Australian Spy Agency Seeks Permission To Hack Third-Party Computers

New submitter LordLucless writes "ASIO, Australia's spy agency, is pushing for the ability to lawfully hijack peoples' computers — even if they are not under suspicion of any crime. They seek the ability to gain access to a third party's computer in order to facilitate gaining access to the real target — essentially using any person's personal computer as a proxy for their hacking attempts. The current legislation prohibits any action by ASIO that, among other things, interferes with a person's legitimate use of their computer. Conceivably, over-turning this restriction would give ASIO the ability to build their own bot-net of compromised machines. Perhaps inevitably, they say these changes are required to help them catch terrorists."

How do we stop them?

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

The only thing I can think of at the moment is to use Linux and make sure I've closed all uncessary ports...?

What else? I am not a security buff. Encryption doesn't seem particularly useful, since the problem here isn't that ASIO is accessing our files (although they would probably definitely be doing that too), but that they're using our bandwidth and processing resources.

Re:How do we stop them?

[sabri]

I am an Australian.

Find the nearest Equadorian embassy and request political asylum :-)

Re:How do we stop them?

[jamesh]

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

Over here! We have a troublemaker!

Seriously though, I wouldn't worry too much. All the hardening you already do to you computer to keep the existing viruses out will be just fine. The only possible problem will be that the antivirus vendors may be persuaded to ignore government sanctioned malware, but such a thing will be self correcting when the malware authors figure out how to mimic government malware.

Re:How do we stop them?

[spazdor]

Or, if the ASIO really needs the resources it says it needs, let them go to the Australian people with their hat in their hands and ask for volunteers to run an Aussie-Government 'network agent' on their Internet-connected PCs to help them catch child molesters and plane-bombers for the good of the homeland, and if appeals to patriotism don't do the trick, let them offer money, and we'll find out how much a person's Internet privacy sells for on the open market.

Re:How do we stop them?

[bakuun]

How can I harden my computer against being used as a node in an ASIO botnet?

ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.

If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).

In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).

Re:How do we stop them?

[crutchy]

install linux (i prefer debian stable, but that's just me)

closed all uncessary ports

that's usually a function of your router, but linux can also be used for routing functions using an iptables script... here's an example that you can execute from /etc/rc.local (on a debian machine anyway):

#!/bin/bash
echo -n "Loading iptables firewall..."
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROP
echo "done."
exit 0

not the most locked down firewall that you can make with iptables, but its probably a similar configuration to what you would find in most off-the-shelf routers by default. you only need to add more exceptions if you run servers of sorts (ports 80 and 443 for httpd, 25 and 110 for mail, 53 for dns, etc). you can also nat between networks with iptables.

edit /etc/hosts.deny and make the only non-commented line ALL:ALL, and make sure there is nothing (except comments) in /etc/hosts.allow

also be sure to configure all users except human users and root so that shell is /bin/false in /etc/passwd and /etc/passwd-

also, don't install any programs from sources other than official repositories (except for things like flash from adobe website) and don't install garbage apps and avoid torrrent clients which are a breeding ground for malware for all operating systems. i tend to favor stable repositories (with auto security repos update), with many vulnerabilities being due to inadequately tested updates. despite the hype, the testing aspects of both waterfall and extreme programming methodologies are rarely followed in open source projects, with the most common being the "code and test" or (derogative) "cowboy coding" methodology.

use shields up @ https://www.grc.com/x/ne.dll?bh0bkyd2 to verify if you have any exposed ports

also, to protect your wifi network(s), only use wpa2 (don't use wep) and set up an access list so that only registered mac addresses will be able to connect

always use https for online banking and make sure the top and 2nd level domains are what you expect (most modern browsers highlight them)

some of this stuff is less to do with asio and more to do with security in general. no doubt other /. users will chime in if i've said something wrong or if i've missed something obvious. there's also other security things like wheel group, and there are hardening tutorials for most major distros out there. debian has a good one here: http://www.debian.org/doc/manuals/securing-debian-howto/ but for controlling remote access, the best way is to harden your browser settings (uninstall/disable any unneccesary plugins, disable java, etc), tighten up your wifi security and make sure no router ports are open

the internet is a scary place, but most viruses and malware is unintentionally installed by users from a web browser or email client (in windows). hacking is a problem, but its only serious if you're hosting. look up how a router works and that may help cool some of your fears. grc has a good info page here: http://www.grc.com/nat/nat.htm
summary: think of a nat router as sort of being like a one-way valve, so you can make requests out but only responses to your requests can come back in (ininvited requests are dropped)
if your computer is part of a botnet, there's a good chance that you unintentionally installed software from your web browser or email (or junkware/shareware) that caused it. malware rarely if ever gets onto your pc on its own, and also having malware or virus infected files on your machine is ok as long as they aren't op

Re:How do we stop them?

[davester666]

You can use this argument to do anything

-open and read every piece of mail
-listen to every phone call
-attach gps monitors to every vehicle
-install and record video cameras everywhere
-require every computing device to have a backdoor so the gov't can search through it unhindered
-stop and search everyone in a given area

The gov't would potentially 'catch a terrorist' with any of these things. Obviously, they must be implemented immediately.

Re:How do we stop them?

[rtb61]

I am an Australian and I find the whole idea of the gutless and cowardly attack appalling. ASIO is proposing to leave some poor innocent nobody holding the bag for when the attack is detected. Some innocent person minding their own business acceding the internet, who suddenly finds the local swat team raiding their home and threatening that family with death. That whole family now finds itself on trial for espionage and treason a death penalty offence in many countries. That trial will be accompanied by torture. At which point will the Australia Government have the courage and stand up and tell the truth to the country so that the innocent family are no longer standing under the threat of execution.

This all smells of a request by the US government who has all sorts of laws to deny any rights at all to foreigners. Sounds like those people at Pine Gap have been up to some naughty business and are looking to tidy up the legalities of a 'Joint Facility', Australian and US, doing stuff that is legal for the US part of the partnership but illegal for the Australian part of the partnership and as the attack must eventually leave the joint territory and cross Australian land it is subject to Australian law.

It is well known that the US consider innocent third parties as nothing more than statistics and collateral damage, to be lied about in press releases but the Australian government better think long and hard about likely sending people to their death because those other countries aren't all rank computer security amateurs who wont detect the attack, after all if they were ASIO could attack direct or more accurately stand idly by and ignore the US led and controlled attack.

You only have to look at the MEGAupload case to see how badly it can go when you trust the US inJustice system.

Re:How do we stop them?

[LordLucless]

I don't think this is raw CPU cycles they're looking for here. It's more like: "We're trying to grab information on this guy. We see he visits www.somesite.com.au an awful lot. Let's get access to the computer of somesite's developer, grab his access keys, and modify somesite to deliver our trojan to the target."

Of course, once you've compromised a computer, are you going to just clean it up and let it go? After all that trouble of getting a warrant? Pfft, no - what if you need it again? You're going to list it as a resource and add it to the pile of private computers your agency owns.

Re: How do we stop them?

[craigminah]

If they used cricket bats it could take days to finish the beatdowns...and it would be boring to watch.

What happens if you get rid of their backdoor..

[NettiWelho]

You get charged with interfering with law enforcement operation?

Ha

[Moe1975]

I'd like to see them do that to someone's OpenBSD box!

What will Woz Do?

[Macrat]

Will Woz still want to buy Aussie citizenship if this is allowed?

What happened to the "free" of the "Free World" ?

[Taco+Cowboy]

Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

And they deserved it, for those countries never about the human rights of their citizens, and those countries spied on their own citizens.

Nowadays, countries that are supposed to be "FREE", such as Australia, New Zealand, United Kingdom and United States are becoming more and more like those rogue states.

What the fuck has happened to the spirit of "FREEDOM" of the free world?

I'd like to report a terrorist

[thegarbz]

Dear ASIO, The only people (and I use that term loosely) currently terrorising Australia are you. Kindly take your hacking desires against lawful citizens and shove them.

Translation

[russotto]

Headline: "ASIO is already breaking into third-party computers unlawfully, but is tired of covering it up."

''The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests,'' : "The purpose of this power is power".

''(It would be used) in extremely limited circumstances and only when explicitly approved by the Attorney-General through a warrant.": "We'll use it whenever and order several redundant sets of rubber stamps for the warrants"

'The Attorney-General's Department refused to explain yesterday how third-party computers would be used, ''as this may divulge operationally sensitive information and methods used by ASIO in sensitive national security investigations.''' : "We use them for all sorts of things no one in their right mind would approve of"

Re:What happened to the "free" of the "Free World"

[Runaway1956]

Pal, Australia. What does the word conjure up? Think. I know you had history classes in school. Australia was a penal colony. Meaning, they were rogues before they ever got to Australia. They are EXPECTED to be rogue! Putting the words "Australia" and "rogue" in the same sentence is redundant and repetitive.

Suggestions:

[thedarb]

* Run a BSD or Linux system. - Secure it. If you don't know how to do this, do your home work.
* Use a snapshot capable filesystem, and take snapshots (ZFS / BTRFS). - You can use these to identify file that have changed.
* Use Tripwire or a clone like AIDE. - This is a second level of checking for file changes.
* Manually audit your system regularly.
* Use OS repositories from outside Australia.

And the list would not end there.

Good news

[KeensMustard]

Ever since terrorism became such a huge problem in Australia, ASIO have been unable to catch a single terrorist. So hampered were they by a lack of access to my computer, they have been unable to foil a single, credible terrorist plot. In the last decade or so, an attack by terrorists has been imminent, at any moment, I expect to be attacked by terrorists. The lack of an actual attack, the lack of any suspicion of an actual attack, the lack of any identifiable group with any plausible reason to attack, the lack of any identifiable person associated with any group planning to attack, these are simply indicators of how clever these devious, brown people are. If only someone would use my computer to hack into theirs, then Australians would know the reason for the constant stream of messages telling us to fear.

Re:Good news

Insightful but not actually correct. 3 terrorist plots have been foiled in Australia since 9/11:
- http://en.wikipedia.org/wiki/2005_Sydney_terrorism_plot
- http://en.wikipedia.org/wiki/Abdul_Nacer_Benbrika
- http://en.wikipedia.org/wiki/Holsworthy_Barracks_terror_plot

ASIO definitely had involvement in the second one, not sure about the others. I'd be more inclined to suggest that actually they are doing their job just fine with the powers they currently have.

Re:What happened to the "free" of the "Free World"

[Pf0tzenpfritz]

Brian damage, perhaps?

Re:What happened to the "free" of the "Free World"

[Archfeld]

No, buying is a bad practice in the corporate world. It has just been co-opted by the DiscoverCard Spirit of Freedom(TM), brought to you in part by McDonald's, and by the generous donation of the Monsanto Corporation. They are "Loving It"

If you need hack my computer to stop terrorists

[kawabago]

I'd rather have terrorists.

Re:What happened to the "free" of the "Free World"

[stymy]

It sounds like you need to brush up on your own history classes -- unless they were in the US, in which cases they made some important omissions. Such as the fact that England started shipping its inmates to Australia only after the American Revolution made them lose their favorite penal colony. Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.