Germany Plans To Email Trojans 166
speardane sends us word of a proposal in the German legislature to make it legal for that government to email spyware to terror suspects. The action comes in response to a court denying prosecutors' requests to break into suspects' computers over the Internet. The German chancellor supports the measure despite considerable outcry from political opponents and rights groups.
Fan-diddly-astic (Score:5, Interesting)
Will it be illegal to thwart the attack?
Will it become illegal to use an alternative operating system or antivirus software or even just common sense to deflect these payloads?
Re:Fan-diddly-astic (Score:5, Funny)
And besides, what happens if the guy is celibate? Or a Unix?
Re: (Score:2, Funny)
Re: (Score:1)
I take a Magnum XL. Thanks.
Re:Fan-diddly-astic (Score:4, Funny)
Whoooooooosh!
Wow. I wonder what that was?
Re: (Score:2)
Mod Parent (Score:2)
Re:Fan-diddly-astic (Score:5, Insightful)
More to the point, would it be illegal to reverse-engineer the spyware and send the guvmint all sorts of interesting information (that it would presume to be the spyware reporting back in?)
After all, Big Brother deserves the very best, right?
Re:Fan-diddly-astic (Score:5, Interesting)
Think of the diplomatic fun we'll all have!
Re: (Score:2)
Re: (Score:2)
Besides, it is code. Code can be disassembled and rewritten, and "de-personalized". Can you imagine the damage possible by a widespread distribution of a depersonalized "Bundestrojaner"? No matter how it's a desaster. Either no AV kit finds it (due to it being
Re: (Score:2)
Re: (Score:2)
How do you want to personalize the trojan and yet ensure that it keeps running at the target without being able to run on a different computer that you do not want to spy on?
Re: (Score:2)
Reverse-engineering: dito. You'd actually end up in JAIL for this: usage of hacker tools.
No wonder these tools were forbidden a while ago.
Welcome to political morons of massive stupidity.
Yes, I live in Germany.
Ciao,
Klaus
Re: (Score:2)
yes. there was a story net a few says ago where a court ordered that the guy couldn't use anything other than windows because their monitering software only worked on it, he had ubuntu and apparently they didnt find a way to port the software. of course that doesnt prevent the guy from bypassing all that crap and using a live cd and installing linux again- the software o
Re:Fan-diddly-astic (Score:5, Insightful)
There is a huge difference. In the case you're referring to, the man was already convicted of a crime. A result of conviction is often a loss of certain liberties and rights. As a condition of his parole (which can be quite arbitrary on the part of the state) he can continue to use a computer provided it is with the monitoring software running - this is only possible with Windows. It's difficult to make a case that will stand up that the conditions are particularly onerous or truly cruel and unusual.
On the other hand, this article is about a case where a government wants to send spy software to suspected criminals in the homes they can get useful information for a prosecution. I'm not familiar with German law, but if this were the US, it's probably okay for the government to do this. There are similar tactics that have not been thrown out, such as mailing a "you won a prize" envelope to a suspected murderer/rapist - which he then licked, leaving his DNA, and returned - thus giving the probable cause for an arrest and prosecution).
The government can't yet compel someone to give up their DNA and I suspect that a similar logic would be applied to a person's choice of computer software - the government can't compel you to use a certain kind of software just to make it convenient to gather data to be used against you. We are all presumed innocent and they have to have probable cause merely to investigate. To actually compel you to give up rights (requiring you to run specific software) you need to have a conviction... or a law that applies to all of us.
Re: (Score:1)
I wonder.
What about that story the other day about the torrent distributor who was ordered to keep his ram data because he wouldn't log IP addresses? He was apparently told to "Just turn on logging", he refused so they made an order for him to store his ram contents.
Is "You must keep logs" all that much different from "You must run THIS operating system"
Re: (Score:2)
Re: (Score:2)
- the constituational court will strike it down
- the politicians will pass a similar law again
- the consitutational court will strike that one down again
Kudos to the constitutional court in Germany. I wish ours worked so well...
Re: (Score:2)
Re: (Score:3, Insightful)
Too many holes to fly for long... (Score:1)
Other questions that come to mind include:
Will the German government call upon anti-virus makers to allow the Trojans to be inserted onto machines without a red flag being raised?
Will the anti-virus companies go
Re: (Score:2, Interesting)
Will the anti-virus companies go along with such a request?
--
They already said they'd refuse.
Re: (Score:1)
Re: (Score:2)
Actually, the artillery DOES pay for damage (Score:3, Informative)
Well in peace time anyway.
I had a sister who lived in Lawton OK for a long time and a few random shells made way from the artillery range from time to time.
That's why they fire duds. The damage is limited to a small diameter.
Re: (Score:2)
Re: (Score:2)
No more illegal than speaking Navajo over the phone to thwart eavesdroppers.
No more illegal than dumping the analog land line in favor of Skype.
Let's analyse this from the classic wiretapping perspective everyone can relate to. I personally agree with wiretapping: it's a very good compromise between the the loss of liberty and privacy
Re: (Score:2)
What if the machine isn't even connected to the Internet? Will they mail them a floppy?
A Terrorist could always use some cheap laptop on one of the thousands of wireless open access points and encrypt all the emails to their buddies in Afghanistan. He would never use that computer for opening any emails from anyone else. He could have another computer that would run the
Too bad Angela Merkel is also computer illiterate (Score:2)
I guess we need to wait for another generation to get into politics, the one that is currently growing up with computers.
Re:Too bad Angela Merkel is also computer illitera (Score:1)
I don't know about Germany, but my generation grew up with computers. (I'm 35). And most of us seem to have almost no interest in politics.
Re:Too bad Angela Merkel is also computer illitera (Score:2, Insightful)
I guess we need to wait for another generation to get into politics, the one that is currently growing up with computers.
How is that going to help necessarily? The relative number of people who actually understand computers isn't going up. The current crop of high schoolers just uses (or attempts to use....) the things without the least understanding of the technical, societal, or political issues involved. If anything, they're even dumber. They put their whole lives on MySpace and Facebook for the
Re:Too bad Angela Merkel is also computer illitera (Score:2)
Passwords could be found on an alien system in like 10 minutes by trying,
Viruses contain more graphical elements than 'useful' payload, etc.
Do not open attachments from strangers (Score:1)
Thanks for the heads up... (Score:5, Funny)
The Terrorists.
Re:Thanks for the heads up... (Score:5, Funny)
Terrorists? (Score:2)
Don't let your computer tattle on you. If you have your computer situated in your growroom, make sure that no videocam or still digital camera has a clear view of your plants, especially if you have received emails from Germany.
Honeypot (Score:3, Interesting)
I think it would be pretty cool to get a trojen written by the government, that sends data back to the government and is read by computers in the most secret government areas... imagine what terrorists could do if they find a bug in it?
Re: (Score:2)
Like feed the government false info? Install back doors into government databases? Hit the servers that skim the data with DDOS attacks?
Seems to me to be a good way to turn a law abiding citizen into an 'enemy combatant' in an instant, especially if they discover the tro
Re: (Score:2)
The information feed from our Trojan has started revealing new information in the last few days.
Analysis of the terrorist communications reveals the ring leader is a man named Apu Nahasapeemapetilon, with his co-conspirators being an Omar Simpson, and a chemical weapons expert known only as "Professor" Frink. They have access to an unknown chemical or biological weapon referred to as a 'jumbo Squishee'. Their exact target is unknown yet, but is somewhere in northern Belgium.
Re: (Score:2)
Why bother hacking it? Just use it to do all sorts of stuff to give the listeners at the other end fits. Get another computer for the real stuff. Computers are cheap these days. What's a few hundred to an oil funded terrorist?
Via e-mail? (Score:5, Funny)
[Attached: ecard.exe]
Final solution... (Score:1)
Email terror suspects and... (Score:5, Insightful)
If I were a terrorist, or really any kind of nefarious criminal (because you just know there are foolish people salivating about doing the same to any criminal suspects) I would welcome this decision. If was a bad guy and I was worried that 'they' were on to me, receiving this trojan would be proof positive.
And then I would take the opportunity to feed false information back to the people who sent me the trojan. Hooo boy, what a great way to make trouble for people I don't like, better than falsely reporting them to the IRS.
Re: (Score:2)
I don't have any doubt that a good hacking attack against terror suspects would succeed.
Re: (Score:1, Insightful)
Real terrorists are smart and nasty, and often successful (the existence of Ireland and the USA itself being prime examples - terrorist/freedom-fighter forces overthrowing the brits).
That said, the people the USA defines as "terrorists" usually aren't these days.
Re: (Score:2)
But, this stuff works the same way it does with internet-hacking. Just think of all the dumb criminals as the equivalent of script-kiddies. It only takes one smart guy
Re: (Score:2)
Think of it as natural selection. At least sometimes in the history of humanity, Darwin deserves to be right.
Re:Email terror suspects and... (Score:4, Insightful)
Nah; it would just mean that you had a computer (presumably one running MS Windows
Note that they want the right to send it to any "terror suspect". The word suspect means anyone at all. If challenged, all they have to say is that they suspect you of something. Or they suspect a relative of yours. Or someone you knew in college 20 years ago. Or someone three houses down the street. Or someone with a name vaguely like yours. Or they learned that an ancestor of yours five generations ago wasn't German.
Such a law is really just a legal excuse to do nasty things to anyone at all, at any time.
The fun thing in this case is that you just know that their software would be isolated, probably within a week, and would soon be available at warez sites everywhere, for anyone's own private use. Someone annoying you? Send them a trojan that would start reporting all your keystrokes to the police.
Re: (Score:2)
Bingo. It's not about "them." It's about YOU. Do you honestly think that real terrorists plot via email? Do you believe that the Govt. believes that? Silly boy. None of this surveillance shit, the security cams in every two-horse burg, the taps on every single electronic communication, is about "terrorism." It's about controlling people who have been taught to think that their lives are in imminent danger from
Aren't the real trsts technology aware? (Score:1)
Don't the real trsts know enough not to fall into this ?
I mean there is people monitoring the net to prevent trsts actions. If they are feared in the sense that they could take important internet infrastructures down and cause considerable economic lost, would it be possible that they might have already learned to protect their data?
I mean we aren't talking about getting into child prX0m amateur computers here.
Do real big shot trsts run linux ? ;-)
Leave it to the Germans! (Score:5, Funny)
Also in other European countries (Score:4, Informative)
- explicitly in Romania, Cypria, Latvia, Spain, and Switzerland,
- implicitly in Slovenia,
and that a similar approach to establish explicit allowance for remote forensic searches is ongoing in Sweden. At least readers in Sweden should contact their members of parliament and do some lobbyism. The current political discussion in Germany only got that public attention beacause some people started what they call nerd lobbyism.
The German papers are available at http://netzpolitik.org/2007/bundesinnenministeriu
It is also noteworthy that an also leaked draft of a new law regarding German federal criminal police (c.f. CCC press release at http://www.ccc.de/updates/2007/bkaterror [www.ccc.de]) lists several other new or extended competencies.
Criticism claims that Germany is on it's way to reinstate a secret police, with the last German incarnations being http://en.wikipedia.org/wiki/Stasi [wikipedia.org] and http://en.wikipedia.org/wiki/Gestapo [wikipedia.org].
How is this different? (Score:3, Insightful)
Re: (Score:2)
Re:How is this different? (Score:5, Informative)
With a warrant you have court approval. This is being done because the court did not grant approval.
From the summary:
The action comes in response to a court denying prosecutors' requests to break into suspects' computers over the Internet.
Re: (Score:2)
I would rather say that the court did not grant approval because remote forensics is not in the law. Putting this into the law would enable courts to grant/deny approvals on merit grounds.
Cheers
If it can be abused, it will be.... (Score:5, Insightful)
Re: (Score:2)
No system where you give strong powers to the state is perfect, for obvious reasons, but I'm glad the state can lock people up, given due process, fair trials etc. I'm also glad the state has people with guns to shoot the *bad guys* and that it has wire tapping tech to find out what the *bad guys* are plann
The law is good but.. (Score:2)
The REAL issue here is not whether the government should be allowed to do it. The dilemma is how these terror suspects are sorted out and what it takes to be a terror suspect.
Email? (Score:2)
This assumes a lot. I'm pretty sure most stuff emailed this way would be utterly foiled by someone who uses Mail.app, mutt, elm, pine, Mailwasher Pro, or even Thunderbird. If the email is successful as a law enforcement trool, black hat criminal organizations will be going head over heels to get a copy so they can disassemble it, and use it for their own schemes.
Re: You have GOT to be kidding me. (Score:2)
If this is "secret" spyware, then it's fair game for the terrorists to
I'm dying to see a fiction treatment of the top German Govt hacker vs. the top Terrorist hacker. Given the ridiculous layers of influence both command, that would be a knockout.
Re: (Score:2)
(http://en.wikipedia.org/wiki/Spy_vs._Spy_(comput
good news for linux (Score:1)
Next headlines: (Score:3, Interesting)
And I was half hoping it would finally grow out of fashion to be ashamed of this country now that the US was setting the world standard in pulling all this crap. Premature hope, apparently.
Re: (Score:2)
Bushism #insert#: "The terrorists find new ways to harm our country and so do we."
Does that answer your question?
Just think (Score:2)
oh, wait...
Re: (Score:2)
You've got a friend! (Score:3, Funny)
I expect its already being done (Score:3, Insightful)
Non-Germans would be expected to have no rights in a German court of law. Non-Americans have little rights in an American Court of law. This means it is legal for one country's law enforcement personnel to spy on non-citzens
The thing is how a German citizen living in Germany would be taken into court in Germany.... Similarly, how would an American Citizen be taken into court in America? If the said individual lives outside of his own country then perhaps its a bit easier...
Nevertheless, our authorities have been spying on everyone for decades.
I think all this really boils down to is what is admissible in a court of law. I doubt it will have any effect on what our spies actually do on a day to day basis.
Re: (Score:1)
Bear in mind that I am not suggesting these things are OK, just that I believe they are nothing new.
I would hope the Germans have people who can come up with something better than emailing viruses to suspects. Heck, I would hope we (in the USA) have people smar
Re: (Score:2)
No, with a few exceptions, all human beings have the same rights in a German, or really any European, court of law.
Non-Americans have little rights in an American Court of law.
I don't think so, I'd expect more or less the same.
Re: (Score:3, Informative)
Actually, that's not true. The Bill of Rights applies to all persons living in the USA, even undocumented aliens. They have the same right to a fair and impartial trial, the same right to confront their accuser, the same right to counsel and so on. Not just in theory, but in practice, too. (Except for impartial trials, because that's not always easy to enforce, and partiality can't always be proven. But the courts do try to be as fair as t
Re: (Score:2)
Practice, like, in Guantanamero ? [google.com]
Re: (Score:2)
Just how stupid are terrorists? (Score:2)
Well, okay, the recent attacks in the UK looked like amature night, but surely the first thing in the Al-Quaida Computers for Terrorism and Jihad manual (after the bit about how they are the creation of infidels and how you mustn't look at porn on the internet if you want your 76 virgins) is "don't open
1A Plan, really! (Score:1)
Re:1A Plan, really! (Score:4, Insightful)
The German government could technically issue a "please do not find" letter. Now, I know a few people with a few AV labs and such a letter would most likely be met (inofficially) immediately with a shady tool on a shady page finding exactly this trojan and nothing else.
But let's just for a moment assume that this won't happen. Instead, KAV gives the German government the finger, citing the "Russia is big, the Czar is far" proverb. Avira would most likely be forced to comply, sitting in Germany, so would probably some other EU-based AV vendors.
They would, though, immediately go to Den Hague and sue for unfair trade disadvantages due to the laws in one member country.
AV writers tend to be a zealous lot. If you think the EFF is hard on GPL violations, you've never seen AV fanatics meet malware proponents.
Re: (Score:2)
There is still a chance... (Score:5, Informative)
...that the Trojan won't actually be realized. (BBC) [bbc.co.uk]:
But that depends on a lot of factors. Germany's biggest hacker organization [wikipedia.org] the Chao Computer Club [www.ccc.de] and others are very effectively campaigning [wikipedia.org] against this plans.
In recent news [heise.de] (only german, sorry) the federal police states that it won't be a trojan but what they call "remote forensic software" which they intend to install on the terrorists' computer manually. More like a software version of a bug (in the covert listening device sense).
Subject (Score:5, Funny)
"dude! you'll never believe what Osama said"
"wow, I can't believe you haven't blown yourself up yet"
"this video has your 72 virgins in it!"
Re: (Score:3, Funny)
The promise of 72 virgins is a powerful motivator, but nowhere does it say they won't all be male Slashdotters.
smoke grenade (Score:2)
The proposition is part of a mu
Re: (Score:2)
Most other parts of the BKA bill would have caused hundreds of thousands of concerned citizens hit the streets some 15 or 20 years ago, but go largely unnoticed because of the Bundestrojaner smoke grenade. (And the claim that whoever opposes the bill will have to take the responsibility for the victims of coming terrorist attacks.)
Yes, indeed. But that's not the only reason, neither is it limited to Germany. In all western countries, people have grown very passive w.r.t. increased government surveillian
Anti-hacking law? (Score:2, Interesting)
Yes, I know that it can be a stretch to say that no hackin
"terror suspects" (Score:3, Interesting)
So they have developed Time-Travel Email? (Score:3, Funny)
Latest News: German Government outlaws non-Windows (Score:2)
German police have started to do house-to-house searches of Internet users reported to be not hackable by the Security Services (SS) of the Federal Government. First images can be seen on http://www.liveleak.com/view?i=9db_1178813405 [liveleak.com]
More action is to follow soon, the Minister of Information of the Federal Government, who
tttro jjjan troojans!!! (Score:2)
This is ludicrous, no this is Germany!!!!!
Whaa? (Score:2)
Re: (Score:2)
webmail !? (Score:2)
"Intelligence is constant. Only the number of humans increases." Rapidly, as we can make out.
Chinese beat them to it ... (Score:2)
Quote [computerworld.com](August 27, 2007):"Security experts from Germany's Federal Office for Information Security (BSI) and Federal Data Protection Office discovered Trojan horse programs in computers used in several government ministries, including the Foreign Ministry, the Ministry of Economics and the Research and Development Ministry, as well as Merkel's office, Der Spiegel reported."
*grins diaboli
Re: (Score:2)
Tomorrow's Fox News headline:
Linux is supporting terrorists and smothering babies. We must stop it at all costs.
Re: (Score:2)
or not. Assuming the trojan only works on Windows machines (fairly easy call, since 95%+ of all desktop computers run some form of Windows), all the German government needs to do to make sure they can infect any computer in their jurisdiction is to outlaw the use of alternate operating systems on any desktop computer in use in Germany. Needless to say, this ought to help out Microsoft's bottom line in Germany. We're talking a legal state-sponsored monopoly
Re: (Score:2)
Re: (Score:2)
A state sponsored monopoly isn't capitalism, dumbass.
Re: (Score:2)
Not such an easy call. From what I know, knowledge of alternate operating systems is more widely spread in Germany; the stereotype of the technically adept German has at least some truth in it.
I'd be surprised if Windows has more than 80% market penetration in Germany.
MartRe: (Score:2)
Fixed that for you.
This is the problem with our War on Terror: we assume our enemies are dumber than our parents.
Re: (Score:2)
Sure. Have a SWAT team waiting by the server, and the moment he shows up to pick up his email, jump him and take him down.