Australian Spy Agency Seeks Permission To Hack Third-Party Computers

New submitter LordLucless writes "ASIO, Australia's spy agency, is pushing for the ability to lawfully hijack peoples' computers — even if they are not under suspicion of any crime. They seek the ability to gain access to a third party's computer in order to facilitate gaining access to the real target — essentially using any person's personal computer as a proxy for their hacking attempts. The current legislation prohibits any action by ASIO that, among other things, interferes with a person's legitimate use of their computer. Conceivably, over-turning this restriction would give ASIO the ability to build their own bot-net of compromised machines. Perhaps inevitably, they say these changes are required to help them catch terrorists."

How do we stop them?

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

The only thing I can think of at the moment is to use Linux and make sure I've closed all uncessary ports...?

What else? I am not a security buff. Encryption doesn't seem particularly useful, since the problem here isn't that ASIO is accessing our files (although they would probably definitely be doing that too), but that they're using our bandwidth and processing resources.

Re:How do we stop them?

[sabri]

I am an Australian.

Find the nearest Equadorian embassy and request political asylum :-)

Re:How do we stop them?

[jamesh]

I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

Over here! We have a troublemaker!

Seriously though, I wouldn't worry too much. All the hardening you already do to you computer to keep the existing viruses out will be just fine. The only possible problem will be that the antivirus vendors may be persuaded to ignore government sanctioned malware, but such a thing will be self correcting when the malware authors figure out how to mimic government malware.

Re:How do we stop them?

[spazdor]

Or, if the ASIO really needs the resources it says it needs, let them go to the Australian people with their hat in their hands and ask for volunteers to run an Aussie-Government 'network agent' on their Internet-connected PCs to help them catch child molesters and plane-bombers for the good of the homeland, and if appeals to patriotism don't do the trick, let them offer money, and we'll find out how much a person's Internet privacy sells for on the open market.

Re:How do we stop them?

[bakuun]

How can I harden my computer against being used as a node in an ASIO botnet?

ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.

If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).

In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).

Re:How do we stop them?

[davester666]

You can use this argument to do anything

-open and read every piece of mail
-listen to every phone call
-attach gps monitors to every vehicle
-install and record video cameras everywhere
-require every computing device to have a backdoor so the gov't can search through it unhindered
-stop and search everyone in a given area

The gov't would potentially 'catch a terrorist' with any of these things. Obviously, they must be implemented immediately.

Re:How do we stop them?

[rtb61]

I am an Australian and I find the whole idea of the gutless and cowardly attack appalling. ASIO is proposing to leave some poor innocent nobody holding the bag for when the attack is detected. Some innocent person minding their own business acceding the internet, who suddenly finds the local swat team raiding their home and threatening that family with death. That whole family now finds itself on trial for espionage and treason a death penalty offence in many countries. That trial will be accompanied by torture. At which point will the Australia Government have the courage and stand up and tell the truth to the country so that the innocent family are no longer standing under the threat of execution.

This all smells of a request by the US government who has all sorts of laws to deny any rights at all to foreigners. Sounds like those people at Pine Gap have been up to some naughty business and are looking to tidy up the legalities of a 'Joint Facility', Australian and US, doing stuff that is legal for the US part of the partnership but illegal for the Australian part of the partnership and as the attack must eventually leave the joint territory and cross Australian land it is subject to Australian law.

It is well known that the US consider innocent third parties as nothing more than statistics and collateral damage, to be lied about in press releases but the Australian government better think long and hard about likely sending people to their death because those other countries aren't all rank computer security amateurs who wont detect the attack, after all if they were ASIO could attack direct or more accurately stand idly by and ignore the US led and controlled attack.

You only have to look at the MEGAupload case to see how badly it can go when you trust the US inJustice system.

What happens if you get rid of their backdoor..

[NettiWelho]

You get charged with interfering with law enforcement operation?

What will Woz Do?

[Macrat]

Will Woz still want to buy Aussie citizenship if this is allowed?

What happened to the "free" of the "Free World" ?

[Taco+Cowboy]

Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

And they deserved it, for those countries never about the human rights of their citizens, and those countries spied on their own citizens.

Nowadays, countries that are supposed to be "FREE", such as Australia, New Zealand, United Kingdom and United States are becoming more and more like those rogue states.

What the fuck has happened to the spirit of "FREEDOM" of the free world?

I'd like to report a terrorist

[thegarbz]

Dear ASIO, The only people (and I use that term loosely) currently terrorising Australia are you. Kindly take your hacking desires against lawful citizens and shove them.

Translation

[russotto]

Headline: "ASIO is already breaking into third-party computers unlawfully, but is tired of covering it up."

''The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests,'' : "The purpose of this power is power".

''(It would be used) in extremely limited circumstances and only when explicitly approved by the Attorney-General through a warrant.": "We'll use it whenever and order several redundant sets of rubber stamps for the warrants"

'The Attorney-General's Department refused to explain yesterday how third-party computers would be used, ''as this may divulge operationally sensitive information and methods used by ASIO in sensitive national security investigations.''' : "We use them for all sorts of things no one in their right mind would approve of"

Re:What happened to the "free" of the "Free World"

[Runaway1956]

Pal, Australia. What does the word conjure up? Think. I know you had history classes in school. Australia was a penal colony. Meaning, they were rogues before they ever got to Australia. They are EXPECTED to be rogue! Putting the words "Australia" and "rogue" in the same sentence is redundant and repetitive.

Suggestions:

[thedarb]

* Run a BSD or Linux system. - Secure it. If you don't know how to do this, do your home work.
* Use a snapshot capable filesystem, and take snapshots (ZFS / BTRFS). - You can use these to identify file that have changed.
* Use Tripwire or a clone like AIDE. - This is a second level of checking for file changes.
* Manually audit your system regularly.
* Use OS repositories from outside Australia.

And the list would not end there.

Good news

[KeensMustard]

Ever since terrorism became such a huge problem in Australia, ASIO have been unable to catch a single terrorist. So hampered were they by a lack of access to my computer, they have been unable to foil a single, credible terrorist plot. In the last decade or so, an attack by terrorists has been imminent, at any moment, I expect to be attacked by terrorists. The lack of an actual attack, the lack of any suspicion of an actual attack, the lack of any identifiable group with any plausible reason to attack, the lack of any identifiable person associated with any group planning to attack, these are simply indicators of how clever these devious, brown people are. If only someone would use my computer to hack into theirs, then Australians would know the reason for the constant stream of messages telling us to fear.

If you need hack my computer to stop terrorists

[kawabago]

I'd rather have terrorists.

Re:What happened to the "free" of the "Free World"

[stymy]

It sounds like you need to brush up on your own history classes -- unless they were in the US, in which cases they made some important omissions. Such as the fact that England started shipping its inmates to Australia only after the American Revolution made them lose their favorite penal colony. Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.