Slashdot Mirror

← Back to Stories (view on slashdot.org)

Antivirus Firms "Won't Co-operate" With PC-Hacking Dutch Police

Posted by timothy on from the talk-about-bad-pr dept.

nk497 writes "Dutch police are set to get the power to hack people's computers or install spyware as part of investigations — but antivirus experts say they won't help police reach their targets. Mikko Hypponen, chief research officer at F-Secure, said the Dutch bill could lead to antivirus firms being asked asked to cooperate with authorities to let an attack reach the target. So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request, and said his own firm wouldn't want to take part. Purely for business reasons, it doesn't make sense to fail to protect customers and let malware through 'regardless of the source.'"

10 of 97 comments (clear)

  1. Hmm by BeTeK · · Score: 3, Insightful

    I think hacking has one big downside compared to traditional phone tapping. It is possible person being hacked can detect this and make counter measures against it OR even supply false information. For police standpoint I would consider information gained through hacking very unreliable.

  2. Re:"So far" by Anonymous Coward · · Score: 5, Insightful

    The problem is simple: if you can impersonate police malware, any and all protection is instantly voided.
    This is why it's a VERY, VERY bad idea.

  3. Re:"So far" by AK+Marc · · Score: 4, Interesting

    Still not hard with root. With a signed order by HR, I installed malware on an employee machine (he was violating just about every clause of the AUP). I had to load up the AV, set the malware to "approved" in the exception list, then install it. He never knew it was there, until he was fired for browsing porn on company time, and "working late" to impersonate young girls in chat rooms to pick-up men, essentially proof he was billing personal time to the company as overtime, as well as the multiple porn complaints we needed to address to prevent lawsuits. Captured the email addresses and passwords for his chatting accounts, things like hotteen14@aol/hotmail. But nobody ever logged into them, just proof that was all he was doing when alone late in the office (though, what was on his screen was known, nothing was known about what he was doing reading those emails or chats...)

    But the point is, for effective malware, you must disable the AV. When the AV has a known hole, everyone will pretend to be the police. Even if a huristics might cause an issue, once you have it on, you attack the AV first. I remember back in the 90's when AV was starting to mature, most of the "smarter" malware would attack the AV. Even if it couldn't disable it, it would run up CPU and cause false alarms to encourage the user to disable it. Causing holes, no matter how small, will allow someone in who shouldn't be in.

    --
    Learn to love Alaska
  4. Re:"So far" by doctor+woot · · Score: 3, Insightful

    "So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request"
    That's because it's not law yet; once it's law, they will.

    I sincerely doubt that. I'm sure more than a few of those asked to cooperate saw the marketing potential in possibly having one of the few AV services billed as "free from government malware!" Now that all that have been asked have refused, it'd take a death wish for a company to volunteer to be the black sheep.

  5. Re:"So far" by RDW · · Score: 4, Informative

    I can't believe most antivirus companies would turn a blind eye to the tools used by law enforcement agencies and national governments. They only do that if the malware is installed by someone _really_ important. Like Sony:

    http://www.wired.com/politics/security/commentary/securitymatters/2005/11/69601?currentPage=all

  6. Re:"So far" by gweihir · · Score: 5, Informative

    I have absolutely no problem with your example, as there the legitimate system administrator installs the spy-ware. What the article is talking about is hacking a system against the will of the legitimate system administrator and, consequentially, bypassing the AV software. An additional problem is that the police is routinely incompetent. In the case of the German "Bundestrojaner", it was found that all recovered copies had a hard-coded symmetric encryption key used to protect the installed backdoor. That means anybody with access to the malware (including all targets) had low-effort access to all the targets. That is just completely unacceptable. Even more unacceptable is that the police (at least in Germany) is not responsible for the damage they cause. If they by accident hack the wrong machine, they should both be liable for all damage and those negligent should be personally subject to criminal liability. Guess what, they are not. Even worse, if they find anything on this wrong machine, they can use it against the owner, even if they did not have permission to look in the first place. That is what a police-state looks like: Too much power and no responsibility for the police. This is the road to hell.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. Re:Fedware by Seumas · · Score: 3, Informative

    And don't forget the FBI doing things like requesting (and who knows what they're doing when they're not politely requesting) to send an email with a payload that would jack the customer's computer (in one case, an anonymous email account that they wanted to infect the owning computer so they could use the webcam/skype/etc to view the identify of the person using it -- and don't forget, doing that would circumvent encryption since you could gather data on the computer pre-encryption).

    http://gawker.com/judge-tells-fbi-they-cannot-use-webcams-to-spy-on-peopl-483855078

    The concept of privacy is over and people who think you're being monitored "retroactively, down the road" are behind the times. It's real-time and it's across the board (and, as per recent cases apparently, can also be retroactive so you can go back and retrieve information like phone calls in-full that occurred prior to when you had the wire tap to record them).

  8. I'd see some lawsuits coming by gnasher719 · · Score: 4, Interesting

    Anti-virus software is sold by making promises to the buyer. For example, promises to protect their privacy. Anti-virus software that gave the police access to your computer, even if that was legal, would be in breach of the promises they made when they sold the software. That would be false advertising.

    Could you imagine millions of customers asking for their money back when anti-virus software that claims to protect their data intentionally doesn't protect it?

  9. Re:"So far" by craigminah · · Score: 3, Insightful

    The second a security company allows insecurities to exist NOBODY will use their software, nor should they. If a governmental agency wants to monitor its citizens they need to wiretap or do it some other way. It seems governments nowadays think they can do anything...

  10. Re:"So far" by AK+Marc · · Score: 3, Informative

    A signed order from the owner of the computer to install software on that computer does absolve me of all legal risk.

    --
    Learn to love Alaska