Australian Spy Agency Seeks Permission To Hack Third-Party Computers

New submitter LordLucless writes "ASIO, Australia's spy agency, is pushing for the ability to lawfully hijack peoples' computers — even if they are not under suspicion of any crime. They seek the ability to gain access to a third party's computer in order to facilitate gaining access to the real target — essentially using any person's personal computer as a proxy for their hacking attempts. The current legislation prohibits any action by ASIO that, among other things, interferes with a person's legitimate use of their computer. Conceivably, over-turning this restriction would give ASIO the ability to build their own bot-net of compromised machines. Perhaps inevitably, they say these changes are required to help them catch terrorists."

How do we stop them?

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

The only thing I can think of at the moment is to use Linux and make sure I've closed all uncessary ports...?

What else? I am not a security buff. Encryption doesn't seem particularly useful, since the problem here isn't that ASIO is accessing our files (although they would probably definitely be doing that too), but that they're using our bandwidth and processing resources.

Re:How do we stop them?

[Scarletdown]

Hopefully, someone with some significant power there in the Australian government cordially invites them to piss off.

Re:How do we stop them?

[sabri]

I am an Australian.

Find the nearest Equadorian embassy and request political asylum :-)

Re:How do we stop them?

[jamesh]

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

Over here! We have a troublemaker!

Seriously though, I wouldn't worry too much. All the hardening you already do to you computer to keep the existing viruses out will be just fine. The only possible problem will be that the antivirus vendors may be persuaded to ignore government sanctioned malware, but such a thing will be self correcting when the malware authors figure out how to mimic government malware.

Re:How do we stop them?

[MichaelSmith]

Most likely they will instrument your operating system or hardware in your absence so look at ways to keep it secure while you are away, or keep it with you at all times. Remember that they could log keystrokes with a simple device inserted into your machine.

Re:How do we stop them?

[drankr]

Why aren't you using Linux already?

Re:How do we stop them?

[ChunderDownunder]

If you read the article. it's a senior member of the government proposing the legislation.

Re:How do we stop them?

[crutchy]

i doubt much of the australian government has any idea who they are even dealing with

Re:How do we stop them?

[spazdor]

Or, if the ASIO really needs the resources it says it needs, let them go to the Australian people with their hat in their hands and ask for volunteers to run an Aussie-Government 'network agent' on their Internet-connected PCs to help them catch child molesters and plane-bombers for the good of the homeland, and if appeals to patriotism don't do the trick, let them offer money, and we'll find out how much a person's Internet privacy sells for on the open market.

Re:How do we stop them?

[crutchy]

don't use windows as your os for starters

Re:How do we stop them?

[MichaelSmith]

I assure you they do. The official cracking industry employs a few very smart computer security people.

Re:How do we stop them?

[ChunderDownunder]

So it's okay for Conroy to ban technology company Huawei from supplying equipment for the NBN over spying concerns yet it's okay for our government to target its own citizens. Hmmm...

Re:How do we stop them?

Find the nearest Equadorian embassy and request political asylum :-)

or just burn all your aussie id, hire a boat and go find a navy vessel off the north west coast

you get more government benefits as an illegal immigrant in australian detention centres than you do as an australian citizen (unless you're aboriginal or a torres strait islander, in which case you're set for life)

This post is racist, it is factually incorrect, and it is pretty much just a paraphrase of one of the moronic soundbites coming out of Tony "Stop the Boats" Abbott's mouth.

Kindly take your bullshit somewhere less enlightened. Slashdot doesn't need your taint.

Re:How do we stop them?

[bakuun]

How can I harden my computer against being used as a node in an ASIO botnet?

ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.

If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).

In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).

Re:How do we stop them?

[MichaelSmith]

Yeah because we elected him.

Re:How do we stop them?

[GoodNewsJimDotCom]

I've been concerned Microsoft already has back doors into computers already with the whole warrant-less wiretapping in the US. Maybe AUS will force MS and Apple into compliance and force backdoors onto computers. Then as governments are known to do lately, just adopt a law that is 'working' in another nation. They don't try this stuff as much in the US first anymore because we had massive public backlash against SOPA/PIPA. Maybe its time for the people AUS to stand up now. I always think it is a beautiful thing when the people stand up against bad laws and stop them.

Re:How do we stop them?

[Scarletdown]

I did actually have a look at the article, and saw that it was Australia's AG that is proposing this. Surely there are more people higher up the government food chain than the AG?

Re:How do we stop them?

[crutchy]

install linux (i prefer debian stable, but that's just me)

closed all uncessary ports

that's usually a function of your router, but linux can also be used for routing functions using an iptables script... here's an example that you can execute from /etc/rc.local (on a debian machine anyway):

#!/bin/bash
echo -n "Loading iptables firewall..."
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROP
echo "done."
exit 0

not the most locked down firewall that you can make with iptables, but its probably a similar configuration to what you would find in most off-the-shelf routers by default. you only need to add more exceptions if you run servers of sorts (ports 80 and 443 for httpd, 25 and 110 for mail, 53 for dns, etc). you can also nat between networks with iptables.

edit /etc/hosts.deny and make the only non-commented line ALL:ALL, and make sure there is nothing (except comments) in /etc/hosts.allow

also be sure to configure all users except human users and root so that shell is /bin/false in /etc/passwd and /etc/passwd-

also, don't install any programs from sources other than official repositories (except for things like flash from adobe website) and don't install garbage apps and avoid torrrent clients which are a breeding ground for malware for all operating systems. i tend to favor stable repositories (with auto security repos update), with many vulnerabilities being due to inadequately tested updates. despite the hype, the testing aspects of both waterfall and extreme programming methodologies are rarely followed in open source projects, with the most common being the "code and test" or (derogative) "cowboy coding" methodology.

use shields up @ https://www.grc.com/x/ne.dll?bh0bkyd2 to verify if you have any exposed ports

also, to protect your wifi network(s), only use wpa2 (don't use wep) and set up an access list so that only registered mac addresses will be able to connect

always use https for online banking and make sure the top and 2nd level domains are what you expect (most modern browsers highlight them)

some of this stuff is less to do with asio and more to do with security in general. no doubt other /. users will chime in if i've said something wrong or if i've missed something obvious. there's also other security things like wheel group, and there are hardening tutorials for most major distros out there. debian has a good one here: http://www.debian.org/doc/manuals/securing-debian-howto/ but for controlling remote access, the best way is to harden your browser settings (uninstall/disable any unneccesary plugins, disable java, etc), tighten up your wifi security and make sure no router ports are open

the internet is a scary place, but most viruses and malware is unintentionally installed by users from a web browser or email client (in windows). hacking is a problem, but its only serious if you're hosting. look up how a router works and that may help cool some of your fears. grc has a good info page here: http://www.grc.com/nat/nat.htm
summary: think of a nat router as sort of being like a one-way valve, so you can make requests out but only responses to your requests can come back in (ininvited requests are dropped)
if your computer is part of a botnet, there's a good chance that you unintentionally installed software from your web browser or email (or junkware/shareware) that caused it. malware rarely if ever gets onto your pc on its own, and also having malware or virus infected files on your machine is ok as long as they aren't op

Re:How do we stop them?

[whoever57]

If you're using Windows, keep it up-to-date and use a decent antivirus program -

I you are using Windows, then the simple answer is that you can never be sure that your machine is secure. You can never know if Microsoft has put a backdoor into the system that hides itself.

Even if you are using anti-virus, it is ineffective. I have seen 2 machines compromised in the last year that both had fully up-to-date antivirus. Only a couple of days after the compromise did the anti-virus detect the issue (in the first case, I tracked down the executable and submitted it to a site that tests against multiple anti-virus engines and most did not detect it until a few days later).

Re:How do we stop them?

[crutchy]

i hate tony "budgie smuggler" abbott, and i'm not racist because i hate all races equally

go take your politically motivated garbage elsewhere

Re:How do we stop them?

[crutchy]

windows isn't overly buggy... it's just inherently insecure

Re:How do we stop them?

[crutchy]

you're assurance isn't reassuring. i doubt most politicians know what asio does on the hacking front. they probably know asio is a security organisation with a website and a building

Re:How do we stop them?

[epyT-R]

So it's only ok to have racist government policy that gives entitlements to certain races and not others, but not ok when someone complains about it on the internet?

You've drunk too much PC kool-aid.

Re: How do we stop them?

Not really the AG is pretty high up. She is a totalitarian bitch though, along with Conroy they plan to make Australia worse than China. I am honestly considering moving countries because both major parties are evil.
I really hope the Green party have something to say about this, they seem to be the only voice of reason in regards to anything in relation to privacy and government powers.
Time for a massive change in politics in Australia.

Re:How do we stop them?

[TheGratefulNet]

antivirus will NEVER catch government approved bugs!

if you think about it, you'll understand.

and you won't ever trust antivirus apps again. they only block the things 'theyre allowed to'.

and yes, I'm serious. this has been covered several times before.

Re:How do we stop them?

[davester666]

You can use this argument to do anything

-open and read every piece of mail
-listen to every phone call
-attach gps monitors to every vehicle
-install and record video cameras everywhere
-require every computing device to have a backdoor so the gov't can search through it unhindered
-stop and search everyone in a given area

The gov't would potentially 'catch a terrorist' with any of these things. Obviously, they must be implemented immediately.

Re:How do we stop them?

[davydagger]

basic iptables config

*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
COMMIT

save that in /etc/iptables/iptables.rules and /etc/ip6tables.rules

and make sure if your distro doesn't have an iptables rc unit or something similar, to add

iptables-restore /etc/network/iptables
ip6tables-restore /etc/network/iptables

to your /etc/rc.local

that works great for desktops.

Re: How do we stop them?

[Scarletdown]

I reckon the other option would be for Australian citizens to take up their knives and baseball bats and... Nah. Don't think that would be very effective due to the super short range of those things. :/

Re:How do we stop them?

[AHuxley]

Run haiku-os.org, most of Australia's task forces and spooks buy in Windows, Mac (ppc/intel) and Linux (ppc/intel), ios, droid 'software' from friendly US, Canadian and UK security cleared providers.
en.wikipedia.org/wiki/OpenBFS might be fun for them to wonder about everytime your OS fails to phone home :)

Re:How do we stop them?

[pla]

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

Now why oh why would you want to help the terrorists, Citizen?

More seriously, how would that play out in the courts, if you discovered your computer participating in a "legal" police operation and chose to clean their BS malware off?

Re:How do we stop them?

[The1stImmortal]

He's a Victorian Senator (and is in the half of the Senate that got elected 2010 and won't be up again next election). I didn't vote for him (NSW here) - in fact I doubt many people at all actually voted for him (below the line on the ballot paper). Thanks to the way the senate gets elected combined with the inertia of the two major parties (the coalition might as well be one party these days), it'd actually be rather hard to vote him out - He's second on the ticket, so as long as Victorian Labor manages to get two seats worth in the 2016/2017 elections (not too hard) he's back in.

What I don't understand is how he's survived two prime ministers and countless cabinet shuffles in the exact same post. Normally ministers get rotated around a bit more, especially when they're as troublesome and controversial as Conroy. While I hate the idea of an Abbot-let Coalition government, the thought of another 3 years minimum of Conroy screwing up the IT & communications industries in Australia bothers me deeply.

Re:How do we stop them?

[AHuxley]

Its Australia, so they own you down to the exchange/rim/nbn 'card' with not much trouble and will log your net traffic 24/7.
CALEA export hardware is wonderful in that way :)
So expect any desktop consumer OS or hardware to be wide open by default.
If that fails, expect a sun tanned "tradie" to be at your home while your at work :)
2 plumbers, one day.
If your under ASIO watch, its still not so bad.
If you upset the Australian Secret Intelligence Service, they have a different origin in Australian law.
Their training, origins and methods are more US centric :)
The file system is the key, if the Win/Apple/Linux/droid spyware does not work, they have to get to the hardware - keyboard/service layer.

Re:How do we stop them?

[rtb61]

I am an Australian and I find the whole idea of the gutless and cowardly attack appalling. ASIO is proposing to leave some poor innocent nobody holding the bag for when the attack is detected. Some innocent person minding their own business acceding the internet, who suddenly finds the local swat team raiding their home and threatening that family with death. That whole family now finds itself on trial for espionage and treason a death penalty offence in many countries. That trial will be accompanied by torture. At which point will the Australia Government have the courage and stand up and tell the truth to the country so that the innocent family are no longer standing under the threat of execution.

This all smells of a request by the US government who has all sorts of laws to deny any rights at all to foreigners. Sounds like those people at Pine Gap have been up to some naughty business and are looking to tidy up the legalities of a 'Joint Facility', Australian and US, doing stuff that is legal for the US part of the partnership but illegal for the Australian part of the partnership and as the attack must eventually leave the joint territory and cross Australian land it is subject to Australian law.

It is well known that the US consider innocent third parties as nothing more than statistics and collateral damage, to be lied about in press releases but the Australian government better think long and hard about likely sending people to their death because those other countries aren't all rank computer security amateurs who wont detect the attack, after all if they were ASIO could attack direct or more accurately stand idly by and ignore the US led and controlled attack.

You only have to look at the MEGAupload case to see how badly it can go when you trust the US inJustice system.

Re:How do we stop them?

[TheSpoom]

How can I harden my computer against being used as a node in an ASIO botnet?

Against a nationstate with effectively unlimited resources where essentially all hacking has been declared legal? Nothing. You're screwed.

Re:How do we stop them?

[AHuxley]

Re -install and record video cameras everywhere.
Line your own home with the better quality gum stick video recorders - add storage, test the battery life for 12h?.

Re:How do we stop them?

[SigmaTao]

This is not hacking from the outside alone. This would validate ASIO entering your home and adding spy software/hardware directly.
Any idea of avoiding this would be very difficult.

Re:How do we stop them?

[jamesh]

Here, you can use some of my tinfoil now.

Wait a minute... how do I know you haven't tampered with it?

Re:How do we stop them?

[santosh.k83]

also, don't install any programs from sources other than official repositories (except for things like flash from adobe website) and don't install garbage apps and avoid torrrent clients which are a breeding ground for malware for all operating systems.

I've been using Transmission, Deluge, and KTorrent since several years and I've not encountered a single instance of malware which I didn't specifically download myself. Things might be different on Windows though where I guess it's popular to bundle malware with freeware torrent clients, but that just means you need to use a well known and trusted client; no need to avoid torrents.

Re:How do we stop them?

[LordLucless]

I don't think this is raw CPU cycles they're looking for here. It's more like: "We're trying to grab information on this guy. We see he visits www.somesite.com.au an awful lot. Let's get access to the computer of somesite's developer, grab his access keys, and modify somesite to deliver our trojan to the target."

Of course, once you've compromised a computer, are you going to just clean it up and let it go? After all that trouble of getting a warrant? Pfft, no - what if you need it again? You're going to list it as a resource and add it to the pile of private computers your agency owns.

Re: How do we stop them?

[Antarius]

along with Conroy they plan to make Australia worse than China

Fortunately that one has been cancelled.

Re: How do we stop them?

[Antarius]

Baseball bats? Surely you meant "cricket bats?"

Re: How do we stop them?

[Scarletdown]

That was actually what I was thinking, it just came out baseball instead of cricket, due to distractions here.

Re: How do we stop them?

[dryeo]

Probably be a lot less deaths then the American revolution of 1861. Has their ever been a case of a violent revolution improving things besides the odd one that ended up as a successful war of separation?
Most successful revolutions seem to be the majority of the population doing civil disobedience with minimal violence and even that only works some of the times.

Re:How do we stop them?

[Scarletdown]

The AG is the stand-in for a King/Queen with 3 basic duties. Proposing policy or law is not her duty. Australians never admit their subservience to the US military but it's not difficult to imagine who is driving this.

I suppose there is a decent possibility of that. But surely Australia and other First World nations can descend into an Orwellian nightmare on their own without our coaching?

Re:How do we stop them?

[dryeo]

Well as all of your list also works very well for catching dissidents they'll all eventually be implemented. Dissidents are a much bigger threat to the established powers then terrorists.

Re:How do we stop them?

[davester666]

Dissidents ARE terrorists, at least from the point of view of those in power.

Re:How do we stop them?

[dryeo]

Partially true. For example both Romney and Obama probably cared a lot who won the presidency whereas those pulling the strings only cared that the Paulians and various third parties were removed from the running. The parties while subservient to the powers that be do still have quite a bit of power and want their golden retirement plan.

Re:How do we stop them?

[crutchy]

spot the windows fanboi... the proof is in the pudding... the number of linux kernels operating in the world (including beneath android and in embedded systems like set top boxes) far exceeds the number of windows installs, and yet no malware or virus problems, yet windows STILL needs antivirus and even then it gets infected

windows is only competently set up if it has antivirus... linux doesn't need it

keep drinking the microsoft kool-aid, moron

Re:How do we stop them?

[Mike+Frett]

Exactly, the OS they are going to be Hacking will be MS based. Shit they don't even need to hack it, just pay MS to add a back-door, we already know they do this; no need to hack.

Re:How do we stop them?

[Z00L00K]

Linux with MLS enabled, but it will require you to learn how MLS works, and it's something that can cause dandruff just by reading the first page.

Using random unusual operating system can also work.

• Concurrent CP/M-86
• HP MPE
• OS/2
• TRON
• Sintran
• FreeVMS
• AROS

At least it will cause them to scratch their heads for a while.

Re:How do we stop them?

[dryeo]

I don't know much about Australia but around here the original owners of the country who happen to be a different race made a deal to sell their land on a payment plan and now the buyers are trying to weasel out of making their payments. How would you feel if you sold something on a payment plan and as soon as the buyer occupied the property you sold started claiming that due to your race you shouldn't get paid?
It is a problem with payment plans but when you're dealing with someone who doesn't recognize that pieces of paper or chunks of rock have value you're reduced to barter and when taking someones lively hood they're going to want something of equal value in return.

Re:How do we stop them?

[pjt33]

I think you're confusing the Attorney General with the Governor General.

Re:How do we stop them?

[maxwell+demon]

Next step, they'll make it illegal to take countermeasures they cannot circumvent.

Re: How do we stop them?

[maxwell+demon]

The thing is, if you make it too hard for terrorists to use computers/phones etc (ie they are/can be monitored), they simply switch to communicate via hand delivered notes written on paper.

Then forbid paper as a terrorist's tool.

Re: How do we stop them?

[craigminah]

If they used cricket bats it could take days to finish the beatdowns...and it would be boring to watch.

Re:How do we stop them?

[daem0n1x]

I'm so glad the Eastern Socialist Block came crumbling down in pieces. Now we can enjoy the joys of freedom and democracy our Western Capitalist governments give us.

Re:How do we stop them?

[currently_awake]

you would have no way to tell it was legal.

Re:How do we stop them?

[crutchy]

i think your stoush is actually with the europeans (who settled the land)

history is full of conquerors and conquered... do you see italy still paying off any of the people it conquered during the roman empire? how about france for napoleon's endevours? ...or the united states for almost eliminating native american-indian culture?

most australians (born in australia at least) don't really give a shit about race... aussie is aussie, as long as you play by the rules and treat others as you would like to be treated (and by the way i don't mind being criticised and poked fun at, as long as it is in jest), but when you get laws that favour certain race, blaming the government that maintains those laws is a poke at the government, not the race for which they favour, and we live in a country where our freedom to blame the government is as important as our right to drink beer

the real racists of the world are the ones who get their back up over race in the first place

i don't give a shit what race you are, if you get more than me from the government than me merely because you're a certain colour, the government is a bunch of fucking nit wits

Re:How do we stop them?

[Namors]

The Australian Aborigines didn't sell their land (in fact they had no concept of buying or selling land) they saw themselves as caretakers of it.

Re:How do we stop them?

[GumphMaster]

No, the article clearly says it is the Attorney-General's department (the public service organisation that contains ASIO) through an anonymous "spokesman for the Attorney-General's Department" not the Attorney-General herself that is "pushing for new powers for the Australian Security Intelligence Organisation to hijack the computers of suspected terrorists." ASIO playing the fear card in public arenas and making excessive demands is the typical method of ratcheting up their existing powers to some some lesser degree.

Re: How do we stop them?

[Ghaoth]

The Greens are watermelons. Green on the outside, red on the inside. I hope you're happy about that.

Re: How do we stop them?

[Antarius]

Distractions... You obviously weren't watching the cricket then. ;)

Re: How do we stop them?

[Antarius]

Touche.

Though I vaguely recall some Kiwi in the early 90s beating a shark off with a cricket bat...

Re:How do we stop them?

[Occams]

The AG is the minister for both ASIO and the AFP. It is the AFP that should have these powers, if any agency really needs them, because they actually catch people who are committing real crimes and they get prosecutions in court. The Federal Police are: well trained, highly disciplined, well managed and can defend themselves against real bad guys. ASIO is not any of those things. It just snoops for intelligence, most of which is hearsay and inadmissible as evidence, and it makes scary reports to the AG.

Re:How do we stop them?

[DirtyLiar]

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

Don't worry, they'll make doing that illegal.

Besides, why do you hate Australia? Any Australian patriot should be proud to help their country in the new cyber-war against terrorism. Even if that does put you in the cross-hairs of any retaliation.

Re:How do we stop them?

[DirtyLiar]

All they need to do is follow the CIA's phylosphy:

If it didn't happen in-country, it didn't happen.
If someone is not a citizen, they have no rights.

So the REAL question is why even bother leagilizing it?

Just target computers outside Australia, no privacy problems, no breaking and entering problems, no search-and-seazure problems, no civil rights issues.

All because it didn't happen in Australia.
And it wasn't us anyway, prove it was.

Re:How do we stop them?

[SigmaTao]

I'm guessing it makes it easier for personnel from other agencies (police et al) to be told to ignore what is going on.
I also allows them to legally use resources outside ASIO to do things on their behalf, and redirect information acquired to other entities without finding they are breaking the law.

Re:How do we stop them?

[metrix007]

counting android? Windows doesn't need anti-virus, stupid users need anti-virus. Big difference.

Re:How do we stop them?

[crutchy]

a lot of people don't really understand android... yes android is linux, but its also not. android is a layer running on top of linux. you can infect your android device with a virus, but it won't infect the underlying linux kernel operation. android may be insecure, but android is merely an application layer with some kernel mods; the kernel is still secure.

stupid users on a linux machine don't need antivirus... from http://en.wikipedia.org/wiki/Linux_malware "There has not yet been a widespread Linux malware threat of the type that Microsoft Windows software faces"... this is not merely due to linux users being smarter, as there are plenty of linux users who are just as ignorant of security aspects as their windows counterparts... most popular linux distributions come with security defaults that would protect even the most idiotic user from infecting the operating system, despite it being possible to infect user files. it's thanks to the way system file permissions are set by default, and also (in gdm anyway) a user can't login as root from the login user interface. also, any root function requires typing in a password rather than the overly simplistic (and widely ignored) click-through privelige escalation in windows.

btw i agree with your sig... although the /. mod system is also fucked

Re:How do we stop them?

[metrix007]

First of all, android rootkits inject into the linux kernel. Second of all, most distributions are no more secure than windows after XP. They both prompt for a password to do administrator things, and both allow user files to be overwritten and infected silently.

Re:How do we stop them?

[crutchy]

have you got any sources for you first claim?

your second and third points are just plain bullshit... if i install a program in windows 7 that needs admin access, i get a popup box where i just click accept and the program installs

user files can be overwritten in linux, but good luck trying to infect any system file without a root password

if windows 7 were as secure as linux, you wouldn't need a virus scanner for windows either

Insanity

[xtal]

So what happens when one of these third parties is detained as a spy, if their compromised computer is detected at a border? Depending on where you go, taking a machine with you sounds like it could actually put your life - or at least, your freedom - at risk?

Have we given up even maintaining the facade of the rule of law now?

Re:Insanity

[Occams]

No doubt ASIO has been doing this for years already. Now it wants to use something that it has discovered this way as evidence. To do that it must show where it came from, and it that was not legal then they cannot do so.

Huh...

You know... you start trespassing on peoples property and eventually you find some people who do the same back at you.

I don't have the remotest sense of faith anything public servants or defense personnel put together in this country could stand to defend against penetration attempts from vetted software security experts.

Is this really a smart idea? It's like asking for backlash, with the risk of having potentially sensitive information exposed as a result.

Re:Huh...

[AHuxley]

You will find a laptop in suburbia running Windows logging you from a house rented by a front company.

All Governments

[grantspassalan]

These days are justifying their actions with âoehelp the childrenâ or âoecatch terroristsâ.

What happens if you get rid of their backdoor..

[NettiWelho]

You get charged with interfering with law enforcement operation?

Re:What happens if you get rid of their backdoor..

[girlinatrainingbra]

Re:What happens if you get rid of their backdoor...
.

Probably something similar to what happened to the guy who found the FBI's GPS tracker on his car and ended up with them coming to him to retrieve it :
.

http://news.slashdot.org/story/10/10/08/1413240/College-Student-Finds-GPS-On-Car-FBI-Retrieve

.

http://www.blogrunner.com/snapshot/D/5/1/caught_spying_on_student_fbi_demands_gps_tracker_back/

.

CBS News: FBI Spies on Student, Retrieves GPS Device
.

.

Then, in March of 2012, the FBI claims that it turned off about 3000 GPS tracking devices following a Supreme Court of the USA ruling that was not in their favor. Techdirt points out that they claim to have turned off 3000 GPS trackers and that they were having trouble retrieving them.

Re:What happens if you get rid of their backdoor..

[AHuxley]

Your computer will be infected again with consumer quality spyware next shift.
The ip it reports/logs back to will look like a local bonnet.
If you have the telco skills/a friend... the ip will be a house in a state capitol running a consumer computer/OS.
Just like any bonnet....

Re:What happens if you get rid of their backdoor..

[AHuxley]

Australia is not the USA. We had our state police running around suburbia "looking" for bank robbers in the 80'/90's.
Getting the wrong house attracted the print press and tv.
There will be no digital 'raids', nothing beyond another AV product not protecting a computer in time.
The spyware will be the usual suburban type and any ip linked from it will an endusers home.

Ha

[Moe1975]

I'd like to see them do that to someone's OpenBSD box!

Re:Ha

[MichaelSmith]

Key logger

Re:Ha

[Moe1975]

Not remotely.

Re:Ha

[MichaelSmith]

Sure. Break in to the guys house to install your logger, with a cellular network connection. ASIO can break into houses easily enough.

Re:Ha

[Moe1975]

Right. Which would defeat the whole purpose of what they aim to achieve in this instance: use people's computers in a lawful, discreet, and efficient manner.

Re:Ha

[MichaelSmith]

Its lawful because they can go to the parliament to get the power to do it. It can be discreet and efficient because they can set themselves up to do it properly. Follow all the people who live in the house. Employ lock experts. Buy vehicles and brand themselves as electricians, whatever. Just walk in and do the job.

Re:Ha

[MichaelSmith]

Congratulations Mr AC. Due to your fanstastic karma score Thinkgeek have given you a brand new Das keyboard for your ongoing posting convenience.

Re:Who is terrorizing who?

[MichaelSmith]

Its partly because of our close relationship with the US. We have to keep track of terrorists living in Australia, and possibly migrating here.

What will Woz Do?

[Macrat]

Will Woz still want to buy Aussie citizenship if this is allowed?

What happened to the "free" of the "Free World" ?

[Taco+Cowboy]

Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

And they deserved it, for those countries never about the human rights of their citizens, and those countries spied on their own citizens.

Nowadays, countries that are supposed to be "FREE", such as Australia, New Zealand, United Kingdom and United States are becoming more and more like those rogue states.

What the fuck has happened to the spirit of "FREEDOM" of the free world?

I'd like to report a terrorist

[thegarbz]

Dear ASIO, The only people (and I use that term loosely) currently terrorising Australia are you. Kindly take your hacking desires against lawful citizens and shove them.

Re:Is George Carlin Dead Because He Spoke of the N

[graphius]

I donâ(TM)t know about you, but I find it very curious that comedian George Carlin died of chest pains a few months after his new, scathing routine

or maybe the fact he was 80 years old, with a history of heart problems....

ASIO

AH. For the good old days. Way back in the day the then Attorney-General personally led a raid on the HQ of ASIO on the grounds that he believed that ASIO had not given him full or accurate information about...yes...terrorist activity in Australia by Croatians. And this was back in the early 1970's

The kicker was that he did not consult with the Prime Minister or the Cabinet before he did it. The Government of the day had a great mistrust of Intelligence agencies

Re:I'd worry about a Tempest virus

[MichaelSmith]

"I'd worry about a Tempest virus that polled a personal computer's CD-ROM drive to pulse the motor as a signalling method:

Why bother when it could use a small cellular modem?

Re:TEMPEST Attacks! LCD Monitor leaks to FRS!

[graphius]

Does this get the record for the longest TL;DR reply? It has to be in the running

Translation

[russotto]

Headline: "ASIO is already breaking into third-party computers unlawfully, but is tired of covering it up."

''The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests,'' : "The purpose of this power is power".

''(It would be used) in extremely limited circumstances and only when explicitly approved by the Attorney-General through a warrant.": "We'll use it whenever and order several redundant sets of rubber stamps for the warrants"

'The Attorney-General's Department refused to explain yesterday how third-party computers would be used, ''as this may divulge operationally sensitive information and methods used by ASIO in sensitive national security investigations.''' : "We use them for all sorts of things no one in their right mind would approve of"

Re:What happened to the "free" of the "Free World"

[Runaway1956]

Pal, Australia. What does the word conjure up? Think. I know you had history classes in school. Australia was a penal colony. Meaning, they were rogues before they ever got to Australia. They are EXPECTED to be rogue! Putting the words "Australia" and "rogue" in the same sentence is redundant and repetitive.

Re:What happened to the "free" of the "Free World"

, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

Reds under the bed, eh?

Suggestions:

[thedarb]

* Run a BSD or Linux system. - Secure it. If you don't know how to do this, do your home work.
* Use a snapshot capable filesystem, and take snapshots (ZFS / BTRFS). - You can use these to identify file that have changed.
* Use Tripwire or a clone like AIDE. - This is a second level of checking for file changes.
* Manually audit your system regularly.
* Use OS repositories from outside Australia.

And the list would not end there.

Re:What happened to the "free" of the "Free World"

[Yaa+101]

It got sold away under your ass...

Re:What happened to the "free" of the "Free World"

[CrimsonAvenger]

Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

Well, technically, Iran has never been a "rouge nation". On the other hand, that's an apt description for all the communist nations...

On the other hand, if you really meant "ROGUE nation", then Iran would also fit nicely.

Why do so many supposedly educated people get "rouge" and "rogue" confused?

Re:What happened to the "free" of the "Free World"

[Phrogman]

The Spirit of Freedom has been bought and sold to the mega-corporations and their client governments. Privacy doesn't need to be dead, but its more advantageous to the business community if it is, therefore things like this proposed legislation to "Combat Terrorism" - i.e. to combat those whom the Media Industry wants to close down and prevent from copying their copyright works.

Good news

[KeensMustard]

Ever since terrorism became such a huge problem in Australia, ASIO have been unable to catch a single terrorist. So hampered were they by a lack of access to my computer, they have been unable to foil a single, credible terrorist plot. In the last decade or so, an attack by terrorists has been imminent, at any moment, I expect to be attacked by terrorists. The lack of an actual attack, the lack of any suspicion of an actual attack, the lack of any identifiable group with any plausible reason to attack, the lack of any identifiable person associated with any group planning to attack, these are simply indicators of how clever these devious, brown people are. If only someone would use my computer to hack into theirs, then Australians would know the reason for the constant stream of messages telling us to fear.

Re:Good news

Insightful but not actually correct. 3 terrorist plots have been foiled in Australia since 9/11:
- http://en.wikipedia.org/wiki/2005_Sydney_terrorism_plot
- http://en.wikipedia.org/wiki/Abdul_Nacer_Benbrika
- http://en.wikipedia.org/wiki/Holsworthy_Barracks_terror_plot

ASIO definitely had involvement in the second one, not sure about the others. I'd be more inclined to suggest that actually they are doing their job just fine with the powers they currently have.

Re:Good news

[AHuxley]

Re But who terrorizes Australia?
http://en.wikipedia.org/wiki/Sydney_Hilton_bombing
Our version of http://en.wikipedia.org/wiki/Operation_Gladio

Re:Who is terrorizing who?

[crutchy]

australia is a backwater country with a small population and small economy (even though standard of living and per capita stats are good)

there are some large cities (melbourne, sydney, brisbane) but there isn't really much in the way of populated landmarks that would make good targets like the wtc in nyc

there are very few nuclear facilities (lucas heights) and a huge sparsely populated landmass to hide military facilities in

even our government is pretty tame in the big scheme of things

guess that's why its called the lucky country

Re:Status of ASIO members ?

[crutchy]

asio is probably akin to the cia in the states

Re:Is George Carlin Dead Because He Spoke of the N

[swalve]

And a long life of drug abuse.

in other news...

[crutchy]

...ASIO computers have been hacked!

Re:What happened to the "free" of the "Free World"

[Pf0tzenpfritz]

Brian damage, perhaps?

Re:Sounds like...

[crutchy]

as long as they don't steal your kiddie pr0n collection

Re:What happened to the "free" of the "Free World"

[Archfeld]

No, buying is a bad practice in the corporate world. It has just been co-opted by the DiscoverCard Spirit of Freedom(TM), brought to you in part by McDonald's, and by the generous donation of the Monsanto Corporation. They are "Loving It"

If you need hack my computer to stop terrorists

[kawabago]

I'd rather have terrorists.

Re:What happened to the "free" of the "Free World"

[TheGratefulNet]

freedom was ok when there weren't so many things the folks in charge could invade and bug or tap.

but now, there is so much out there to bug and snoop on, well, you can't blame a kid for being hungry in a candy store, can you?

THEY WANT IT!

and they have most of the power to do whatever they want. in fact, 'asking' is just a formality, these days. if you are on a network, folks in charge think they have a right to your data.

THIS is the brave new world. huxley had zero idea about what the real future was going to be like.

Re:What happened to the "free" of the "Free World"

[TheGratefulNet]

...got to keep the loonies on the path.

(and that means, you and me!)

Re:What happened to the "free" of the "Free World"

[stymy]

It sounds like you need to brush up on your own history classes -- unless they were in the US, in which cases they made some important omissions. Such as the fact that England started shipping its inmates to Australia only after the American Revolution made them lose their favorite penal colony. Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.

im from ASIO

[strack]

im from ASIO, and theres a terrorist in your vagina. and i have to catch it with my penis.

Re:Who is terrorizing who?

australia is a backwater country with a small population

Australia's 22 millions people puts it at 52 out of 242 countries. It would be 9th largest country in Europe.

and small economy

Australia has the 12th largest economy by GDP. That's in the top 5%.

there are some large cities (melbourne, sydney, brisbane) but there isn't really much in the way of populated landmarks that would make good targets like the wtc in nyc

Are you on crack? All of those cities (like every other modern city in the world) has large commercial and residential towers that would make excellent targets for a 9/11 style attack. Anything that isn't in the top 1% is not a backwater.

Re:What happened to the "free" of the "Free World"

It died in September 2011.

That was the day the intelligence world decided that ANYTHING was permissable in the 'fight against terrorism'.

No blood or treasure was too much, no budget could be refused, no cost benefit analysis was necessary, no rights or priveliges for the public, no freedsoms and no rights to privacy .... nothing was to get in the way of the War. And then other interests piggy backed on the intelligence community. The copyright and IP industry, the music and movie industries, various sectrors of the economy undergoing stress etc etc ...

And Joe Public went along with it. He was a willing stooge.

Getting all those freedoms, rights and privileges back will probably be a centuries long struggle - but I've basically written all those rights and privileges off.

Naomi Klein has the right of it.

Re:Status of ASIO members ?

[AHuxley]

ASIO ~MI5/ classic anti Soviet FBI unit. They will interview anyone directly in Australia, try and turn with 'cash'.
Australian Secret Intelligence Service (ASIS) ~MI6/CIA - unknown policy/past. Policy papers hint of been very, very direct until early 1980's.
DSD Defence Signals Directorate ~GCHQ/NSA/CSE - keeps codes safe, taps all telcos in Asia.
The public face of the Australian spooks has been ASIO, a hunt for communists, keeping its ranks pure and records shared with state police on all local groups, clubs, political types, gov workers, celebs during the Cold War.
Keeps the press and authors busy and away from the other agencies :)

Re:Who is terrorizing who?

[crutchy]

have you ever been outside australia?

Re:What happened to the "free" of the "Free World"

[Runaway1956]

But, of course! Why do you think the 2nd amendment is so important to us? It's important that all us criminals can defend ourselves from each other! Not to mention that we don't want the warden or his gang to come back!

Re:What happened to the "free" of the "Free World"

[dryeo]

Well rouge is the colour of political parties that preach one thing while doing the opposite, usually making things free for the common person while concentrating power in the powerful. Of course most political parties are doing that.
I see that your user name is a synonym for the rouge avenger :)

Re:What happened to the "free" of the "Free World"

[maxwell+demon]

Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

I seriously doubt that.

Well, Iran was certainly not considered red, but the other countries clearly were.

Re:Sounds like...

[maxwell+demon]

Or plant kiddy porn there, for convenient later use.

Being seen as a 'front' for an intelligence agency

[D4C5CE]

...may conceivably spell doom for some of the innocent (but possibly identifiable) "third parties" implicated by remote control without their consent or knowledge.

Shouldn't our taxes at least buy us the due diligence of authorities to consider the most obvious and grave dangers before trying to get such plans implemented?

Re:What happened to the "free" of the "Free World"

[snero3]

Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.

Don't tell the Yanks but that is still the case!!

How far is too far?

[uvajed_ekil]

Citizens the world over have voluntarily given up numerous freedoms and control of parts of their lives in order to maintain security against enemies. How far is too far? Should we do every single thing possible, giving up all privacy, allowing our governments to take away our freedom, to stop [most] terrorists? If it causes you to alter the way you live your life, doesn't that mean the terrorists are winning? You've got to draw a line somewhere and stick to it, rather than continually moving it back, little by little forever. In this case I really hope Australians stand up to their government and say "no" to them greasing an already slippery slope. Protection at all costs is far too expensive, so find another way, I'd tell them.

Godwin

[Nefarious+Wheel]

I'd like to amend Godwin's Law to include any mention of Tony Abbott.

Re:Who is terrorizing who?

[Namors]

Who needs to leave the country ?

http://en.wikipedia.org/wiki/Sydney_Hilton_bombing

http://en.wikipedia.org/wiki/Sydney_Hilton_bombing#Accusations_of_conspiracy (search ASIO)

Re:What happened to the "free" of the "Free World"

[Jimbob+The+Mighty]

Rouge? Nah, that's just sunburn, mate.

Qubes OS

[Burz]

This looks interesting: http://qubes-os.org/

Its based on Linux and uses some newer virtualization features in CPUs to increase system security, and is able to enforce (and represent) security context in the GUI. They even tout a feature (anti-Evil Maid) that foils attackers with physical access (though they say nothing is perfect).

They say that garden variety VMs like VirtualBox and VMware increase security to some extent, but that they were mainly designed to make computing more convenient and efficient (i.e. they are not the most secure usage of virtualization technology). Qubes seems to have the goal of making high security convenient, so I will surely be trying this out soon.

Not to ASIO

[Occams]

ASIO is not a law enforcement agency. It does not collect evidence or catch offenders. Its role is to asvise the AUS govt on threats to national security. It only collects intelligence, which nay not always be reliable because that is the nature of intelligence. ASIO is not capable of collecting evidence that can be used in court. This kind,of privacy intrusion should be done by a properly disciplined police service acting under a warrant. In AUS that means the Australian Federal Police. If it is necessary, give the AFP the power to do this as a Service to ASIO.

Re:Who is terrorizing who?

[crutchy]

there has been a bombing in melbourne too, and also a botched asio operation (after which parliament temporarily suspended permission for asio officials to carry firearms). sorry don't have links but giyf

we're still a backwater country... in many other countries bombings, terrorism and widespread violence are commonplace

Just who the hell does the ASIO think they are?!

[DirtyLiar]

The CIA?