Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Requests More Power To Hack Remote Computers

Posted by Soulskill on from the you-can-trust-us dept.

An anonymous reader writes "The U.S. Department of Justice says it needs greater authority to hack remote computers in the course of an investigation. The agency reasons that criminal operations involving computers are become more complicated, and argues that its own capabilities need to scale up to match them. An ACLU attorney said, 'By expanding federal law enforcement's power to secretly exploit "zero-day"' vulnerabilities in software and Internet platforms, the proposal threatens to weaken Internet security for all of us.' This is particularly relevant in the wake of Heartbleed — it's been unclear whether the U.S. government knew about it before everyone else did. This request suggests that the DOJ, at least, did not abuse it — but it sure looks like they would've wanted to. You can read their request starting on page 499 of this committee meeting schedule."

18 of 76 comments (clear)

  1. Re:President McCain strikes again! by Kohath · · Score: 2, Insightful

    Al Gore? Is that you?

  2. Do you really want to do that? by Opportunist · · Score: 5, Interesting

    You might not want to use something like this, at least you do not want to use it against criminals who themselves have a background in IT and especially IT security. Else you might be in for a nasty surprise, namely that they're employing a tripwire system that waits for someone trying to hack them as an early warning system.

    In other words, your attempt to hack the criminals doubles as a "the feds are coming" flare.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Do you really want to do that? by Anonymous Coward · · Score: 3, Interesting

      Even the clueless criminals, once they see the Feds are wanting to hack into their systems will start getting their friends who know what they are doing and updating things.

      It isn't hard to run the second set of books on an offline computer with a F/OSS operating system, an office suite that doesn't need activation, and USB flash drives for moving data. With a VM server like KVM, VirtualBox, or VMWare workstation, any programs that need Windows can run on a hacked copy.

      Network-wise, there are plenty of VPN services in countries not friendly to the US, but will be happy to take money from people in the country.

      So, long term, asking for hacking rights might be good for low hanging fruit (the guy in the parent's basement with the pot plant or two), but after a few seizures, the difficulty will increase since the bad guys will just use time tested methods of couriers and dead drops. A 128 GB MicroSD card can hold a lot of data. Using a diskless Linux distribution like Knoppix or Tails isn't that tough, so a computer used by a smart crook can have a Windows OS on there with a lot of decoy files... but the real stuff and the actual sets of books would be accessed via a bootable CD and a USB flash drive with a hidden, encrypted partition.

      One can point to how people are dealing with the border laptop seizures. Even people who have no reason to worry are now concerned about that. If that same fear/worry gets to common criminals, the police work will have to be done endpoint to endpoint physically, and criminals have taken countermeasures for this for thousands of years.

    2. Re:Do you really want to do that? by mlts · · Score: 3, Interesting

      If a criminal runs their books offline with no net connection, using a USB flash drive for physical transportation or moving encrypted data to an online PC, tripwire may not be needed.

      It wouldn't take much to scare criminals into moving their unencrypted stuff offline, then the DOJ has hosed themselves since all the juicy stuff they wanted easier access to is now inaccessible unless physical attacks are used.

    3. Re:Do you really want to do that? by sumdumass · · Score: 3, Informative

      Even the clueless criminals, once they see the Feds are wanting to hack into their systems will start getting their friends who know what they are doing and updating things.

      I don't necessarily disagree with what you are saying but you cannot really advertise a job to secure a criminal enterprise. What you are left with is either relying on only those you already know which might not be very cutting edge or seeking someone specific out and hoping they don't turn rat on you.

      In the former, I will just say that I don't know how many screwed up systems and wide open home networks I have seen installed by someone's rocket scientist kid, nephew, neighbor, work IT, church buddy, or whatever that had more WTF things going on than anything correct. Even following people sporting walls full of certifications and bragging about how good they are because of them sometimes turn out to be almost worthless for even simple tasks when following them into a small business. Those are usually the most dangerous- screwed up too. I usually find them running unpatched windows 200x servers directly open to the internet and half the ports opened up because they wanted remote access or something in the network needed it. They are often sporting more infections and malware than a porn surfing teens computer- because no one ever logs onto them to see the 5 million IE pop ups and error messages until something goes horribly bad and they just reboot thinking "I fixed it again".

      I'm thinking most criminals that aren't just doing it because of opportunity will already be into something like what you describe. A lot of people claim to know what they are doing but fail in spectacular ways.

  3. Illegal by casca69 · · Score: 5, Insightful

    Bluntly, if they would prosecute me for doing it, then they better damn well have a warrant and judicial oversight.
    Otherwise, it's breaking the law, and prosecution ensues.

    1. Re:Illegal by Anonymous Coward · · Score: 4, Insightful

      You are aware that the DoJ is a branch of government, right?
      When was the last time any branch was tried for doing something illegal?

    2. Re:Illegal by sumdumass · · Score: 3, Informative

      What happens and should happen are separate things.

      The concept of the king can do no wrong died a long time ago, got reborn and needs to be killed once again.

  4. Let them have it by fustakrakich · · Score: 5, Insightful

    Since they're doing it anyway (surely you're not going to believe their denials still, are you?), let it be public and provide incentive to build more resistant electronics.

    --
    “He’s not deformed, he’s just drunk!”
  5. Re:Let them have it = Holder has it! by BoRegardless · · Score: 5, Insightful

    Since our Atty General Mr. Holder, says he can choose which laws to obey, then there are no laws, no rules, except what he chooses to do.

  6. Remove computers can be anywhere ... by Alain+Williams · · Score: 5, Insightful

    including other countries; I did not notice anything in the article restricting this to computers in the USA. Other countries might not agree with the USA DOJ allowing computers in their countries to be cracked -- thus the USA cops/investigators will be conducting criminal acts in other countries -- how does that make them different from what the USA wanted to grab Gary McKinnon for ?

  7. Clear as day by Charliemopps · · Score: 4, Insightful

    So let me get this strait. The DOJ's argument is: "If we leave the door locked, how are we supposed to catch burglars?"

  8. No! by Hamsterdan · · Score: 5, Insightful

    If you (or myself) do the same thing, it's illegal, and we're gonna be prosecuted. The law is the same for everyone (at least it should be). I'm sick & tired of that shit. Police installing cameras (without warrant) to spy on people, inside their homes, warrantless wiretapping and every other thing that is *ILLEGAL* for the common people.

    If it's illegal for me to do it, it's illegal for them to do it. And yes, I hope it blows up in their faces.

    --
    I've got better things to do tonight than die.
  9. You know the NSA is one thing by koan · · Score: 2

    The DOJ has shown its self to be incompetent.

    http://www.forbes.com/sites/ri...
    http://gov.louisiana.gov/index...
    https://www.techdirt.com/artic...

    --
    "If any question why we died, Tell them because our fathers lied."
  10. Re:Let them have it = Holder has it! by Jane+Q.+Public · · Score: 2

    Since our Atty General Mr. Holder, says he can choose which laws to obey, then there are no laws, no rules, except what he chooses to do.

    Not to mention: if we had a totally secure, encrypted, spook-proof communications network (barring wiretapping warrants, of course), where would that put us as far as "national security" goes?

    Oh, yeah. Back in the 1990s. Seems to me, things were actually better then, in this respect.

  11. Re:Let them have it = Holder has it! by fustakrakich · · Score: 2

    ...spook-proof communications network (barring wiretapping warrants, of course)...

    Wait a minute. Are you saying there should be built in backdoors to accommodate them?

    And the 90s? What leads you to believe it was better then, when the democrats were pushing for clipper chips, V-chips, and other restrictions on encryption? I say we have it much better now, now that we have confirmed the government is running outlaw spy agencies, and that might provide the above mentioned incentives to actually do something about it. However, trust has now gone out the window. Everybody is suspect, pretty much the way the authorities want it. And republicans and democrats will continue to dominate the narrative.

    --
    “He’s not deformed, he’s just drunk!”
  12. Re:Let them have it = Holder has it! by mlts · · Score: 2

    I'd say we have it better now, because crypto isn't "illegal" like it was when ITAR was the law of the land. However, because online connections are required, coupled with layers of complexity added to even the humble desktop, the crypto may be good, but the key is still stored under the doormat for anyone to fetch.

  13. Re:Turnabout by sumdumass · · Score: 2

    There are a few instances I know of where someone was arrested for resisting arrest before an arrest ever happened.

    The one that is the most egregious is where a guy started videoing a cop who stopped someone near him. He pulled out a camera and started taking video of the entire thing. The cop let the other person go after a few minutes then came over and ordered him to give his camera to him. He replied with "why" and the cop tackled him, handcuffed him and arrested him for resisting arrest. I'm not sure if I'm conflating a different scenario but I'm pretty sure he ended up getting tazzered for asking what the hell he did wrong.

    Another situation I know of, some guy came from behind and pushed another to the ground. The other guy started fighting him and was arrested for resisting arrest. Except there was tons of people around and not one of them heard the first guy announce he was a cop or the other guy was under arrest. I heard through a friend of a friend that it was because the arrested guy was rude to the cop's wife earlier that day. No reason for the initial arrest was ever given just charges for resisting arrest which he ended up beating after spending thousands on legal expenses and almost losing his job.

    There are all sorts of stories about being arrested for resisting arrest before any arrest was ever done. Its ridiculous to say the least.