Ottawa-Gatineau – The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that by working with a small Saskatchewan business, it has stopped malicious spam messages from being sent to Canadians. Millions of spam messages were unknowingly being sent from a server owned by a Saskatchewan-based computer reseller.
In July 2014, the Spam Reporting Centre received reports of spam messages routed through Access Communications, an Internet service provider (ISP). During its investigation, the CRTC discovered that the spam messages were actually coming from a small business’s server, which used Access Communications as its ISP. This business’s server had become infected with malware, which had caused it to join the botnet “Ebury.” It is estimated that the infected server had sent millions of malicious spam messages without the business’s or Access Communications’ knowledge.
Once alerted to the situation by the CRTC, the small business and Access Communications fully cooperated and removed all traces of the malware.
According to spamrankings.net, the Autonomous Systems (AS21804) for Access Communications, which includes the small business in question, topped the charts for spam activity in Canada in June and July 2014, peaking at approximately 24 million emails sent in June and 73 million in July. After notification from the CRTC and the action taken by the small business and Access Communication, the activity dropped down to the 36th spot on the spamrankings.net list. The Spam Reporting Centre also stopped receiving spam reports regarding this matter.
By working together and acting swiftly on the reports that came into the Spam Reporting Centre, the CRTC, the Saskatchewan-based small business and Access Communications were able to prevent millions of additional and unwanted spam messages from being sent, reducing the potential harm these messages may have caused Canadians.
The CRTC is assessing all complaints submitted to the Spam Reporting Centre that are under its mandate and a number of investigations are currently underway. The CRTC is working with its partners, both within Canada and internationally, to protect Canadians from online threats and contribute to a more secure online environment.
The CRTC can discuss corrective actions with individuals, firms or organizations, which may lead to a settlement that includes an administrative monetary penalty and other corrective measures. As part of its investigative powers, the CRTC can also issue warnings, preservation demands, warrants, citations and notices of violation.
Canadians are encouraged to report spam to the Spam Reporting Centre. The information sent to the Centre is used by the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner to enforce Canada’s anti-spam law.
- The CRTC, a small Saskatchewan-based business and Access Communications worked together to prevent millions of spam messages from being sent to Canadians, as well as the potential harm these messages may have caused.
- The CRTC is working with its partners, both within Canada and internationally, to protect Canadians from online threats and contribute to a more secure online environment.
- Canada’s anti-spam law protects Canadians while ensuring that businesses can continue to compete in the global marketplace.
- Given the circumstances at hand, the CRTC sought the collaboration of both entities to immediately stop the problem and protect Canadians.
“We have a number of tools at our disposal to protect Canadians from online threats such as spam. This investigation illustrates how we can tailor our enforcement actions to the situation at hand. By working together, we were able to stop this malicious spam from continuing to be sent to Canadians. We are committed to collaborating with Canadian businesses, large and small, to ensure they comply with the rules and we will continue to alert them when we suspect that their servers have become compromised.” – Manon Bombardier, Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
- Information session on Canada’s Anti-Spam Legislation
- Guidelines to help businesses develop corporate compliance programs: Information Bulletin CRTC 2014-326
- Guidelines on the use of toggling as a means of obtaining express consent under Canada’s anti-spam legislation: Information Bulletin CRTC 2012-549
- Guidelines on the interpretation of the Electronic Commerce Protection Regulations: Information Bulletin CRTC 2012-548