analysis included:
exporting the nine Telegram channels associated with our sample
examining channel files for terms including ‘donate’, ‘fund’ and ‘view’ to identify fundraising attempts and related platforms
mapping the funding ecosystem that stemmed from Telegram onto external platforms (Websites, YouTube, BitChute, DLive, Entropy, Odysee, Trovo, SubscribeStar, Patreon, cryptocurrency wallets, Buy Me a Coffee, Ko-fi, GoFundMe and PayPal, Represent)
examining websites related to channels in the sample using tools such as BuiltWith to identify advertising and ecommerce services such as Google AdSense, PayPal, Square and Amazon Associates Program
exporting and analysing Telegram JSON files using R packages tidyverse, lubridate and jsonlite to analyse how links were forwarded between channels.
Mapping the Australian RWE funding landscape
Introduction
We found at least 22 platforms, payment services, online tools and cryptocurrencies being used to solicit, process and earn funds linked to a sample of Telegram channels that shared RWE content in Australia between 1 January and 15 July 2021. Where we’ve been able to identify earnings in our sample, they appear to have been limited. This work establishes only that RWE-related fundraising activity is occurring and that the channels for it have been taken up in the Australian environment.
The sampled platforms include multiple emerging live-streaming websites such as DLive and Entropy, which are central to efforts aimed at building an audience for RWE content as well as the RWE community. Some of the platforms provide a means of soliciting donations or micropayments in cash or cryptocurrency. Fundraising was sometimes promoted via the sale of merchandise as well as on platforms such as Patreon, Buy Me a Coffee, PayPal and SubscribeStar. Others advertised various cryptocurrency wallets.
The range of platforms being used mirrors a recent review of the UK RWE online ecosystem published by Bellingcat.35 Likewise, Institute for Strategic Dialogue analysis in 2020 examined ‘73 US-based groups involved in promoting hatred against individuals on the basis of their gender, sexuality, race, religion or nationality’ and found similar online funding mechanisms.36 While global fundraising for RWE causes isn’t a new phenomenon, it’s arguably becoming a more complex one.37 Australia has domestic laws and is party to international taskforces concerning terrorism financing.38 However, there’s a ‘significant gap’ in knowledge internationally regarding the financial operations of groups that support acts of terrorism inspired by RWE ideology, or that support the broader ecosystem that creates content that could incite violence.39 The UN Counter-Terrorism Committee Executive Directorate has written that ‘money is often raised to fund a milieu – which may be accessed by those aspiring to carry out more violent acts – via event fees, merchandizing and donations.’ 40
The relationship between RWE material online, funding and acts of terrorism has been particularly scrutinised following the Christchurch terror attack. While in New Zealand, the Christchurch terrorist reportedly made at least ‘14 donations to RWE, anti-immigration groups and individuals’, 41 but his own attack was apparently self-funded.42 However, the Christchurch report said that it was ‘plausible to conclude’ that his exposure to RWE content online may have contributed to his actions on 15 March 2019.43 His donations formed a part of his engagement with that content. In an interview, professor of computer science at Elon University Megan Squire, who tracks RWE fundraising, described the use of online funding platforms that combine ‘tips’ and RWE live streams as the ‘monetisation of propaganda itself’.44
While RWE groups such as the US-based neo-Confederate group ‘League of the South’ historically solicited ‘dues’ or membership fees from members and sold merchandise,45 among other activities, requests for funds among the sample we examined were sometimes framed around individuals as RWE content creators rather than the activities of RWE groups specifically. This may mirror a social media ‘influencer’ model of patronage in which figures are rewarded for both the entertainment value and perceived credibility of the material they create online. Like wellness ‘influencers’, who use online platforms such as YouTube or Instagram to embody their health approach and build audiences ‘off the appeal of intimacy, authenticity and integrity’,46 RWE content creators may be supported for ostensibly ‘living’ the ideology they propagate.
Of course, the online funding ecosystem could also lead people to make RWE content simply to court money and attention rather than due to ideological commitment. However distinguishing between social harms caused by those who are dedicated to right-wing extremism and those who are simply exploiting a fundraising or profile-raising opportunity is not simple if both make RWE content. This ‘influencer’ model also demonstrates a potential impact of more leaderless or decentralised strategies on fundraising approaches,47 and a ‘borderless’ internet means that new funding strategies are quickly shared and emulated. As Dr Cynthia Miller-Idriss suggested in Hate in the Homeland: The New Global Far Right:
The modern far right is working to build muscular warriors equipped with the physical capacity to fight, along with “alt-right” thinkers with the intellectual capacity to lead and the commercial ecosystems that help market, brand, and financially support these actions. Underpinning all of these activities, though, is the modern far right’s rapid adoption—and creation—of a broad new tech and media ecosystem for communication, dissemination, and mobilization.48
Where they can be identified, the funds raised by our Australian sample via live streams and crowdfunding appear limited in comparison to the significant amounts raised by high-profile individuals in the US who share RWE content. They shouldn’t be dismissed, however, as fundraising can spike alongside high-profile events, as we discuss below.49 Likewise, donating can have an impact on an individual’s ties and symbolic commitment to an organisation or cause. Activists who seek to build movements online sometimes discuss the ‘commitment curve’, in which new members begin by viewing and liking content but can shift to being supposedly more committed to the cause once they begin to donate.50
In addition, fundraising links were forwarded and promoted in more popular RWE British, Canadian and American Telegram public channels, helping to solidify ties between RWE influencers and groups in multiple countries. Similarly, some Australian figures in the sample channels were hosted on overseas podcasts and livestream shows, which offered another opportunity to raise a group’s or individual’s profile and promote fundraising efforts, while others created dedicated content for foreign media channels with links to right-wing extremism.
Funding platforms used by our sample
Table 1: The online platforms, payment processors and cryptocurrencies used by channels in our sample that offer the opportunity to raise funds.
Live streaming and video hosting
DLiveEntropyOdyseeBitChuteTrovoYouTube
Video platforms that allow various forms of monetisation, including tips paid to content makers during a live stream, or donations facilitated on the content maker’s video page or channel.
Subscription platforms
SubscribeStarPatreon
Platforms that allow users to make ongoing contributions to a content maker, or pay for access to exclusive content.
Cryptocurrencies with variable functionality, some of which may attempt to obscure the destination of funds. The publication of wallet addresses in public channels allows anyone to donate.
Micropayments and donations
Buy Me a CoffeeKo‑fi
Online platforms that allow users to make ongoing or one‑off contributions to a content maker or individual.
Crowdfunding
GoFundMe
Websites that allow users to request donations for a specific cause or activity.
Payment gateway
PayPal
An online payment system that allows users to accept tips and donations, as well as a payment gateway on websites.
Ecommerce website
Represent
An ecommerce website that allows users to set up an online store, largely through uploading designs that are then added to T‑shirts and other merchandise.
Ecommerce platform
WooCommerce
An open‑source ecommerce platform built on WordPress that allows users to offer goods or services for sale on their websites.
Ecommerce service
Square
A web solution that helps users set up online retail stores as well as payment processing.
Donation widget
Donorbox
Software that allows users to create donation forms that are embedded on their websites.
Online advertising
Google AdSenseAmazon Associates Program
Online advertising programs that allow website owners to potentially earn revenue by showing ads alongside online content. Amazon Associates Program allows web‑page owners to recommend Amazon products and earn revenue if a purchase occurs, among other customer actions.
Platform analysis
Telegram
The chat app Telegram plays an important role in the online funding ecosystem among our sample, while not itself being a mechanism for raising money. The platform did briefly attempt to set up a cryptocurrency before shutting it down after pushback from the US Securities and Exchange Commission, indicating a potential crossover between fundraising and content creation on the app if such a scheme were to ever go ahead.51
In our sample, Telegram was used by individuals who shared RWE content appeared to act as a central guide and point of communication with followers—potentially because channels in the sample feel their channels are less likely to be removed than on platforms such as YouTube or Facebook, as well as the perception of security offered by encryption and its ‘self-destruct’ function.52 Fundraising links were often shared across the channel’s online presence, creating a network that provided a plethora of funding options (Figure 2). For example, one channel in our sample used the video description section on its YouTube videos to provide a link to its Telegram channel, as well as offering a range of funding mechanisms, including PayPal.
Figure 2: Links to fundraising platforms stemming from one Telegram channel in our sample (some social platforms are omitted).
Within the broader ecosystem, there are also Telegram channels dedicated to acting as ‘guides’ to RWE audio and video content, and particularly live streams on sites such as YouTube and DLive,53 including those in Australia that discuss extremist content (Figure 3). Those channels post times and links to such content with the goal of helping followers find and engage with it. This ostensibly helps channels find more viewers and potentially financial supporters for their content. This ecosystem is particularly facilitated by Telegram’s forwarding function, which allows links from one public channel to be forwarded into another, creating a road map for users to expand the range of channels they follow.
In this way, like a channel using hyperlinks to connect a YouTube profile to a website or Facebook page, it builds ‘large propaganda networks with multiple entry points’.54
Figure 3: The top 20 channel links forwarded into a Telegram channel that appears to act as a guide for largely RWE and conspiracist videos and live streams on DLive, YouTube and other platforms between 1 December 2020 and 15 July 2021.
DLive
DLive.tv is a live stream video platform with an inbuilt ‘rewards’ system and is largely used for gaming content. Viewers can donate ‘lemons’ to content creators (a reward point system that creators can cash out, while DLive takes 20% on all transactions on the platform) and take part in live chat rooms.55 DLive was embraced by a number of extremist figures in the US in 2020, including American RWE figure Nick Fuentes, who earned around US$61,655 on the platform in April–October 2020, according to estimates by Dr Megan Squire.56 The SPLC also found that some extremists used the site to ‘supplement’ offline fundraising efforts.57
The platform came to global attention after several figures streamed on DLive during the 6 January 2021 breach of the US Capitol building.58 While DLive accounts linked to the Australian Telegram channels in our sample don’t appear to be raising similar levels of revenue to US figures, they’re making use of the platform and could expand both usage and income generation. Some have a regular weekly streaming schedule, while others use the website more sporadically.
While the platform appealed to RWE figures due to its lax moderation compared to more mainstream live-streaming sites, DLive has since cracked down on some white supremacist channels following the Capitol Hill storming. In a statement following the riot, DLive said it had ‘suspended 3 accounts, forced offline 5 channels, banned 2 accounts from live streaming and permanently removed over 100 past broadcasts’ … ‘for content that violated its Terms of Service and Community Guidelines on or about January 6th.’ 59 Also in January 2021, DLive announced restrictions on what kind of content could raise money on the platform—including streams under its ‘X-tag’ section for mature audience content.60
However, Australian RWE channels in our sample are still collecting donations on the site and regularly live streaming. For example, one live stream in our sample following the DLive announcement was tagged as being about the video game Fortnite but instead discussed race using terms such as ‘pure blood’ and ‘mongrels’.
Entropy
Entropy is a video platform that allows users to port their streams from other platforms, including YouTube, Twitch and DLive, in what it calls a ‘censorship free environment’.61 That means that, even if their channel is stripped of the ability to run advertising or accept tips on those platforms, they can keep collecting donations on Entropy. On Entropy, viewers can make ‘paid chats’, in which they post a comment or question by donating in multiple currencies, including US and Australian dollars. The site takes 15% from paid interactions.62
YouTube also performs a similar function, allowing users to pay for ‘Super Chats’ that make their chat messages stand out during a live-stream chat session. However, YouTube has cracked down on some RWE figures monetising their channels after outlets such as BuzzFeed News reported on their use of the platform for fundraising.63 One channel in our sample specifically cited YouTube’s demonetisation of his account as a reason why financial support was required. In a statement provided to ASPI on 16 June 2021, Google said: ‘Channels that repeatedly brush up against our hate speech policies will be suspended from the YouTube Partner program, meaning they can’t run ads on their channel or use other monetization features like Super Chat.’64
As an example of how Entropy is used, one Telegram channel in our sample regularly posts links to live stream content on sites such as YouTube and DLive while encouraging users to ask questions via Entropy. Earlier this year, this channel featured Thomas Sewell, who is associated with Australia’s National Socialist Network and the European Australia Movement,65 and who is facing a number of charges, as described earlier in this report.66 During the stream, which also took place on YouTube, the channel claimed that viewers paid between US$3 and US$50 on Entropy to ensure their questions were posed to Sewell.
Odysee
The video platform Odysee was launched at the end of 2020 by chief executive Jeremy Kauffman, who said he wanted to recapture what he saw as the early internet where ‘anyone could speak and anyone could have a voice’.67 It hosts a variety of content, but it does in some cases appear to operate as a backup archive for videos that appear on other sites from which clips expressing extremist rhetoric are more likely to be removed.68
Odysee claims to be built on blockchain technology,69 which potentially makes it more difficult to remove videos. It also offers different ways to monetise content, including earnings per view, tips from viewers and site promotions.70 The company is also introducing live streaming.71 At least four channels in our sample used Odysee, including channels that hosted anti-Semitic videos but it’s unclear if or how much they had earned. Their pages displayed a button that allows viewers to ‘support this content’ either by paying a tip or paying to ‘boost’ the channel (Figure 4).72 Those contributions are in LBRY credits, which is a cryptocurrency currently being scrutinised by the US Securities and Exchange Commission.73
Figure 4: A channel seeking LBRY credits.
BitChute
BitChute is a British video hosting website that hosts a range of content.74 It has been widely used by extremists and figures from conspiracist communities, including QAnon and anti-vaccination activists, largely as a means of backing up videos removed from other sites.75 Some channels in our sample used it to share anti-Semitic material, among other content. BitChute provides integration with a number of third-party payment providers, including SubscribeStar, CoinPayments, Patreon and PayPal (Figure 5).76 In our sample, two of the five channels with BitChute pages had ‘monetised’ it as of 15 July 2021: one with PayPal, and the other with PayPal and Patreon.
Figure 5: BitChute account seeking payments via PayPal.
Trovo
Three channels in our sample promoted live streams on the site, but it’s unclear whether they were able to earn any income from the platform. A video streaming service, Trovo is owned by TLIVE LLC, which is an affiliate of the Chinese technology giant Tencent. Trovo offers various opportunities to earn revenue,77 but it’s unclear whether the channels are monetised on the platform.
PayPal, Patreon and SubscribeStar
A number of channels in our sample offered direct ways to donate: four used PayPal.Me pages that allow people to send money, and two offered Patreon subscriptions. Patreon is a membership platform that allows content creators to offer different subscription levels with varying levels of content and access. One Patreon account belonging to an Australian RWE content creator in the sample offered six support levels, ranging from under $2 per month up to almost $300 per month for exclusive content and ‘follow backs’ on social media. Two channels also used SubscribeStar, which similarly allows users to sign up for various levels of membership offering content and access, for which the site takes a 5% service fee.78
Donorbox
One channel also used Donorbox on its related website. Donorbox allows a user to include a donation embed or widget on their website that prompts visitors to make one-time or monthly donations (Figure 6).
Figure 6: A Donorbox donation widget.
GoFundMe
Another channel attempted to use crowdfunding website GoFundMe to raise money for a project, but didn’t appear to have attracted any donors via the website as of 15 July 2021. The channel also claimed that donations to the program were ‘tax deductible’, but we couldn’t locate the company on the Australian Charities and Not-for-profits Commission register or on state-based community organisation registers.
This is an important mechanism to monitor, however, as RWE groups overseas have obtained charity status. The Institute for Strategic Dialogue’s 2020 report, Bankrolling bigotry: an overview of the online funding strategies of American hate groups, found that 32 (44%) of the 73 hate groups examined had some form of charity tax status in the US.79 ‘This potentially helps legitimise hate groups and provides them with avenues through which to raise money’, the report said.
Buy Me a Coffee and Ko-fi
Channels in our sample used microdonation sites such as Buy Me a Coffee and Ko-fi—platforms that allow content creators to solicit donations and subscriptions by buying ‘coffees’. On Buy Me a Coffee they start at around US$3.39 (A$4.60). One channel, for example, shared several Buy Me a Coffee pages in 2021, ostensibly for Thomas Sewell’s legal fees (see Figure 7 below) for the charges described earlier in this report. It’s unclear, however, whether Sewell was able to withdraw those funds, as his pages have been repeatedly removed by the website. However, a post in the channel said ‘it doesn’t do anything to the money when it gets taken down’. A Buy Me a Coffee spokesperson declined to say why the pages were removed.80
Figure 7: Buy Me a Coffee posts raising funds for Thomas Sewell’s legal fees.
Merchandise
Two channels in our sample offered merchandise associated with their branding and ideology, including clothing and books via linked websites, which were examined using the online tool BuiltWith.
One used the ecommerce widget WooCommerce on its website, as well as payment facilitator PayPal.
The other used the online marketplace Represent, which allows people to customise clothing and offer it for sale on dedicated branded pages, as well as via the website builder and payment processor Square.81 The volume of sales is unclear, but counterterrorism financing expert Jessica Davis has written that ‘propaganda sales are unlikely to generate significant profit for terrorists and extremists, but generate a small source of funds, create loose networks of likeminded individuals and serve to keep propaganda available to potential new recruits.’82
Online advertising
Of the five channels in our sample that directed viewers to associated websites, three of those websites appeared to use Google AdSense (an online advertising program that could allow them to earn revenue when ads are seen or clicked), based on analysis using the BuiltWith website analytics tool. One also used Amazon Advertising and appeared to be part of an Amazon Associates Program, which allows web-page owners to recommend and link to Amazon products and earn money if a sale occurs, among other functions.83 Links from the website to a number of products on Amazon’s webstore included Store ID tags.
Cryptocurrencies
We observed wallet addresses for cryptocurrencies including bitcoin, monero, ethereum, ripple and litecoin promoted in Telegram channels and on associated accounts as a means of soliciting funds.
John Bambeneck, a computer security researcher who has tracked donations to RWE figures in Europe and the US, said in an interview that such figures still mostly use bitcoin ‘because that’s the easiest for people to get their minds around for low dollar donors’. Nevertheless, while money may be accepted in bitcoin, it can be converted to another cryptocurrency and moved to another wallet in an attempt to ‘create a break in traceability’.84
The use of cryptocurrencies can also be seen as part of a distrust of traditional financial institutions by RWE actors, and, in some cases, the developers of these ‘coins’ have explicitly cultivated that perception.85 Monero, in particular, has been embraced by overseas RWE channels due to its emphasis on privacy and lack of traceability. Notorious white supremacist website the Daily Stormer has announced that it accepts only monero donations after having been pushed off other funding platforms.86 While it can’t promise complete anonymity, monero claims to ‘hide the sender, amount, and receiver in the transaction’, making it difficult for third parties to track.87 It does it by mixing the wallet address with others when the coin is transferred.88
In contrast, researchers were previously able to track bitcoin sent to a range of RWE figures in the US.89
In one case, according to a 14 January 2021 Chainalysis report, American RWE figure Nick Fuentes was gifted bitcoin worth around US$250,000 from a donor in December 2020.90 ‘Previously, the most he had ever received in a single month was $2,707 worth of Bitcoin,’ according to the report.
A monero wallet address was also shared on a Telegram channel associated with Thomas Sewell, describing the funds raised as being used for Sewell’s legal fees. Likewise, a channel linked to Sewell’s former associate Blair Cottrell similarly advertised a number of cryptocurrency addresses, described as a means of supporting his content. Cottrell was convicted of ‘inciting hatred, contempt and ridicule of Muslims’ in 2017.91
Despite the increasing difficulty of tracking some types of cryptocurrency transactions, Bambeneck emphasised that there are still relatively few platforms on which money can be turned into cryptocurrency and donated, and vice versa, and that this provides a potential point of scrutiny by authorities where appropriate. ‘They can be sitting on a bunch of monero, but eventually they’re going to want to cash it out, so they’re going to want to use regulated exchanges,’ he said.92
Table 2 shows the highest balances over the 12 months to 15 July 2021 in some of the cryptocurrency wallet addresses shared in our sample.
Figure 8 is a post on Telegram highlighting Thomas Sewell’s donation request in monero.
Table 3 summarises the use of funding platforms by the channels in our sample.
Table 2: Highest balance over the 12 months to 15 July 2021 in some of the cryptocurrency wallet addresses shared in our sample, as per walletexplorer.com and etherscan.io. (Conversion as of 12 August 2021).
Cryptocurrency
Highest balance over past 12 months
Bitcoin
0.11813704 (A$7,280.84)
Bitcoin
0.01294395 (A$797.74)
Litecoin
0
Ethereum
0.120330393 (A$514.83)
Ethereum
0.009916 (A$42.43)
Note: We can’t confirm who controls the wallet, whether funds in the wallet were raised by donation solely or in part, or whether funds were cashed out or transferred to another wallet. Monero and ripple aren’t included.
Figure 8: A post on Telegram highlighting Thomas Sewell’s request seeking donations in monero.
Table 3: Summary of funding platforms in our sample of nine Telegram channels.
Platform
Presence in sample
Bitcoin (BTC)
Two channels
Monero
Two channels
Litecoin (LTC)
One channel
Ripple (XRP)
Two channels
Ethereum (ETH)
Two channels
DLive
Five channels
Entropy
Three channels
Odysee
Four channels
BitChute
Five channels
Trovo
Three channels
Platform policies and demonetisation
All but two of the platforms and services we examined had terms of service for users that explicitly prohibited hate speech or threatening behaviour in some way (Table 4). In general, however, online content and payment platforms grant themselves considerable flexibility when it comes to interpreting and enforcing their own rules and typically operate with limited independent oversight and disclosure.93 Efforts to remove individuals and groups that share RWE content from funding platforms have often been prompted by public pressure on private companies to enforce their existing terms of service. For example, following the Unite the Right rally in Charlottesville in 2017, which left one woman dead, PayPal was pushed to remove accounts used by figures involved in the event.94 Activist groups have also pressured payment providers such as Mastercard and Visa to remove what they called ‘white supremacist groups’ from their platforms.95 Bringing significant challenges for freedom of expression as well as social risks, the enforcement of terms of service by funding platforms has been described as ‘reactive and arbitrary’.96
Table 4: The policies on hate speech of platforms used by a sample of 9 RWE channels in Australia as of 15 July 2021.
Platform
Policy on hate speech and extremist groups
DLive
DLive prohibits activities and material (including live streams, videos and comments) that: ‘Constitute or encourage hate speech that directly attacks a person or group on the basis of race, ethnicity, national origin, religion, medical or mental condition, disability, age, sexual orientation, gender, or gender identity’.
Entropy
No policy on website.
Odysee
No specific policy on hate speech, but prohibits using the service to ‘Stalk, intimidate, threaten, or otherwise harass or cause discomfort to other users’ or ‘for any illegal or unauthorized purpose or [to] engage in, encourage, or promote any illegal activity’.
Trovo
Prohibits conduct that would ‘promote or advocate for terrorism or violent extremism’ or ‘is threatening, abusive, libelous, slanderous, fraudulent, defamatory, deceptive, or otherwise offensive or objectionable’.
Buy Me a Coffee
Prohibits content that’s ‘threatening, abusive, harassing, defamatory, libelous, tortious, obscene, profane, or invasive of another person’s privacy’.
Ko-fi
Prohibits ‘hate speech, intimidation or abuse of any kind targeting any individual, group or institution’.
PayPal
Prohibits use of the service for activities that involve ‘the promotion of hate, violence, racial or other forms of discriminatory intolerance or the financial exploitation of a crime’.
BitChute
Prohibits activities that contain incitement to hatred ‘as defined in section 368E subsection (1) of the UK Communications Act 2003. This applies to any material likely to incite hatred against a group of persons or a member of a group of persons based on any of the grounds referred to in Article 21 of the Charter of Fundamental Rights of the European Union’ and ‘any act of violence or intimidation carried out with the intention offurthering a religious, political or any other ideological objective’. BitChute maintains and publishes a prohibited entities list that contains entities that BitChute has independentlyidentified and explicitly prohibited on the platform under this guideline.
GoFundMe
Users agree not to use the service for ‘User Content or reflecting behavior that we deem, in our sole discretion, to be an abuse of power or in support of hate, violence, harassment, bullying, discrimination, terrorism, or intolerance of any kind relating to race, ethnicity, national origin, religious affiliation, sexual orientation, sex, gender, gender identity, gender expression, serious disabilities or diseases’.
SubscribeStar
Prohibits use that would ‘harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability’.
Patreon
Prohibits ‘projects funding hate speech, such as calling for violence, exclusion, or segregation. This includes serious attacks on people based on their race, ethnicity, national origin, religion, sex, gender, sexual orientation, age, disability or serious medical conditions.’
Represent
Prohibits material that is ‘hateful, or racially, ethnically or otherwise objectionable’ or is ‘advocating persecution based on gender, age, race, religion, disability or national origin, containing explicit sexual content or is otherwise inappropriate for Represent production’.
WooCommerce
No policy. A spokesperson told ASPI ‘WooCommerce, just like WordPress, is a free and open‑source software (as opposed to a platform/SAAS) distributed under GPL V2 license which means that anyone is free to use and modify it without any restrictions or supervision from our side. There isn’t a way for us to force any sort of policies on WooCommerce users, or monitor any sort of compliance.’97
Square
Prohibits the upload or provision of content that ‘is false, misleading, unlawful, obscene, indecent, lewd, pornographic, defamatory, libelous, threatening, harassing, hateful, abusive, or inflammatory’.
Donorbox
Prohibits ‘engaging in, encouraging, promoting, or celebrating unlawful violence toward any group based on race, religion, disability, gender, sexual orientation, national origin, or any other immutable characteristic’.
Google AdSense
Prohibits content that ‘incites hatred against, promotes discrimination of, or disparages an individual or group on the basis of their race or ethnic origin, religion, disability,age, nationality, veteran status, sexual orientation, gender, gender identity, or othercharacteristic that is associated with systemic discrimination or marginalization’.
Amazon Associates Program
Unsuitable sites include those that ‘promote or contain materials or activity that is hateful, harassing, harmful, invasive of another’s privacy, abusive, or discriminatory (including on the basis of race, color, sex, religion, nationality, disability, sexual orientation, or age)’.
Indeed, the approach of payment platforms to RWE content wasn’t consistent among our sample.98 Buy Me a Coffee fundraisers posted to a Telegram channel associated with Thomas Sewell appeared to be repeatedly suspended, but the company declined to say why.99 However, some of the sites used by our sample that allow donations or tips, such as the live-streaming platform DLive, have announced crackdowns on ‘violent extremists’.100 Nevertheless, we found Australian RWE DLive channels circumventing the platform’s policies, potentially due to their lack of international prominence, limited monitoring or a lack of focus from those platforms on Australia.
The definitional difficulties surrounding the sharing of RWE content, as explored above, may also play a role. The platforms rarely define, at least in publicly available documentation, what they mean by terms such as ‘hate speech’ or how a determination is made. One exception was Patreon, which provided a list of questions it may consider when reviewing an account for a potential hate-speech violation, such as ‘Does the creator glorify a group that is known to support ideologies that would be classified as hate speech under this policy?’101
The history of public pressure leading to RWE deplatforming from funding platforms has arguably fuelled what Cynthia Miller-Idriss has called an ‘entrepreneurial spirit within the far-right’.102 RWE groups and figures in the US and Europe have moved to fundraising platforms with fewer restrictions or those purpose-built for them. The now inactive crowdfunding site Hatreon is one example of this attempt to supplant more mainstream funding sources.103 However the demise of Hatreon (Visa reportedly suspended its processing support for the site) shows how funding platforms remain vulnerable to the decisions of major payment processors.104
Cryptocurrencies offer an increasingly popular alternative that’s seen as less vulnerable to deplatforming, as indicated by their use among our sample.105 Nevertheless, pressure points may emerge where cryptocurrencies are converted into or out of fiat currencies. Coinbase, a popular cryptocurrency exchange, reportedly shut down accounts attempting to make bitcoin transfers to RWE website the Daily Stormer in 2017.106 The company’s user agreement prohibits uses that ‘encourage hate, racial intolerance, or violent acts against others’.107 Reasearch fellow with the International Centre for Counter-Terrorism, Dr Eviane Leidig has also proposed that cryptocurrency exchanges like Coinbase and Bittrex become members of the Global Internet Forum to Counter Terrorism, which is a collection of technology companies that works to counter terrorist and violent extremist activity online.108
International case study
RWE figures in the US have raised significant amounts using crowdfunding tied to high-profile events such as the Million MAGA Marches in late 2020 and the 6 January 2021 Capitol riots. While the US political and media ecosystems are unique, they nevertheless provide an example of the scale of fundraising possible using online platforms. We don’t attempt to assess the legality of that activity in this report.
Various militia groups, as well as the Proud Boys (labelled a hate group by the SPLC109 and designated as a terrorist entity in Canada),110 appear to have raised thousands of dollars on the Christian crowdfunding platform GiveSendGo in December 2020 and January 2021, as revealed by a website data breach. Shared with ASPI ICPC by transparency group Distributed Denial of Secrets,111 the GiveSendGo dataset shows that the site was used to raise at least $172,000 in support of activities with claimed links to Proud Boy chapters in the two-month period, with the stated goal of covering expenses such as costs of travel and materials. As noted by The Guardian, ‘Two separate fundraisers asked patrons to fund protective gear and communications equipment for regional Proud Boys chapters, raising $4,876 and $12,900 respectively’.112 Analysis by the Washington Post found that at least $247,000 was raised on the site for 24 people looking to cover ‘travel, medical or legal expenses connected to “Stop the Steal” events’.113
GiveSendGo was also used to raise at least $164,399 as part of ‘legal defense’ funds as of February 2021, including funds ostensibly for high-profile figures in the Proud Boys, including Enrique Tarrio (at least $113,000, according to the DDoSecrets data and a cached GiveSendGo page)114 and Nick Ochs (two funds appear in his name, amounting to at least $22,899, according to the DDoSecrets data and cached GiveSendGo pages),115 as well as members of militia groups (Figure 9). These are likely to be a conservative estimates, given that we included only individuals and funds in our dataset with alleged links to events leading up to and including the 6 January riot and to the Proud Boys or the militia group Oath Keepers, as verified by cached records of the GiveSendGo website, media reports and other sources. In addition, some fundraisers captured in the DDoSecrets dataset are still accepting funds.
Figure 9: Funds raised on GiveSendGo as of February 2021 that are claimed to be linked to the Proud Boys and Oath Keepers, drawn from Distributed Denial of Secrets data.
‘Breadcrumbs’ and ties to the international RWE ecosystem
The online funding mechanisms described in this report also serve as an additional point of connection between the Australian RWE milieu and those who share their views internationally.
Funding techniques and strategies developed in one country or ecosystem are copied and refined, and vice versa. As Tom Keatinge, Florence Keen and Kayla Izenman wrote in 2019:
While there is no international struggle under which these actors currently unite (in contrast to the threat posed by Islamist actors), RWE terrorist and extremist groups are increasingly connected, sharing and emulating best practices, which may include financial methodologies and the transferring of funds.116
Public channels on Telegram, in particular, allow messages to easily be forwarded into other groups – a mechanism that helps build the RWE community domestically and internationally. For example, we observed pleas for support for Thomas Sewell’s legal fund, which the associated Telegram channel said could be provided in the cryptocurrency monero or via Buy Me a Coffee, forwarded into North American RWE Telegram channels—some with more than 50,000 members (Figure 10). Video clips of his alleged confrontation with a security guard, which resulted in an assault charge, were also highly shared across a variety of local and foreign Telegram channels alongside the financial support request.117
Figure 10: Calls for funding created in March 2021 in a Telegram channel associated with Tom Sewell and forwarded into a sample of Australian and overseas RWE and conspiracy theory channels (channel subscriber numbers recorded in July 2021).
We also observed channels in our sample and associated individuals solidifying connections to the international RWE ecosystem by appearing on British, South African and American podcasts and live-stream shows, which were sometimes used to promote fundraising efforts and posted back on their associated Telegram channels (Figure 11). In some cases, such exchanges appear to be formalised: individuals associated with at least two channels in the sample have regular shows and contribute to overseas media channels that sometimes share RWE content, although it isn’t clear what or whether they earn from those relationships financially.
Figure 11: The top 20 Telegram channels forwarded into a Telegram channel that shares content from a North American RWE figure between 1 January and 15 July 2021; a channel associated with Australian Thomas Sewell is among the top 10.
Recommendations
The ways online funding mechanisms can be exploited by individuals and groups sharing RWE material in Australia are an emerging problem. Strong policies and programs to address the drivers of right-wing extremism are important for undermining both the popularity of online extremist content and for disengaging people from RWE movements. However, another strategy that Australian law enforcement, intelligence agencies, policymakers and civil society should explore involves addressing and undermining the financial incentives that can help sustain and grow such movements. This report makes recommendations for government, companies and civil society. These recommendations are grouped into six categories:
1. Reporting obligations for online platforms that allow fundraising
Some financial platforms have obligations under Australia’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) if they reach the benchmark of providing a ‘designated service’ with a ‘geographical link’ to Australia, among other requirements.118 While that may be unlikely or complex for some foreign entities that do not have a permanent establishment in Australia, for example, the AML/CTF Act requires a variety of customer identification and verification processes, as well as the reporting of suspicious transactions and record keeping.
Government and regulators should:
consider whether some of the emerging financial platforms discussed in this report have obligations under the AML/CTF Act
consider new processes to ensure that emerging online financial platforms are recording and reporting suspicious transactions, among other obligations, even if the service is not located in Australia.
2. Hate crime monitoring
As this report notes, Australia lacks a central registry of hate crimes and related incidents similar to the US Federal Bureau of Investigation’s Hate Crime Statistics program. Some organisations, such as Islamophobia Register Australia, track incidents. However, data is collected using different criteria, verification and methodologies and isn’t centralised, frustrating an overarching understanding of such crimes.119 As Professor Greg Barton has written, ‘we are flying blind’.120 Such a registry would provide considerable benefit in understanding the prevalence of RWE-motivated incidents and crime in Australia and provide a better framework to understand related financial activity.
The government should work with civil society and other groups to create a unified national hate crime and incidents statistics database.
3. Prohibitions against the commercial exploitation of a person’s notoriety from criminal offending
In Australia, various legal jurisdictions have varying and at times controversial laws aimed at preventing criminals from benefiting from their crimes,121 including in some cases from ‘selling’ their story.122 For example, the Proceeds of Crime Act 2002 has provisions that aim to deprive people of ‘literary proceeds derived from the commercial exploitation of their notoriety from having committed offences’.123 Commercial exploitation can be by any means, including visual media.124
Law enforcement should consider whether the online fundraising of RWE figures in Australia who have gained notoriety from criminal activity falls under the Proceeds of Crime Act or similar state provisions.
4. Enhanced transparency reporting
Many of the platforms in our sample have been co-opted by groups and individuals that share RWE content, even if they weren’t built for that purpose. In general, however, few offer governments, researchers, civil society or the public significant transparency about who is using their platforms, how much is being raised or whether funds are successfully ‘cashed out’—all of which necessarily raise privacy considerations, among other civil liberty concerns. Nor do they typically share detailed reports on how many accounts have been closed or removed from their platforms for sharing hate speech or otherwise breaking platform policies. This is also an issue when it comes to ‘false positives’, or when users are inappropriately removed—and especially when there are no meaningful avenues for appeal.
It’s important to note that ‘arbitrary and reactive’ action on the use of such platforms to fund RWE individuals and movements allows private companies considerable latitude over serious social issues, and government and civil society groups must play a role in defining platform regulatory responsibilities, thresholds and safeguards.125 Civil society is already pushing for change in this space.126 In June 2021, for example, the Electronic Frontier Foundation and 21 other digital rights organisations wrote to PayPal and its subsidiary Venmo calling on the companies to ‘ensure due process, transparency, and accountability’ for users.127 To that end, the letter broadly called for the companies to:
Publish regular transparency reports
Provide meaningful notice to users
Offer a timely and meaningful appeal process.
Non-governmental bodies such as the Global Internet Forum to Counter Terrorism are also playing a role in the moderation of extremist content,128 although not without scrutiny concerning the transparency and accountability of their activities.129 Founded in 2017 by Facebook, Microsoft, Twitter and YouTube, the forum aims to build tools and processes that counter the use of technology platforms by terrorists and violent extremists. Likewise, the Organisation for Economic Co-operation and Development is developing a Voluntary Transparency Reporting Framework for Terrorist and Violent Extremist Content Online.130
Government agencies, companies and civil society should:
examine multilateral mechanisms to ensure greater platform transparency and accountability on policy and enforcement
come together with the platforms and services mentioned in this report, where possible, to discuss opportunities for enhanced transparency and accountability regarding the application of those platforms’ terms of services and opportunities for greater clarity and information sharing
examine opportunities to promote a ‘safety by design’ approach that puts user safety and rights at the centre of the design, development and release of online funding products and services.
5. Further research on the relationships between online content creation and fundraising by RWE influencers, radicalisation and mobilisation to violence
More research is needed to better understand how online funding platforms may incentivise or help sustain the growth of RWE entities in Australia, and the symbiotic relationship between the two.
Government agencies and civil society should fund and support work that examines, among other topics:
further themes, tools and narratives of RWE fundraising in Australia
whether law enforcement agencies have sufficient capability and expertise to investigate these online ecosystems, and identify potential training to overcome any gaps
how the RWE funding ecosystem may overlap with other online movements, such as groups that espouse conspiracy theories concerning Covid-19
how the broader online ecosystem (for example, video platforms, chat apps, social media services and hosting services) amplifies, distributes or conducts traffic to the funding platforms mentioned in this report.
6. Countering violent extremism
While more work needs to be done to understand the role of online funding mechanisms in the RWE ecosystem, countering violent extremism early-intervention providers in government agencies and NGOs should be aware that those funding mechanisms could be a factor when they’re working to disengage people from the RWE community.
Government agencies and NGOs that provide countering violent extremism services should investigate whether income from online platforms could be influential or appealing for radicalised or at-risk individuals, and build the ability to identify that potential influence.
Acknowledgements
Thank you to Danielle Cave, Dr Jacob Wallis and Albert Zhang for all of their work on this project. Thank you also to all of those who peer reviewed this work and provided valuable feedback, including anonymous reviewers and Dr John Coyne, Michael Shoebridge, Fergus Hanson, Dr Debra Smith, Lydia Khalil, Dr Kaz Ross and Levi West. ASPI’s International Cyber Policy Centre receives funding from a variety of sources including sponsorship, research and project support from across governments, industry and civil society. No specific funding was received to fund the production of this report.
What is ASPI?
The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.
ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.
ASPI International Cyber Policy Centre
ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.
The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.
We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. If you would like to support the work of the centre please contact: icpc@aspi.org.au
Important disclaimer
This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.
This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.
First published August 2021 ISSN 2209-9689 (online) ISSN 2209-9670 (print)
Cover image produced by Claudia Chinyere Akole
Funding Statement: No specific sponsorship was received to fund production of this report.
As an example, in June 2020, Facebook designated ‘boogaloo’ a ‘violent US-based anti-government network as a dangerous organization’ and banned it from the platform under its under Dangerous Individuals and Organizations policy, online. ↩︎
Gerrit De Vynck, Ellen Nakashima, ‘RWE groups move online conversations from social media to chat apps—and out of view of law enforcement’, Washington Post, 18 January 2021, online. ↩︎
The 2021 Lowy Institute Poll found that 42% of those surveyed saw ‘right-wing extremism as a critical threat to the vital interests of Australia in the next ten years’, online. ↩︎
Will Carless, ‘Crowdfunding hate: how white supremacists and other extremists raise money from legions of online followers’, USA Today, 4 February 2021, online. ↩︎
In March 2021, ASIO Director-General Mike Burgess announced the organisation’s new preference to categorise violent extremism as ‘religiously motivated’ or ‘ideologically motivated’, rather than as ‘Islamic’ or ‘RWE’, for example—a change that was challenged by some terrorism experts and political figures. ‘Ideological extremism’ includes right-wing extremism. Burgess told The Guardian that he would still say ‘extreme rightwing terror … when it matters and when that is sensibly there’. Daniel Hurst, ‘Australia’s spy chief vows to call out rightwing terrorism when there’s a specific threat’, The Guardian, 20 March 2021, online. ↩︎
Australian Security Intelligence Organisation (ASIO), Director-General’s annual threat assessment, Australian Government, 17 March 2021, online. ↩︎
Telegram is a messaging application. For more discussion of Telegram, please see the section titled ‘Telegram’ under the ‘Platform analysis’ section on page 10. ↩︎
Report: Royal Commission of Inquiry into the terrorist attack on Christchurch masjidain on 15 March 2019, Part 4, Chapter 7, paragraph 17, New Zealand Royal Commission, 21 December 2020, online. ↩︎
‘Posing as patriots: Graphika exposes an active campaign by suspected Russian actors to covertly target RWE US audiences on alternative platforms’, Graphika, 7 June 2021, online. ↩︎
Kristy Campion, ‘A “lunatic fringe”? The persistence of right wing extremism in Australia’, Perspectives on Terrorism, April 2019, online. ↩︎
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/03/19142059/PB49-BuyingSellingExtremism_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-08-19 06:00:002025-03-19 14:27:55Buying and selling extremism
The ANZUS Treaty was signed on 1 September 1951 in San Francisco. It was the product of energetic Australian lobbying to secure a formal US commitment to Australian and New Zealand security. At the time, the shape of Asian security after World War II was still developing. Canberra worried that a ‘soft’ peace treaty with Japan might one day allow a return of a militarised regime to threaten the region.
ANZUS at 70 explores the past, present and future of the alliance relationship, drawing on a wide range of authors with deep professional interest in the alliance. Our aim is to provide lively and comprehensible analysis of key historical points in the life of the treaty and indeed of the broader Australia–US bilateral relationship, which traces its defence origins back to before World War I.
ANZUS today encompasses much more than defence and intelligence cooperation. Newer areas of collaboration include work on cybersecurity, space, supply chains, industrial production, rare earths, emerging science and technology areas such as quantum computing, climate change and wider engagement with countries and institutions beyond ANZUS’s initial scope or intention.
The treaty remains a core component of wider and deeper relations between Australia and the US. This study aims to show the range of those ties, to understand the many and varied challenges we face today and to understand how ANZUS might be shaped to meet future events.
Watch the launch webinar here.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/13221316/ANZUS-at-70_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-08-18 06:00:002025-03-06 14:18:29ANZUS at 70: The past, present and future of the alliance
It’s not just nation-states that interfere in elections and manipulate political discourse. A range of commercial services increasingly engage in such activities, operating in a shadow online influence-for-hire economy that spans from content farms through to high-end PR agencies. There’s growing evidence of states using commercial influence-for-hire networks. The Oxford Internet Institute found 48 instances of states working with influence-for-hire firms in 2019–20, an increase from 21 in 2017–18 and nine in 2016–17.1 There’s a distinction between legitimate, disclosed political campaigning and government advertising campaigns, on the one hand, and efforts by state actors to covertly manipulate the public opinion of domestic populations or citizens of other countries using inauthentic social media activity, on the other. The use of covert, inauthentic, outsourced online influence is also problematic as it degrades the quality of the public sphere in which citizens must make informed political choices and decisions.
The Asia–Pacific region contains many states in different stages of democratisation.2 Many have transitioned to democratic forms of governance from authoritarian regimes. Some have weak political institutions, limitations on independent media and fragile civil societies. The rapid rate of digital penetration in the region layered over that political context leaves populations vulnerable to online manipulation. In fragile democratic contexts, the prevalence of influence-for-hire operations and their leverage by agents of the state is particularly problematic, given the power imbalance between citizens and the state.
A surplus of cheap digital labour makes the Asia–Pacific a focus for operators in this economy, and this report examines the regional influence-for-hire marketplace using case studies of online manipulation in the Philippines, Indonesia, Taiwan and Australia. Governments and other entities in the region contract such services to target and influence their own populations in ways that aren’t transparent and that may inhibit freedom of political expression by drowning out dissenting voices. Several governments have introduced anti-fake-news legislation that has the potential to inhibit civic discourse by limiting popular political dissent or constraining the independence of the media from the state.3 These trends risk damaging the quality of civic engagement in the region’s emerging democracies.
What’s the solution?
This is a policy problem spanning government, industry and civil society, and solutions must incorporate all of those domains. Furthermore, influence-for-hire services are working in transnational online spaces that cut across legislative jurisdictions. Currently, much of the responsibility for taking action against the covert manipulation of online audiences falls to the social media companies.
It’s the companies that carry the responsibility for enforcement actions, and those actions are primarily framed around the terms of service and content moderation policies that underpin platform use. The platforms themselves are conscious of the growing marketplace for platform-manipulation services. Facebook, for example, notes this trend in its strategic threat report, The state of influence operations 2017–2020.4
Solutions must involve responsibility and transparency in how governments engage with their citizens.
The use of online advertising in political campaigning is distinct from the covert manipulation of a domestic population by a state. However, governments, civil society and industry have shared interests in an open information environment and can find alignment on the democratic values that support free—and unmanipulated—political expression. Support for democratic forms of governance remains strong in the Asia–Pacific region,5 albeit with degrees of concern about the destabilising potential of digitally mediated forms of political mobilisation and a trend towards democratic backsliding over the last decade that is constraining the space for civil society.6
The technology industry, civil society and governments should make that alignment of values the bedrock of a productive working relationship. Structures bringing these stakeholders together should reframe those relationships—which are at times adversarial—in order to find common ground. There will be no one-size-fits-all solution, given the region’s cultural diversity. Yet the Asia–Pacific contains many rapidly emerging economies that can contribute to the digital economy in creative ways. The spirit of digital entrepreneurship that drives content farm operations should be reshaped through stakeholder partnerships and engagement into more productive forms of digital labour that can contribute to a creative, diverse and distinct digital economy.
Introduction
It is already well known that the Kremlin’s covert interference in the 2016 US presidential election was outsourced to the now infamous Internet Research Agency.7
ASPI’s investigations of at-scale manipulation of the information environment by other significant state actors have also identified the use of marketing and spam networks to obfuscate state actor involvement. For example, ASPI has previously identified the use of Indonesian spam marketing networks in information operations attributed to the Chinese Government and targeting the Hong Kong protest movement in 2019.8 In 2020, ASPI also discovered the Chinese Government’s repurposing of Russian and Bangladeshi social media accounts to denigrate the movement.9 Those accounts were likely to have been hacked, stolen or on-sold in the influence-for-hire shadow economy. In May 2021, Facebook suspended networks of influence-for-hire activity run from Ukraine targeting domestic audiences and linked to individuals previously sanctioned by the US Department of the Treasury for attempted interference in the 2020 US presidential election.10
Audience engagement with, and heightened sentiment about civic events create new business models for those motivated to influence. Australia’s 2019 federal election was targeted by financially motivated actors from Albania, Kosovo and the Republic of Northern Macedonia.11 Those operators built large Facebook groups, used inflammatory nationalistic and Islamophobic content to drive engagement, and seeded the groups with links through to off-platform content-farm websites. Each click-through from the Facebook group to the content-farm ecosystem generated advertising revenue for those running the operation. A similar business model run from Israel used similar tactics to build audiences on Facebook, again manipulating and monetising nationalistic and Islamophobic sentiment to build audiences that could be steered to an ad-revenue-generating content-farm ecosystem of news-style websites.12 Mehreen Faruqi, Australia’s first female Muslim senator, was a target of racist vitriol among the 546,000 followers of 10 Facebook pages within the network. These financially motivated actors demonstrate that even well-established democracies are vulnerable to manipulation through exploitation of the fissures in their social cohesion.
This report examines the influence-for-hire marketplace across the Asia–Pacific through case studies of online manipulation in the Philippines, Indonesia, Taiwan and Australia over five chapters and concludes with policy recommendations (pages 36-37). The authors explore the business models that support and sustain the marketplace for influence and the services that influence operators offer.
Those services are increasingly integrated into political campaigning, yet the report highlights that those same approaches are being used by states in the region to influence their domestic populations in ways that aren’t transparent and that constrict and constrain political expression. In some instances, states in the region are using commercial services as proxies to covertly influence targeted international audiences.
Download full report
The above sections are the report introduction only – readers are encouraged to download the full report which includes many case-studies and references.
Editor and project manager: Dr Jacob Wallis is Head of Program, Information Operations and Disinformation at ASPI’s International Cyber Policy Centre.
About the authors:
Ariel Bogle is an Analyst at ASPI’s International Cyber Policy Centre.
Albert Zhang is a Researcher at ASPI’s International Cyber Policy Centre.
Hillary Mansour is a Research Intern at ASPI’s International Cyber Policy Centre.
Tim Niven is a Research Scientist at Taiwan-based DoubleThink Lab.
Elena Yi-Ching Ho was a Research Intern at ASPI’s International Cyber Policy Centre.
Jason Liu is a Taiwan-based investigative journalist.
Dr Jonathan Corpus Ong is Associate Professor, University of Massachusetts-Amherst and Shorenstein Center Fellow, Technology and Social Change Project, Harvard Kennedy School.
Dr Ross Tapsell is Senior Lecturer at the College of Asia & the Pacific at Australian National University.
Acknowledgements
Thank you to Danielle Cave and Fergus Hanson for all of their work on this project. Thank you also to peer reviewers inside of ASPI, including Michael Shoebridge, and external, anonymous peer reviewers for their useful feedback on drafts of the report. Facebook Inc. provided ASPI with a grant of AU$100,000 which was used towards this report. The views reflected in the report are those of the authors only. Additional research costs were covered from ASPI ICPC’s mixed revenue base. The work of ASPI ICPC would not be possible without the support of our partners and sponsors across governments, industry and civil society.
What is ASPI?
The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.
ASPI International Cyber Policy Centre
ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.
The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.
We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. If you would like to support the work of the centre please contact: icpc@aspi.org.au
Important disclaimer
This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.
This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers.
Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.
First published August 2021. ISSN 2209-9689 (online), ISSN 2209-9670 (print).
Cover image: Illustration by Wes Mountain. ASPI ICPC and Wes Mountain allow this image to be republished under the Creative Commons License Attribution-Share Alike. Users of the image should use the following sentence for image attribution: ‘Illustration by Wes Mountain, commissioned by the Australian Strategic Policy Institute’s International Cyber Policy Centre.’
Funding statement: This report was in part funded by Facebook Inc.
Samantha Bradshaw, Hannah Bailey, Philip N Howard, Industrialized disinformation: 2020 global inventory of organized social media manipulation, Computational Propaganda Research Project, 2020, online. ↩︎
Lindsey W Ford, Ryan Hass, Democracy in Asia, Brookings Institution, 22 January 2021, online. ↩︎
Andrea Carson, Liam Fallon, Fighting fake news: a study of online misinformation regulation in the Asia Pacific, La Trobe University, January 2021, online. ↩︎
Threat report: the state of influence operations 2017–2020, Facebook, May 2021, online. ↩︎
L.F. Ford, R. Hass, Democracy in Asia, Brookings, 2021, online. ↩︎
US Department of Justice, Internet Research Agency indictment, US Government, 2018, online. ↩︎
T Uren, E Thomas, J Wallis, Tweeting through the Great Firewall: preliminary analysis of PRC-linked information operations on the Hong Kong protests, ASPI, Canberra, 3 September 2019, online. ↩︎
Wallis, T Uren, E Thomas, A Zhang, S Hoffman, L Li, A Pascoe, D Cave, Retweeting through the Great Firewall: a persistent and undeterred threat actor, ASPI, Canberra, 12 June 2020, online. ↩︎
Facebook, April 2021 coordinated inauthentic behaviour report, 2021, online. ↩︎
M Workman, S Hutcheon, ‘Facebook trolls and scammers from Kosovo are manipulating Australian users’, ABC News, 15 March 2019, online. ↩︎
C Knaus, M McGowan, M Evershed, O Homes, ‘Inside the hate factory: how Facebook fuels far-right profit’, The Guardian, 6 December 2019, online. ↩︎
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/03/19140308/pb48-influence4hire-banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-08-10 06:00:002025-03-19 14:07:23Influence for hire. The Asia-Pacific’s online shadow economy
Country agnosticism, under which Australia’s laws treat all foreign influence efforts in the same way, regardless of their source country, is the key failing of Australia’s statutory response to foreign governments’ influence activities.
It has imposed sweeping, unnecessary regulatory costs. It has caused waste of taxpayer-funded enforcement resources. It has diverted those resources from the issues that really matter. And it has brought unnecessary legal complexity. Yet for all that, nobody believes that the laws are truly country agnostic. Not the Australian media, which routinely describe them as ‘aimed at’ China. Nor, presumably, the media’s audience. Nor, certainly, the Chinese Communist Party (CCP), which regards itself as the target, explicitly citing the laws as a key grievance.
Perhaps the greatest cost of country agnosticism is that the current statutory framework isn’t as effective as it needs to be. Why? In adopting a country-agnostic stance, we blinded ourselves to the very factor that matters most in evaluating and responding to foreign influence—its source country.
It’s time to remove the blindfold. We should recognise this basic truth: foreign influence transparency requirements must be more stringent in relation to some source countries than others.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/15145234/SR171-LoosingAgnosticism-banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-07-22 06:00:002025-03-06 15:18:45Losing our agnosticism. How to make Australia’s foreign influence laws work
In this report, authors Dr John Coyne and Dr Teagan Westendorf seek to move Australia’s public policy discourse on the future of Darwin Port beyond a binary choice. In doing so, they consider the Harbour’s history, the nature of its strategic importance to Australia and our allies, and opportunities for its future development.
The report explores four potential options for the future development of the Port and Harbour. Rather than providing a specific policy treatment on the current leasing arrangements, this work focuses on promoting policy discourse on a unifying vision for the future of Darwin Harbour.
A key insight from this analysis is that this moment is an opportunity for the federal government to work with the Northern Territory Government to harness the existing plans for the Port’s future, including those proposed by Defence, the US and the NT Government, and embed those plans within the broader strategic vision for Australia moving forward. While each of these worthy plans undoubtedly has merit, the question is whether, by carefully harnessing them together, they could produce a greater economic and national security whole.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/15144844/Lead-me-to-the-harbour_banner.jpg4501350nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-07-21 06:00:002025-03-06 15:02:51‘Lead me to the harbour!’: Plotting Darwin Harbour’s future course
Early in the Covid-19 pandemic, the myGov website was overwhelmed by a demand surge from citizens seeking to rapidly access digital services. In 2016, the online Census (eCensus) suffered a series of relatively small distributed denial-of-service (DDoS) attacks. While they didn’t overwhelm the platform, the attacks ultimately resulted in the eCensus being taken offline.
What do these two examples have in common, and what lessons should we learn to ensure more robust digital government services?
To answer those questions, this paper will examine five points:
The nature of the DDoS attacks
The CIA (confidentiality, integrity and availability) triad model for digital security
How to predict demand
How to respond to unpredictable demand
The structure of reliable data systems
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/15145727/Digital-government-services_thumb.png842596nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-07-20 06:00:002024-12-15 14:59:54Digital government services. Building for peak demand.
More than at any time since World War II, science and technology (S&T) breakthroughs are dramatically redesigning the global security outlook. Australia’s university sector now has a vital role to play in strengthening Australia’s defence.
In this paper, we propose establishing a formal partnership between the Defence Department, defence industry and Australian universities. There’s a significant opportunity to boost international defence S&T research cooperation with our Five-Eyes partners: the US, UK, Canada and New Zealand. We outline how this can be done.
Central to this partnership proposal is the need to restructure current arrangements for Defence funding of Australian universities via the creation of an Australian Defence Advanced Research Projects Agency (DARPA)— based on the highly successful American model, which the UK plans to emulate in 2022. In Australia, implementing these initiatives will contribute significantly to a vital restructuring of the university sector’s research funding model. An Australian DARPA, with robustly managed security, will enhance research ‘cut-through’ in the defence sector and the wider economy.
We think it’s also vital that this work, underpinned by a DARPA-like culture of urgency and innovation and with potential to affect several portfolios beyond Defence, needs to be championed at the government level. In the modern Australian system of government, that means the Prime Minister needs to be directly involved. Urgent means urgent. At least for the first few years of its life, an Australian DARPA should, in our view, report through Defence to the Prime Minister and the National Security Committee of Cabinet.
https://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2024/12/15153908/Australian-DARPA_banner.jpg8002400nathanhttps://aspi.s3.ap-southeast-2.amazonaws.com/wp-content/uploads/2025/04/10130806/ASPI-Logo.pngnathan2021-07-14 06:00:002025-03-06 14:18:48An Australian DARPA to turbocharge universities’ national security research: Securely managed Defence-funded research partnerships in Five-Eyes universities
The global rise of ransomware and Australia’s policy options
What’s the problem?
As the Covid-19 pandemic has swept across the world, another less visible epidemic has occurred concurrently—a tsunami of cybercrime producing global losses totalling more than US$1 trillion.1
While cybercrime is huge in scale and diverse in form, there’s one type that presents a unique threat to businesses and governments the world over: ransomware.
Some of the most spectacular ransomware attacks have occurred offshore, but Australia hasn’t been immune. Over the past 18 months, major logistics company Toll Holdings Ltd has been hit twice; Nine Entertainment was brought to its knees by an attack that left the company struggling to televise news bulletins and produce newspapers; multiple health and aged-care providers across the country have been hit; and global meat supplies were affected after the Australian and international operations of the world’s largest meat producer, JBS Foods, were brought to a standstill. It’s likely that other organisations have also been hit but have kept it out of the public spotlight.
A current policy vacuum makes Australia an attractive market for these attacks, and ransomware is a problem that will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed. Developing a strategy now is essential. Not only are Australian organisations viewed as lucrative targets due to their often low cybersecurity posture, but they’re also seen as soft targets. The number of attacks will continue to grow unless urgent action is taken to reduce the incentives to target Australian companies and other entities.
What’s the solution?
All governments, civil society groups and businesses—large and small—need to know how to manage and mitigate the risk of ransomware, but organisations can’t deal with the attacks on their own. Given the significant—and increasing—threat ransomware presents to Australia, new policy measures are fundamental to dealing with this challenge. While there’s no doubt ransomware is difficult to tackle using traditional law enforcement methods because the criminal actors involved are usually located offshore, there are domestic policy levers that can be pulled, for example, to support cybersecurity uplift measures across the economy. Such action is essential because the grim reality is that, when it comes to ransomware, prevention is the best response.
This policy report addresses key areas in Australia where new policies and strategies and improved guidance are needed and also where better support for cybersecurity uplift can be achieved.
Our recommendations include arguments for greater clarity about the legality of ransomware payments, increased transparency when attacks do occur, the adoption of a mandatory reporting regime, expanding the official alert system of the Australian Cyber Security Centre (ACSC), focused education programs to improve the public’s and the business community’s understanding and, finally, incentivising cybersecurity uplift measures through tax, procurement and subsidy measures. We also recommend the establishment of a dedicated cross-departmental ransomware taskforce, which would include state and territory representatives, that would share threat intelligence and develop federal-level policy proposals to tackle ransomware nationally.
Introduction: What’s ransomware?
Ransomware is a form of malware designed and deployed by state and non-state cybercriminals who seek out vulnerabilities in the computer systems of organisations, both large and small, locking up, encrypting and extracting data, and rendering computers and their files unusable.2 Attacks are accompanied by a demand for ransom to be paid in return for decrypting and unlocking systems.
Increasingly, ransomware attacks include an extortion element that usually involves threats to leak stolen data publicly or on the dark web if payment isn’t made (known as ‘hack and leak’) to exert pressure on the victim to pay the ransom.
Furthermore, payments can be difficult to trace because they’re generally made using cryptocurrency.3
This also makes it hard—but not impossible (as we saw with the Colonial Pipeline attack)—to investigate and prosecute the criminals responsible for ransomware attacks. Generally, those criminals operate with impunity in extraterritorial jurisdictions (most notably Russian threat actors) where governments protect or tolerate them or don’t have the legal systems, frameworks or capabilities in place to prosecute them.4
Ransomware is a form of cybercrime that’s both scalable and able to be commoditised. It can be bought as a service, generally on the dark web, where ransomware criminals essentially act as ‘guns for hire’. In 2020, a US analysis found buying malware online was ‘incredibly easy’, and that advanced malware tools sell for as little as US$50.5 The analysis also found that ‘almost all premium malware sellers provide buyers with in-depth tutorials and ideas about using their products for technically unskilled buyers.’6
The most common way ransomware is deployed into a system is via email phishing campaigns, remote access vulnerabilities and software vulnerabilities.7 In the case of phishing, a criminal sends an email containing a malicious file or link that deploys malware when it’s clicked. Phishing campaigns continue to evolve and are becoming increasingly sophisticated and targeted. Remote access vulnerabilities, such as weak username and password combinations, allow criminals access to and control of the computer remotely. Cybercriminals exploit such vulnerabilities via sustained attacks or by obtaining user credentials, which are often purchased on the dark web, enabling the deployment of malware onto a system.8 Finally, cybercriminals leverage security weaknesses in popular software programs to gain control of systems and deploy ransomware.9
It’s important to note that ransomware attacks are entirely foreseeable and almost always defendable.
In the physical world, organisations pay for security alarms, high fences and sensors to protect their property. And the digital world should be no different. Ransomware is simply another crime type and the threat should be viewed as another organisational risk because, behind every ransomware attack, are cybercriminals who have watched their victim’s network, laying the ground for encryption and data theft to hold the victim to ransom.
The domestic landscape
In 2019–20, the ACSC reported an increase in the number of ransomware attacks on Australian organisations, although specific metrics weren’t released.10 According to the ACSC, the top five sectors to report ransomware incidents during that period were health; state and territory governments; education and research; and transport and retail.11 It’s worth noting that the health sector was disproportionately affected, in line with global trends,12 reflecting its attractiveness as a target due to the value of the troves of personal health data stored and, most importantly, the criticality of the services provided. Put simply, a ransom is more likely to be paid if human life is endangered.
It should be noted that transnational cyberattacks are a serious concern for Australians. The recently published results of the 2021 Lowy Institute Poll reported that 98% of the poll’s nationally representative sample viewed ‘cyber attacks from other countries’ as a critical (62%) or important (36%) threat to Australia over the next decade.13 That makes transnational cyberattacks the highest of the 12 threats to Australia’s vital interests that the Lowy Institute asked people about, rating higher than climate change, Covid-19 and other potential epidemics, international terrorism, a severe downturn in the global economy and Australia–China relations.
In a bid to better gauge the public’s understanding of what ransomware is, what it does and what to do in the event of an attack, the Cyber Security Cooperative Research Centre conducted a nationally representative online survey of 1,000 Australian adults in April 2021 on ‘Understanding ransomware’. The results—though not unexpected—painted an alarming picture of just how little the Australian public understands ransomware.
Twenty-five per cent of respondents said ransomware was the most significant cybersecurity threat to Australian businesses, coming in behind hacking (48%). Seventy-seven per cent said they wouldn’t know what to do if they fell victim to a ransomware attack but, when given a set of options, 56% said they would contact the ACSC. Of the respondents, 42% said they understood how a ransomware attack occurred, and 44% indicated that they knew what happened in a ransomware attack. Respondents believed financial gain was the key aim of an attack (71%), followed by data theft (14%).
While this survey wasn’t exhaustive, it clearly shows that the community, generally, has little understanding of ransomware, illustrating that a more concerted effort to educate Australians about it is required. That effort should be teamed with effective tools and policies to mitigate the risk of falling victim to a ransomware attack.
Major reported ransomware attacks in Australia in 2020 and 2021
Major attacks on Australian targets in 2020 and so far in 2021 included the following:
February and May 2020: Toll Holdings Employee and commercially sensitive data was stolen in two separate ransomware attacks on Toll Holdings, which is an Australian logistics giant.14 Some of the stolen data was leaked on the dark web.15 It’s understood that Toll didn’t pay either ransom.16 As a result of the attack, the company has undertaken substantial remediation and cybersecurity uplift programs.17
May 2020: BlueScope Steel A ransomware attack on a US-based system of BlueScope Steel had global ramifications, affecting production at the organisation’s Port Kembla facility in Australia.18 Details of the attack, including whether payment was made, were undisclosed.
June 2020 (two attacks): Lion Dairy and Drinks Dairy processor and drink manufacturer Lion was forced to shut down production as a result of two separate ransomware attacks, which had significant impacts on its vast domestic supply chain.19 Sensitive data was stolen in the attacks, and the criminals responsible threatened to publish it on the dark web.20 It’s unknown whether a ransom was paid.
December 2020: Law in Order Law in Order provides document-management services to the legal profession and purports to have ‘iron-clad security’.21 The criminals who attacked it threatened to publish stolen data on the dark web.22 It’s unknown whether a ransom payment was made.
March 2021: Nine Entertainment In late March, Nine Entertainment’s news and newspaper production were severely damaged by a ransomware attack.23 As a result, news teams were forced to work remotely, and most production had to be done out of Nine’s Melbourne office, which was the least affected. It took weeks for production to return to normal.24 It’s unknown whether the ransom was paid.
March 2021: Eastern Health Eastern Health, which operates several hospitals in Melbourne, was brought to a halt by a ransomware attack that resulted in multiple surgery cancellations and prevented access to patient medical records, internal emails and IT systems.25 Systems were reportedly damaged for weeks. It’s unknown whether a ransom was paid.
April 2021: Uniting Care Qld Uniting Care Qld, which operates several hospitals and disability and aged-care facilities across the state, had its access to internal IT systems and patient records severely compromised in a ransomware attack attributed to the REvil group.26 It’s unknown whether a ransom was paid.
June 2021: JBS Foods JBS Foods, the world’s largest meat supplier, had its global production brought to a standstill by a ransomware attack affecting 47 facilities in Australia.27 The company confirmed that it paid US$11 million to the attackers.28
Ransomware payments and regulating cryptocurrency
Cryptocurrencies are the preferred channel of payment for ransomware attacks because of the assumed untraceability of those payments. However, successful steps are being taken to crack down on cryptocurrency providers via law enforcement and recovery action. In the US, steps have been taken to regulate the use of cryptocurrencies more tightly and to recoup stolen funds; for example, US$2.3 million was recovered after the Colonial Pipeline ransomware attack.29
The US Treasury announced in May 2021 that, under a proposed reporting regime, cryptocurrency transfers of more than $10,000 would have to be reported to the Internal Revenue Service—a step that could help to improve the effectiveness of cryptocurrency tracking.30 There’s also a move in the US towards KYC (‘know your customer’) and AML (anti-money-laundering) cryptocurrency regulation. KYC policies govern the types of information banks must collect, and retain, about their customers; AML regulations require financial institutions to monitor the use of funds by their customers.31
In 2018, new laws came into force in Australia making it compulsory for digital currency exchange providers operating in Australia to register with AUSTRAC and comply with reporting obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.32 Under those laws, exchanges are required to collect information to establish a customer’s identity, monitor transaction activity and report transactions or activity that’s suspicious or involves amounts of cash over $10,000.33
The legality of ransomware payment in Australia
When a ransomware attack occurs, any payment made has legal implications, but in Australia the legality of such a payment is murky at best. This is an issue that needs to be addressed with haste, without the burden of bureaucratic process and a regulatory quagmire. Importantly, criminalising ransomware payment isn’t the solution. Mandatory reporting of ransomware attacks, however, should be considered.
The ACSC’s advice on payment is clear: don’t pay.34 At first blush, that appears to be straightforward, but any organisation faced with a ransomware attack (in which often every minute matters) grapples with the legal consequences of paying or not paying. This is a highly nuanced issue and one that other nations are also grappling with.
While the payment of a ransom should always be a last resort, criminalisation wouldn’t incapacitate the real offenders; nor would it bring restitution to victims. In fact, it would have the effect of further victimising the victim. There are also ethical considerations that need to be taken into account, the central one being the notion that criminalisation could punish organisations for taking proportionate action to protect stakeholders and the community more broadly. This is especially relevant in relation to critical infrastructure entities.
In the Australian context, the Criminal Code Act’s ‘instrument of crime’ provisions are broad. It’s an offence to ‘deal with’ money or other property if there’s a risk that the money or property will become an instrument of crime or if the payer is ‘reckless’ or ‘negligent’ about the fact that the money or property will become an instrument of crime.35 The Criminal Code also includes terrorism funding offences, which make it illegal to intentionally ‘make funds available to a [terrorist] organisation’ if the funder either knows that the organisation is a terrorist organisation or is reckless about whether the organisation is a terrorist organisation.36
Australia is also bound by UN sanctions laws and, under the Charter of the United Nations Act 1945 (which implements UN Security Council sanctions), it’s an offence to transfer assets to sanctioned people and entities or to contravene UN sanctions enforcement laws.37 Currently, no ransomware actors are explicitly listed on the UN’s sanctions list; however, sanctions laws could apply in relation to sanctioned states or to groups acting on behalf of sanctioned entities.38
The most commonly cited potential defence against a charge of making an ‘illegal’ ransomware payment is duress. A duress defence can be used if a person ‘reasonably believes’ that a threat made will be carried out unless an offence of ransom payment is committed, there’s no reasonable way the threat can be rendered ineffective, and the conduct or payment is a reasonable response to the threat.39 Such a defence would depend on the particular circumstances facing an organisation and its payment of a ransom.
In the US, where the Federal Bureau of Investigation (FBI) reported 2,474 ransomware incidents in 2020, ransom payment isn’t illegal.40 However, a ransomware advisory published by the US Treasury Department in October 2020 highlighted the possibility of sanction breaches that could be associated with ransomware payments to malicious cyber actors.41 The advisory contains a list of malicious cyber actors sanctioned by the department’s Office of Foreign Assets Control, signalling that ransom payments to such actors could be met with civil penalties. Of note, however, is the recognition that ‘a company’s self-initiated, timely, and complete report of a ransomware attack to law enforcement [will be] a significant mitigating factor in determining an appropriate enforcement outcome if the situation is later determined to have a sanctions nexus’.42 On this point, a 2019 FBI ransomware alert highlighted the need for ransomware attacks to be reported, regardless of whether money is exchanged.43 Interestingly, the alert highlights the challenges that affected organisations face—and a possible reticence to prosecute for payment—by stating ‘the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers’.44
Given that the measures outlined in the Treasury advisory have, to date, not been applied, and the clear focus on reporting and transparency, it could be reasonably concluded in the US that there’s little appetite for penalising organisations for paying ransoms. Such a model could be employed in Australia, fostering an information-sharing culture without fear of legal consequences for organisations that pay ransoms. There’s also merit in the US approach of publishing a list of known malicious ransomware actors. While that wouldn’t remediate the problem, it would serve to better inform organisations about cyber threat actors.
A mandatory reporting regime could take the form of a legal obligation for an organisation to report the nature and root cause of a ransomware attack to the ACSC within a prescribed time frame (for example, within 21 days). That would be in addition to real-time reporting of a cyber incident.
Furthermore, this should occur regardless of whether payment is made and ensure the confidentiality of victims. It wouldn’t be about naming and shaming. Rather, by compelling victimised organisations to report under law, the ACSC would have improved access to vital and timely intelligence, assisting root-cause analysis and the identification of other attack vectors. Ultimately, when published, this would help better inform other stakeholders on how to reduce vulnerabilities. It would also enhance the operation of the federal government’s proposed changes to the Security of Critical Infrastructure Act 2018.45
It’s worth noting recent steps that the European Commission has taken ‘to tackle the rising number of serious cyber incidents’, announcing on 23 June that it will build a ‘Joint Cyber Unit’.46 The aim of the unit is to provide a coordinated response to ‘large-scale’ cyber incidents and assist in recovery, operating at both the operational and technical levels.47 It will involve key stakeholders from law enforcement, security, defence and diplomacy.48 Its functions will be enhanced by a new US–EU working group, which has been established specifically to address the ransomware threat.49
The joint EU and US approach demonstrates that, while Australia can take significant steps to address ransomware domestically by clarifying our law, there’s a vital need to work closely with allies and like-minded nations to tackle the threat globally. Longer term, sustained intelligence sharing and the adoption of responsibilities flowing from the agreed UN norms of responsible state behaviour in cyberspace will help achieve international consensus on tackling ransomware.50 In April, to that end, the Five Eyes nations committed to tackling the growing threat of ransomware, specifically addressing the issue in the Five Country Ministerial Statement Regarding the Threat of Ransomware.51
What about cyber insurance?
While still relatively immature, Australia’s cyber insurance market has expanded. Cyber insurance policies can be expensive, given the nature of the threat, and broad in scope, covering recovery, replacement and regulatory costs associated with a ransomware attack. Of concern, however, are policies that cover ransom costs, which could serve to encourage attacks targeted at insured entities.52 There are also concerns that ransomware criminals might access systems in search of insurance certificates and then demand ransom payment of the specific amount covered by an insurer.53 While there is a role for cyber insurance to play as part of an organisation’s holistic cyber security strategy, it is not a silver bullet, and it can have unintended consequences. As noted above, a key risk is the targeting of insured organisations by threat actors. There is also the potential for organisations with cyber insurance to be lax in their approach to managing cyber security. As noted in the Harvard Business Review: “Insurance is important, but it’s likely to take a back seat to the broader cyber security discussion…Insurance helps you recover from a situation, filling in the gaps when problems occur that you can’t prevent, but attempts to prevent problems are still crucial”.
Where do we go from here?
To better protect Australians and their businesses against ransomware, we believe that the three key words are transparency, education and incentivisation.
Increased transparency is vital
As it stands, there’s a dearth of official public data relating to ransomware attacks in Australia. For example, and as noted above, in the 2019–20 financial year the ACSC reported an increase in the number of domestic ransomware attacks, but no specific metrics were released.54 This is in stark contrast to the US, which has a much more transparent reporting system. The FBI publicly reported that it recorded 2,474 ransomware incidents in 2020, amounting to US$29.1 million in economic loss55 (and that’s likely to be a significant understatement of the overall incidence of ransomware attacks because reporting is voluntary).
While it’s understandable that the specifics of attacks and victims aren’t released into the public domain, if more insight were provided into the prevalence and root causes of ransomware crimes in Australia there would be greater onus on organisations to harden their systems against attack (especially known vulnerabilities). Furthermore, by building a public narrative on the threat landscape and threat actors, policymakers, organisations and the community more broadly would be better informed about the scale of the attacks. This would have a two-pronged effect—encouraging cybersecurity uplift across the economy and enhancing trust in government, especially in the light of the heightened reporting obligations touted for critical infrastructure entities.56
In April this year, the US Department of Justice established a dedicated ransomware taskforce.
A memo from Acting Deputy Attorney General John Carlin stated that 2020 had been ‘the worst year’ in history for ransomware and cyber extortion. He signalled that steps would be taken to deal with the root causes of ransomware, which could include actions ranging from ‘takedowns of servers used to spread ransomware to seizures of these criminal enterprises’ ill-gotten gains’.57
The US Government’s Cybersecurity and Infrastructure Security Agency (CISA) also provides regular ransomware alerts and tips to the public,58 which go into significant detail regarding the latest ransomware attacks, the systemic weaknesses that were exploited to gain access for malware to be deployed and steps organisations can take to mitigate those risks. The CISA played a pivotal role in disseminating real-time information about the Colonial Pipeline ransomware attack in May 2021,59 which brought the major provider of fuel to the US east coast to a grinding halt.60
The CISA kept the community and critical infrastructure entities informed during what was arguably the most serious ransomware attack the US has seen, ultimately assisting other organisations to be on guard.61
The US approach illustrates how comprehensive and more transparent official reporting of ransom ware attacks could be used to enhance preparedness for an attack and people’s understanding of the threat environment. While the ACSC does provide high-level threat intelligence to organisations, there’s a requirement for those organisations to register and be accepted into the ACSC Partnership Program. In addition, the alerts and advice are quite technical, which could make them inaccessible to some organisations, especially small and medium-sized enterprises (SMEs). Hence, there’s a need to build on the existing regime, with a view to enhancing transparency across the entire economy and community via public alerts and advice when ransomware attacks occur.
Education is necessary to improve knowledge and mitigate risk
While increased transparency is vital, it’s of little use if organisations don’t understand what ransomware is, what needs to be done to mitigate risk and haven’t implemented appropriate cybersecurity controls. Many ransomware attacks would be avoidable if effective organisational cybersecurity controls were in place and good cyber hygiene was practised. Ransomware is different from most other tools used by criminals in that it can have far-reaching consequences. The threat it poses through its ability to cripple critical infrastructure makes it all the more serious. Hence, there needs to be greater focus on the basics—a concerted education campaign that explains what ransomware is, what it does and how organisations can bolster their defences.
Top of the list must be patching. Patch management is essential for effective cybersecurity and ensures that the security features of software on computers and devices are up to date. All software is prone to technical vulnerabilities and, when a vulnerability is exposed and shared, cybercriminals have a metaphorical front-door key. A 2019 report by the Ponemon Institute on vulnerability responses found that, of the 48% of organisations that had experienced data breaches in the preceding year, 60% reported that the breaches resulted from failure to patch.62
And that brings us to people. Amid the barrage of policies and technical guidance, it’s often forgotten that the route to a cyber breach is surprisingly simple. In most cases, it comes down to a number: 1. That’s the number of people a cybercriminal needs to trick to gain access to a system.
Phishing emails containing malicious links are common lures used to deploy ransomware. The FBI reported 241,342 phishing complaints in 2020 and estimated that phishing cost more than US$54 million.63 Therefore, training employees to be better prepared to identify suspicious emails— and not to click on them—is essential. For large, well-resourced organisations, investing in threat hunting is the key.64 In many cases, the attacker has been inside the victim’s network for a significant period, watching and preparing the environment for an attack. An investment in threat hunting means that network anomalies can be more easily recognised and more swiftly contained. It could prove critical in detecting whether a cybercriminal is planning and plotting within a network.
It’s the responsibility of all executives, business leaders and boards to be aware of and effectively manage cybersecurity risks, to ensure that appropriate measures are in place and to foster a culture in which cybersecurity really does matter. If cybersecurity matters to a chair and board, that will trickle down and become a priority for the whole organisation. To that end, it’s also timely to note that Australian directors increasingly bear personal exposure to cyber risk liability, which may be heightened under the proposed changes to the critical infrastructure regime.
Incentivisation is needed to achieve real cybersecurity uplift
Good cyber hygiene is central to mitigating a ransomware attack, but cybersecurity uplift costs money—a cost that’s borne without immediately ‘tangible’ results for organisations. This is especially pertinent for SMEs, which generally don’t have the same level of resourcing to prioritise cybersecurity. Hence, incentivisation has a key role to play if cyber resilience is to be applied across all levels of the economy.
A clear example of where existing mechanisms could be used to incentivise cyber uplift is via full expensing, previously known as instant asset write-offs. The temporary full expensing scheme, which was extended in the 2021–22 federal Budget, allows organisations with an annual turnover of less than $5 billion to immediately write off the business portion of the cost of eligible new assets they first use or install by 30 June 2023, with no cap on the value of new assets that can be claimed (but there may be certain cost limits on particular assets).65 Put simply, this means organisations can make full or significant deductions for eligible purchases up front, rather than over a period of several years via depreciation. While this doesn’t remove the need for initial outlays, the scheme does offer significant taxation benefits. There’s clear scope for the federal government to provide clear information via the Australian Taxation Office about what cybersecurity asset purchases are covered under the scheme.
As it stands, cybersecurity assets aren’t clearly defined, and only bespoke in-house software is covered.66 If the scheme were broadened to include off-the-shelf products and subscription services (such as cloud services), it would support scalable and more rapid uplift. This relatively simple incentivisation solution, which should be promoted, would have a two-pronged effect, simultaneously easing financial imposts on organisations while also hardening cybersecurity resilience across a greater cross-section of the economy.
Another option is to leverage the power of federal government procurement to drive organisational cybersecurity uplift by mandating minimum cybersecurity standards for organisations feeding into the government supply chain. This has the potential to be transformative, given the government’s huge procurement spend (81,174 contracts with a combined value of $53.9 billion were published on AusTender in 2019–20).67 Despite that massive spend, cybersecurity is mentioned only once in the Commonwealth Procurement Rules, 68 which recommend that cybersecurity risk be considered along with other risks and be evaluated in accordance with the government’s Protective Security Policy Framework.69 Cybersecurity needs to play a more prominent role in government procurement practices, not be viewed as an afterthought or secondary consideration. The important role government procurement could play in cyber uplift was highlighted by Rajiv Shah in his 2020 report Working smarter, not harder.70 Shah observed that the government:
… has an opportunity to leverage its market power to provide for broader benefits to the Australian economy and society … Setting security standards expected from its suppliers may help to lift standards across the board. Companies will be incentivised to lift their standards in order to qualify to do business with the government, and it will often be easier for them to apply those standards across their whole enterprises rather than just for their government contracts.71
A cybersecurity uplift grant or subsidy scheme could be considered, in the vein of a program such as the Skilling Australia’s Defence Industry Grants Program.72 That program provides grants to SMEs with fewer than 200 employees over three years, assisting the development of defence sector skills and human resources practices and training plans. The program provides SMEs that service, or intend to service, the defence industry with the capacity and skills required to operate in that supply chain.
A similar program could be introduced for organisations that feed into the whole-of-government supply chain to uplift cybersecurity resilience via both training and physical upgrades.
Another option could be to expand and extend the remit of the Cyber Security Business Connect and Protect Program beyond assistance and advice to also include financial aid to lift SME cybersecurity.
As it stands, the program (which is currently closed), provides funding to ‘trusted organisations’ to raise awareness of cybersecurity risks to SMEs, promote action to address those risks and support and lift the cyber capability of SMEs. However, the scheme doesn’t provide funding to assist SMEs in the physical implementation of cybersecurity uplift.
Policy recommendations
We make eight policy recommendations under the following themes.
Legal clarity
The Australian Government shouldn’t criminalise the payment of ransoms. Instead, a mandatory reporting regime should be adopted, fostering an information-sharing culture without fear of legal repercussions.
A dedicated cross-departmental ransomware taskforce, including state and territory representatives, should be established to share threat intelligence and develop federal-level policy proposals to tackle ransomware nationally.
Greater transparency
The ACSC’s existing official alert system should be expanded to include the real-time distribution of publicly available alerts and clear, actionable advice when ransomware attacks are reported. The alerts and advice should be updated as required.
The non-punitive mandatory reporting regime should require organisations to report ransomware incidents and known root causes to the ACSC within 21 days. The information would then be de-identified and distributed publicly.
The ACSC should publish a list of ransomware threat actors and aliases, giving details of their modus operandi and key target sectors, along with suggested mitigation methods.
Low-hanging fruit: incentivisation and education
The federal government should implement practical incentivisation measures to drive cybersecurity uplift across the economy via temporary full expensing and changes to procurement practices and grant or subsidy programs.
The government should deliver a concerted nationwide public ransomware education campaign, led by the ACSC, across all media. The campaign should highlight the key causes of ransomware vulnerability and how organisations can bolster their security, and it should draw in external expertise where necessary.
A business-focussed multi-media public education campaign, led by the ACSC, should be launched to educate organisations of all sizes and their people about basic cybersecurity and cyber hygiene. It should focus on the key areas of patching, multifactor authentication, legacy technology and human error.
Conclusion
Ransomware isn’t an abstract possibility. In Australia, the threat’s right here, right now and isn’t going away. Unless a concerted effort is made to mitigate the risk, the problem could continue to get worse.
There’s a key role for the Australian Government to play in leading the way, but tackling ransomware is a shared responsibility. While there’s no doubt that organisations must take responsibility for ensuring that their cybersecurity posture is up to scratch, there are practical and easily implementable steps the government can take to provide clarity, guidance and support.
The ongoing ransomware attacks that continue to strike unabated around the world must act as a red flag. And, because we’ve been warned, we need a plan.
Acknowledgements
Thank you to Danielle Cave for all of her work on this project. Thank you also to all of those who peer reviewed this work and provided valuable feedback including Michael Sentonas, Dr Natasha Molt, Fergus Hanson, Michael Shoebridge, Bart Hoogeveen, Jocelinn Kang and Tom Uren. ASPI’s International Cyber Policy Centre receives funding from a variety of sources including sponsorship, research and project support from across governments, industry and civil society. The Cyber Security CRC is a bronze sponsor of the centre. No specific funding was received, from any organisation, to fund the production of this report.
What is ASPI?
The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.
ASPI International Cyber Policy Centre
ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.
The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.
We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. If you would like to support the work of the centre please contact: icpc@aspi.org.au
Important disclaimer
This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.
This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.
ISSN 2209-9689 (online), ISSN 2209-9670 (print).
Funding Statement: No specific sponsorship was received to fund production of this report.
‘New McAfee report estimates global cybercrime losses to exceed $1 trillion’, news release, McAfee, 7 December 2020, online. ↩︎
