Slashdot Mirror

← Back to Stories (view on slashdot.org)

Germany Plans To Email Trojans

Posted by kdawson on from the we-can-do-it-but-you-can't dept.

speardane sends us word of a proposal in the German legislature to make it legal for that government to email spyware to terror suspects. The action comes in response to a court denying prosecutors' requests to break into suspects' computers over the Internet. The German chancellor supports the measure despite considerable outcry from political opponents and rights groups.

20 of 166 comments (clear)

  1. Fan-diddly-astic by LiquidCoooled · · Score: 5, Interesting

    It sounds like the honour virus to be honest, "We need to monitor you, if you would wear this covert recording hat whilst doing your illegal stuff it would be fan-diddly-astic".

    Will it be illegal to thwart the attack?

    Will it become illegal to use an alternative operating system or antivirus software or even just common sense to deflect these payloads?

    --
    liqbase :: faster than paper
    1. Re:Fan-diddly-astic by ColdWetDog · · Score: 5, Funny
      I just don't see how this is possible at all. How do you get those foil wrappers in an email? Just won't work.

      And besides, what happens if the guy is celibate? Or a Unix?

      --
      Faster! Faster! Faster would be better!
    2. Re:Fan-diddly-astic by FlyByPC · · Score: 4, Insightful

      Will it be illegal to thwart the attack?

      More to the point, would it be illegal to reverse-engineer the spyware and send the guvmint all sorts of interesting information (that it would presume to be the spyware reporting back in?)

      After all, Big Brother deserves the very best, right?
      --
      Paleotechnologist and connoisseur of pretty shiny things.
    3. Re:Fan-diddly-astic by Psion · · Score: 3, Funny

      Shhhhh! Listen!

      Whoooooooosh!

      Wow. I wonder what that was?

    4. Re:Fan-diddly-astic by hazem · · Score: 5, Insightful

      yes. there was a story net a few says ago where a court ordered that the guy couldn't use anything other than windows because their monitering software only worked on it,

      There is a huge difference. In the case you're referring to, the man was already convicted of a crime. A result of conviction is often a loss of certain liberties and rights. As a condition of his parole (which can be quite arbitrary on the part of the state) he can continue to use a computer provided it is with the monitoring software running - this is only possible with Windows. It's difficult to make a case that will stand up that the conditions are particularly onerous or truly cruel and unusual.

      On the other hand, this article is about a case where a government wants to send spy software to suspected criminals in the homes they can get useful information for a prosecution. I'm not familiar with German law, but if this were the US, it's probably okay for the government to do this. There are similar tactics that have not been thrown out, such as mailing a "you won a prize" envelope to a suspected murderer/rapist - which he then licked, leaving his DNA, and returned - thus giving the probable cause for an arrest and prosecution).

      The government can't yet compel someone to give up their DNA and I suspect that a similar logic would be applied to a person's choice of computer software - the government can't compel you to use a certain kind of software just to make it convenient to gather data to be used against you. We are all presumed innocent and they have to have probable cause merely to investigate. To actually compel you to give up rights (requiring you to run specific software) you need to have a conviction... or a law that applies to all of us.

    5. Re:Fan-diddly-astic by Opportunist · · Score: 4, Interesting

      Here's a more interesting thing: Would it be illegal to forward the same trojan to, say, the NSA with the intent to infect and making it look like it's from the German Feds?

      Think of the diplomatic fun we'll all have!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Thanks for the heads up... by tinrobot · · Score: 4, Funny

    ...sincerely,

    The Terrorists.

    1. Re:Thanks for the heads up... by Anonymous Coward · · Score: 5, Funny

      Terrorists read Digg, not Slashdot.

  3. Honeypot by Anonymous Coward · · Score: 3, Interesting

    Now wont the terrorists set up their own honeypots for these?

    I think it would be pretty cool to get a trojen written by the government, that sends data back to the government and is read by computers in the most secret government areas... imagine what terrorists could do if they find a bug in it?

  4. Via e-mail? by peipas · · Score: 5, Funny

    The leader of your terrorist cell has sent you an e-card! Double-click the attachment to view it!

    [Attached: ecard.exe]

  5. Email terror suspects and... by Jah-Wren+Ryel · · Score: 4, Insightful

    ...terror suspects will know they are being investigated.

    If I were a terrorist, or really any kind of nefarious criminal (because you just know there are foolish people salivating about doing the same to any criminal suspects) I would welcome this decision. If was a bad guy and I was worried that 'they' were on to me, receiving this trojan would be proof positive.

    And then I would take the opportunity to feed false information back to the people who sent me the trojan. Hooo boy, what a great way to make trouble for people I don't like, better than falsely reporting them to the IRS.

    --
    When information is power, privacy is freedom.
    1. Re:Email terror suspects and... by jc42 · · Score: 3, Insightful

      If was a bad guy and I was worried that 'they' were on to me, receiving this trojan would be proof positive.

      Nah; it would just mean that you had a computer (presumably one running MS Windows ;-).

      Note that they want the right to send it to any "terror suspect". The word suspect means anyone at all. If challenged, all they have to say is that they suspect you of something. Or they suspect a relative of yours. Or someone you knew in college 20 years ago. Or someone three houses down the street. Or someone with a name vaguely like yours. Or they learned that an ancestor of yours five generations ago wasn't German.

      Such a law is really just a legal excuse to do nasty things to anyone at all, at any time.

      The fun thing in this case is that you just know that their software would be isolated, probably within a week, and would soon be available at warez sites everywhere, for anyone's own private use. Someone annoying you? Send them a trojan that would start reporting all your keystrokes to the police.

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  6. Leave it to the Germans! by fishthegeek · · Score: 4, Funny

    To come up with a way to distribute birth control so efficiently! This would never work in America though, it's difficult enough getting them out of that quarter machine that resides in the restroom at the gas station.

    --
    load "$",8,1
  7. Also in other European countries by tonk · · Score: 4, Informative

    Papers that leaked from the German Federal Ministry of the Interior state that legal regulation allowing so called remote forensic searches exist
    - explicitly in Romania, Cypria, Latvia, Spain, and Switzerland,
    - implicitly in Slovenia,
    and that a similar approach to establish explicit allowance for remote forensic searches is ongoing in Sweden. At least readers in Sweden should contact their members of parliament and do some lobbyism. The current political discussion in Germany only got that public attention beacause some people started what they call nerd lobbyism.

    The German papers are available at http://netzpolitik.org/2007/bundesinnenministerium -beantwortet-fragen-zur-online-durchsuchung/

    It is also noteworthy that an also leaked draft of a new law regarding German federal criminal police (c.f. CCC press release at http://www.ccc.de/updates/2007/bkaterror) lists several other new or extended competencies.

    Criticism claims that Germany is on it's way to reinstate a secret police, with the last German incarnations being http://en.wikipedia.org/wiki/Stasi and http://en.wikipedia.org/wiki/Gestapo.

  8. If it can be abused, it will be.... by budword · · Score: 4, Insightful

    Next they will just email their super duper virus to child porn operators, then tax evaders, then jay walkers. As the DMCA and the Patriot Act have taught us, if it can be abused, it will. It's just human nature, or the nature of people who choose to work for the man, anyway.

  9. You've got a friend! by Anonymous Coward · · Score: 3, Funny

    "You've got a friend! OsamaBL wants to add you to his friendslist, Cancel or Allow?"

  10. There is still a chance... by zeromorph · · Score: 4, Informative

    ...that the Trojan won't actually be realized. (BBC):

    Justice Minister Brigitte Zypries, of the Social Democrats (SPD), has voiced concern about the spyware plans, saying they might infringe privacy laws,...

    But that depends on a lot of factors. Germany's biggest hacker organization the Chao Computer Club and others are very effectively campaigning against this plans.

    In recent news (only german, sorry) the federal police states that it won't be a trojan but what they call "remote forensic software" which they intend to install on the terrorists' computer manually. More like a software version of a bug (in the covert listening device sense).

    --
    "Hannibal's plans never work right. They just work." Amy/A-Team
  11. Subject by Dachannien · · Score: 4, Funny

    So what are they going to title the e-mail? I mean, they'll have to be really clever, to make sure the terrorists actually open it:

    "dude! you'll never believe what Osama said"
    "wow, I can't believe you haven't blown yourself up yet"
    "this video has your 72 virgins in it!"

  12. Re:How is this different? by Rudolf · · Score: 5, Informative

    How is this different from being allowed to tap someone's phone or plant a bug? As long as warrants are involved [...]

    With a warrant you have court approval. This is being done because the court did not grant approval.

    From the summary:
    The action comes in response to a court denying prosecutors' requests to break into suspects' computers over the Internet.

  13. Re:1A Plan, really! by Opportunist · · Score: 3, Insightful

    You'll have a hard time getting that through.

    The German government could technically issue a "please do not find" letter. Now, I know a few people with a few AV labs and such a letter would most likely be met (inofficially) immediately with a shady tool on a shady page finding exactly this trojan and nothing else.

    But let's just for a moment assume that this won't happen. Instead, KAV gives the German government the finger, citing the "Russia is big, the Czar is far" proverb. Avira would most likely be forced to comply, sitting in Germany, so would probably some other EU-based AV vendors.

    They would, though, immediately go to Den Hague and sue for unfair trade disadvantages due to the laws in one member country.

    AV writers tend to be a zealous lot. If you think the EFF is hard on GPL violations, you've never seen AV fanatics meet malware proponents.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.