lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <45E537AC.26477.53B97B5@stuart.cyberdelix.net>
Date: Wed, 28 Feb 2007 08:05:00 -0000
From: "lsi" <stuart@...erdelix.net>
To: full-disclosure@...ts.grok.org.uk
Subject: German cops and spooks prep own spyware

[this threat can be neutralised here:

http://seclists.org/fulldisclosure/2007/Jan/0408.html

The article below claims that standard anti-virus and firewall 
software could neutralise it, however any government agency worth its 
salt would ensure its software did not have a virus signature, and 
that it used a port already open (eg. HTTP).  So they are wrong, 
wrong wrong.  

The fix here is to scan the PC frequently for any new or changed 
files, particularly in the system areas of the boot disk.  All files 
are hashed with MD5 or SHA1 and a database kept.  Any new entrants 
are flagged and must be authorised before the flag is dropped.  For 
maximum protection, the scan results, hash database and authorisation 
procedure should be processed and stored by a different computer, 
preferably at a different physical location.  

- Stu]

German cops and spooks prep own spyware
Federal Trojan for 'online searches'
By Matthias Becker -> More by this author
Published Tuesday 27th February 2007 11:31 GMT

http://www.theregister.co.uk/2007/02/27/german_state_hackers/


Analysis Germany's police and secret services are pushing for a legal 
basis for "online house searches" - carried out without the knowledge 
of suspects, using spyware similar to a Trojan.  

The German public learned of the practice in November last year, when 
a magistrate of the Bundesgerichtshof (Federal High Court) ruled that 
there is no legal basis for such measures as part of police  
inquiries.  

Magistrate Ulrich Hebenstreit argued that house searches could only 
be carried out openly, with the knowledge of the suspect. In his 
view, and legal parlance, secretly searching a hard drive, whether in 
private or for commercial use, constituted "a major interference with 
the right to informational self-determination".  

Moreover, because all data can be viewed and analysed by the 
authorities - from private photos to email correspondence - the 
suspect's right to refuse to give evidence was violated by the 
measure.  

Hebenstreit's decision received mixed response.

While the Home Office stressed that it immediately stopped online 
searches, spokesman Christian Sachs says: "One organisational unit at 
the Bundeskriminalamt (Federal Criminal Office) is currently working 
on the technological basis for such online house searches. For 
obvious reasons, we cannot comment on the technicalities."  

Minister of the Interior Wolfgang Schäuble intends to introduce a law 
to legalise the practice.  

In fact, the measure, and online security in general, plays a major 
role in his imminent "programme for the strengthening of public 
security".  

"The internet of today is a training camp, and an open university for 
terrorists," Schäuble says.  

Bundeskriminalamt (BKA) president Jörg Ziercke believes the "Federal 
Trojan" (as the project has been dubbed by the public) is necessary 
because confiscating physical hard drives is almost useless. "They 
store their data on the internet and encrypt the hard drive. That is 
why we have to have access at the point of dissemination."  

He said 99.9 per cent of German internet users will "have nothing to 
with this".  

How often German law enforcers have tried to infect the PCs of 
suspects with Trojans is unclear. While the BKA talks about "only a 
few cases", Minister of Justice Brigitte Zypries, of the Social 
Democrats, knows of "four requests for online house searches so far". 
 
However, the government, in an answer (PDF in German) to a written 
parliamentary question, says so far there have been no online house 
searches at all, because one request was rejected by the responsible 
judge, while another attempt failed because of "technical 
difficulties".  

Influential German hacker organisation The Chaos Computer Club 
published a statement pointing to the possible consequences of 
successful infection with a Federal Trojan.  

"The whole PC could be telecommanded, the webcam turned on, and the 
room surveilled acoustically, email and chat conversion could be 
followed."  

However, the hackers are skeptical about the real danger posed by the 
spyware, and dryly recommend that "a well managed firewall and anti- 
virus software should take care of governmental or private spyware".  

Mr Padeluun, a spokesperson of the data protection association 
FOEBUD, says the whole debate is nothing but a "smoke screen".  

"As long as we are talking about Trojans, the danger is quite small. 
Another question, however, is if security agencies might soon be 
allowed to bug a computer with small hardware, which is far more 
difficult to detect." ®  


---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ