Slashdot Mirror
Germany Plans To Email Trojans
speardane sends us word of a proposal in the German legislature to make it legal for that government to email spyware to terror suspects. The action comes in response to a court denying prosecutors' requests to break into suspects' computers over the Internet. The German chancellor supports the measure despite considerable outcry from political opponents and rights groups.
It sounds like the honour virus to be honest, "We need to monitor you, if you would wear this covert recording hat whilst doing your illegal stuff it would be fan-diddly-astic".
Will it be illegal to thwart the attack?
Will it become illegal to use an alternative operating system or antivirus software or even just common sense to deflect these payloads?
liqbase
Because if only she had understood what the proposal is about...
I guess we need to wait for another generation to get into politics, the one that is currently growing up with computers.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
So, what happens when one of these emails is undelivered and bounces back to the sender. The German government better have _very_ good email filtering.
...sincerely,
The Terrorists.
Now wont the terrorists set up their own honeypots for these?
I think it would be pretty cool to get a trojen written by the government, that sends data back to the government and is read by computers in the most secret government areas... imagine what terrorists could do if they find a bug in it?
The leader of your terrorist cell has sent you an e-card! Double-click the attachment to view it!
[Attached: ecard.exe]
...terror suspects will know they are being investigated.
If I were a terrorist, or really any kind of nefarious criminal (because you just know there are foolish people salivating about doing the same to any criminal suspects) I would welcome this decision. If was a bad guy and I was worried that 'they' were on to me, receiving this trojan would be proof positive.
And then I would take the opportunity to feed false information back to the people who sent me the trojan. Hooo boy, what a great way to make trouble for people I don't like, better than falsely reporting them to the IRS.
When information is power, privacy is freedom.
Don't the real trsts know enough not to fall into this ?
I mean there is people monitoring the net to prevent trsts actions. If they are feared in the sense that they could take important internet infrastructures down and cause considerable economic lost, would it be possible that they might have already learned to protect their data?
I mean we aren't talking about getting into child prX0m amateur computers here.
Do real big shot trsts run linux ? ;-)
Everything I write is lies, read between the lines.
To come up with a way to distribute birth control so efficiently! This would never work in America though, it's difficult enough getting them out of that quarter machine that resides in the restroom at the gas station.
load "$",8,1
The question raised by LiquidCoooled of whether "thwarting the attack is illegal" is very interesting. Would such activity (i.e. deleting the trojan, altering the trojan's behavior or altering the messages it sends back) be considered something akin to evading arrest or fleeing the scene of a crime?
Other questions that come to mind include:
Will the German government call upon anti-virus makers to allow the Trojans to be inserted onto machines without a red flag being raised?
Will the anti-virus companies go along with such a request?
If some a/v manufacturers go along with it...then how long 'til hackers create/modify/reuse malware that match the government's version and thus slip by, undetected.
This scheme has too many holes in it to fly for long...
Chalmer
Papers that leaked from the German Federal Ministry of the Interior state that legal regulation allowing so called remote forensic searches exist
m -beantwortet-fragen-zur-online-durchsuchung/
- explicitly in Romania, Cypria, Latvia, Spain, and Switzerland,
- implicitly in Slovenia,
and that a similar approach to establish explicit allowance for remote forensic searches is ongoing in Sweden. At least readers in Sweden should contact their members of parliament and do some lobbyism. The current political discussion in Germany only got that public attention beacause some people started what they call nerd lobbyism.
The German papers are available at http://netzpolitik.org/2007/bundesinnenministeriu
It is also noteworthy that an also leaked draft of a new law regarding German federal criminal police (c.f. CCC press release at http://www.ccc.de/updates/2007/bkaterror) lists several other new or extended competencies.
Criticism claims that Germany is on it's way to reinstate a secret police, with the last German incarnations being http://en.wikipedia.org/wiki/Stasi and http://en.wikipedia.org/wiki/Gestapo.
How is this different from being allowed to tap someone's phone or plant a bug? As long as warrants are involved this sounds like the privacy law actually working since they aren't allowed to carry out any espionage that isn't specificially allowed by law.
Next they will just email their super duper virus to child porn operators, then tax evaders, then jay walkers. As the DMCA and the Patriot Act have taught us, if it can be abused, it will. It's just human nature, or the nature of people who choose to work for the man, anyway.
There is no doubt in my mind that the ethics of this law are in favor of the government.
The REAL issue here is not whether the government should be allowed to do it. The dilemma is how these terror suspects are sorted out and what it takes to be a terror suspect.
Full Tilt
This seems like a rather lame, feel good proposal. "Emailing spyware" and having it be a success is a lot more complicated than it sounds.
This assumes a lot. I'm pretty sure most stuff emailed this way would be utterly foiled by someone who uses Mail.app, mutt, elm, pine, Mailwasher Pro, or even Thunderbird. If the email is successful as a law enforcement trool, black hat criminal organizations will be going head over heels to get a copy so they can disassemble it, and use it for their own schemes.
looks like linux distros may find a new group of users to reach.... terrorists who don't want to get government virusses on their computer
-1 Oblivious
I don't know about Germany, but my generation grew up with computers. (I'm 35). And most of us seem to have almost no interest in politics.
My blog
I guess we need to wait for another generation to get into politics, the one that is currently growing up with computers.
How is that going to help necessarily? The relative number of people who actually understand computers isn't going up. The current crop of high schoolers just uses (or attempts to use....) the things without the least understanding of the technical, societal, or political issues involved. If anything, they're even dumber. They put their whole lives on MySpace and Facebook for the perusal of others.To be sure, there are always new geeks coming along but without a radical shift in our own understanding of how things other than computers work, we aren't going to help matters much either.
...of terrorists.
Tomorrow's Fox News headline:
Linux is supporting terrorists and smothering babies. We must stop it at all costs.
"I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
Entire IP range used by governmental mail servers now blacklisted by most email filters.
And I was half hoping it would finally grow out of fashion to be ashamed of this country now that the US was setting the world standard in pulling all this crap. Premature hope, apparently.
If the Germans were able to do this to the terrorists that burnt down the Reichstag Building they might have saved millions of lives...
oh, wait...
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
"You've got a friend! OsamaBL wants to add you to his friendslist, Cancel or Allow?"
I'm so tangled in the multiple layers of paradox I can't get out.
... send back to spy on the government!!
If this is "secret" spyware, then it's fair game for the terrorists to
I'm dying to see a fiction treatment of the top German Govt hacker vs. the top Terrorist hacker. Given the ridiculous layers of influence both command, that would be a knockout.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I expect this is already being done. The only issue really is how to bring anything found into court.
...and then trade data with the said country's law enforcement personnel.
Non-Germans would be expected to have no rights in a German court of law. Non-Americans have little rights in an American Court of law. This means it is legal for one country's law enforcement personnel to spy on non-citzens
The thing is how a German citizen living in Germany would be taken into court in Germany.... Similarly, how would an American Citizen be taken into court in America? If the said individual lives outside of his own country then perhaps its a bit easier...
Nevertheless, our authorities have been spying on everyone for decades.
I think all this really boils down to is what is admissible in a court of law. I doubt it will have any effect on what our spies actually do on a day to day basis.
Just asking...
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Ignoring for the moment their clearly idiotic beliefs, just how stupid are terror suspects? Do they open random attachments? Do they use Outlook? Don't they run AV software that can detect rootkits regularly?
Well, okay, the recent attacks in the UK looked like amature night, but surely the first thing in the Al-Quaida Computers for Terrorism and Jihad manual (after the bit about how they are the creation of infidels and how you mustn't look at porn on the internet if you want your 76 virgins) is "don't open random attachments"
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
or not. Assuming the trojan only works on Windows machines (fairly easy call, since 95%+ of all desktop computers run some form of Windows), all the German government needs to do to make sure they can infect any computer in their jurisdiction is to outlaw the use of alternate operating systems on any desktop computer in use in Germany. Needless to say, this ought to help out Microsoft's bottom line in Germany. We're talking a legal state-sponsored monopoly here. Ain't capitalism grand?
What I'm wondering is, how the German government intends to limit its spying to only German citizens. Seems to me that if they blanket email everybody on their list, that people will be added to that list 'just in case'. What kind of screwup will allow computers in the United States to be targetted?
Come to think of it, what would stop Homeland Security from turning over email addresses of 'suspected terrorists' to the German government for infection and data skimming? How would you prove that they did?
Understanding the scope of the problem is the first step on the path to true panic.
AV companies around the world are going to add the signatures to their lists. Are antivirus applications going to be banned then? I wouldn't be surprised, considering that other moronic law in regards to security/hacking tools.
...that the Trojan won't actually be realized. (BBC):
But that depends on a lot of factors. Germany's biggest hacker organization the Chao Computer Club and others are very effectively campaigning against this plans.
In recent news (only german, sorry) the federal police states that it won't be a trojan but what they call "remote forensic software" which they intend to install on the terrorists' computer manually. More like a software version of a bug (in the covert listening device sense).
"Hannibal's plans never work right. They just work." Amy/A-Team
So what are they going to title the e-mail? I mean, they'll have to be really clever, to make sure the terrorists actually open it:
"dude! you'll never believe what Osama said"
"wow, I can't believe you haven't blown yourself up yet"
"this video has your 72 virgins in it!"
The proposition is part of a much larger bill granting the BKA (federal police) extensive new powers with large-scale privacy and civil rights implications. The BKA bill is not really discussed in public, because the minister of the interior and other shills distract both the public and the mainstream media with Bundestrojaner dumbspeak that has no technical knowledge or feasible background whatsoever. Most other parts of the BKA bill would have caused hundreds of thousands of concerned citizens hit the streets some 15 or 20 years ago, but go largely unnoticed because of the Bundestrojaner smoke grenade. (And the claim that whoever opposes the bill will have to take the responsibility for the victims of coming terrorist attacks.)
I hope I didn't brain my damage.
Click here for hot sexy Israeli babes frolicking on the beach! Satisfaction guaranteed!
Fixed that for you.
This is the problem with our War on Terror: we assume our enemies are dumber than our parents.
Didn't Germany recently pass a law banning most "hacking" tools, and by extension, most tools that can be used to detect and defeat hacking? And if so, could these be related? I sincerely hope not, since if so, someone (or multiple persons) in the German government is outclassing the Bush administration in asshole terrorism laws. Suspected of terrorism? Get a trojan. Try to detect/remove the trojan? Break the law and get sent to jail anyway!
Yes, I know that it can be a stretch to say that no hacking tools means you can't still defeat this trojan, but maybe they could either create a trojan that could only be defeated that way, or just expand the law in later years to make it illegal to use anti-virus software "in a way that interferes with a government investigation" or something. Either way, it could lead to some scary stuff if properly abused. Even if you don't start the cycle of getting sent to prison, a trojan can dig up some nice information about enemies of yours.
1001 Tips for the Indoor Gardener: Tip # 899
Don't let your computer tattle on you. If you have your computer situated in your growroom, make sure that no videocam or still digital camera has a clear view of your plants, especially if you have received emails from Germany.
Well, someone has to gather the information, so you'll have some kind of IP address that gives you a hint who broke into your computer.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
As a fellow I read long ago commented on his first hand life under the Nazis... It is all part of the current trend in all western culture for government to pass ARBITRARY and INVASIVE laws that condition people to unchecked use of power. This is utterly useless against 'terrorists', since if they even exist they would just avoid it. This is entirely about wearing down opposition to government power. Here in the US these abuses come at us faster than we have time to get outraged about them.
A state sponsored monopoly isn't capitalism, dumbass.
Maybe not
Ya, that label will never be abused.
---- Booth was a patriot ----
I thought the Trojans were wiped out long ago.
Troy's email's been down *forever*. And when it wasn't, that tramp Helen was sniffing all the packets, anyway. :)
(Ya gotta love headlines, from time to time...)
"SUV breaks from the crowd and kills 5". (Or, perhaps a DRIVER of an SUV went out of control and killed five, no? See what I mean?
--- For a good time mail uce@ftc.gov
But if you know the terrorist's email address why not just go pick him up?
Sure. Have a SWAT team waiting by the server, and the moment he shows up to pick up his email, jump him and take him down.
No sig
In a recent move, Angela Merkel has forced an amendment to the liberty laws through Der Bundestag. It is from now on prohibited to use any operating system that is non-trivial to break into.
German police have started to do house-to-house searches of Internet users reported to be not hackable by the Security Services (SS) of the Federal Government. First images can be seen on http://www.liveleak.com/view?i=9db_1178813405
More action is to follow soon, the Minister of Information of the Federal Government, who only wanted to be known by his initials, JG, confirmed:
"We have outlawed the use and ownership of any so-called security tool, to liberate Germans from FUD, Fear Uncertainty and Danger. We have outlawed any operating system that hinders the proper execution of the tasks of the SS." He promised to follow up on speculations of setting up a re-education camp for deviant Internet users in Bergen-Belsen. He asked the reporter to supply his e-mail address, in order to deliver the adequate response into her mailbox as soon as that response was ready.
This is ludicrous, no this is Germany!!!!!
"(I) have this unfortunate condition that causes me not to believe a single thing any politician says when a mic's on.
Emailing the Trojans? At first I said "Bernie,", I said, "that can't be right, they'll never accept the messages, they don't even have SMTP servers in those days!", but then I realized they're so crazy, they'd accept anything, even a giant wooden horse if somebody ever built one!
... and in the next move, Google and Yahoo will be forced to shut down their mail filtering capabilities in order to expediate the delivery of trojaned mails to Tora Bora.
"Intelligence is constant. Only the number of humans increases." Rapidly, as we can make out.
caused by an errant shell.
Well in peace time anyway.
I had a sister who lived in Lawton OK for a long time and a few random shells made way from the artillery range from time to time.
That's why they fire duds. The damage is limited to a small diameter.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The problem is movies about computers. These movies depict cracking as easy as hitting a few keys.
Passwords could be found on an alien system in like 10 minutes by trying,
Viruses contain more graphical elements than 'useful' payload, etc.
Patents Drive Free Software as Hurricanes Drive Construction Industry
So, what, Spybot S&D, Adaware, (etc), and any decent antivirus application are going to be outlawed, or worse, compromised to ignore their tame spyware trojans? Or do they think that they've got such good programming talent on the government dole, that they can create spyware that won't be tagged by any of the above? I think not.
Maybe they should go collaborate with Sony, since Sony is so up-to-date on rootkit technology. :p
Bastards.
Uhmmm...How 'bout an old computer game?
e r_game))
(http://en.wikipedia.org/wiki/Spy_vs._Spy_(comput
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Do we care? What the Us is doing is Somebody Else's Problem (TM).
Justice is the sheep getting arrested while an impartial judge declares the vote void.
I think it's more the reverse, they know who they are suspecting but they'd have to find out his email first.
But to answer your question: force email provider to give you the connection logs, have the ISP translate the IPs to users.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
German gov't PCs hacked; China offers to investigate — Trojan horse programs were found on a number of computers
Quote(August 27, 2007):"Security experts from Germany's Federal Office for Information Security (BSI) and Federal Data Protection Office discovered Trojan horse programs in computers used in several government ministries, including the Foreign Ministry, the Ministry of Economics and the Research and Development Ministry, as well as Merkel's office, Der Spiegel reported."
*grins diabolically*
CC.
TaijiQuan (Huang, 5 loosenings)
Thanks for writing out what was on my mind since I read the headline.
Andreas
Not such an easy call. From what I know, knowledge of alternate operating systems is more widely spread in Germany; the stereotype of the technically adept German has at least some truth in it.
I'd be surprised if Windows has more than 80% market penetration in Germany.
Mart"I know I will be modded down for this": where's the option '-1, Asking for it'?
old man.
What?
It is quite surprising how long the rumor keeps circulating that the German BKA plans to send its trojan as an email attachment. Of course, those folks are not that stupid.v /chip-exklusiv_aid_68603.html (in German) for some information.
What they is actually going to happen is that they will most likely break into a suspects house the conventional secret service style. During such a visit, they will figure out the best approach to place the trojan on the suspects machine. Then, they will tailor-make the trojan for this specific machine. Different methods are conceivable to actually place the trojan onto the machine. Could be a second break-in into the apartment -- or indeed an email attachment. What they will definitely not do is send random-guess emails that depend on the suspect's stupidity.
See http://www.focus.de/digital/computer/chip-exklusi
In that light, what is happening in Germany is actually not that new. Spy equipment is being used since ages. It is only a little step to also cover suspects' PCs -- and it is happening most likely already today and in many countries.
Politicians and Pedophiles: Two groups of exploitive bastards who are most dangerous when they're thinking of children.