General discussion

  • Creator
    Topic
  • #2269362

    Ethics of illegal hacking

    Locked

    by axg ·

    Sorry if this has been discussed before, but my searches didn’t turn up any references. So my mini-rant…

    I see in the news that “Ronald C Kline, a former senior judge from California, was sentenced following a lengthy case involving evidence gathered by illegal hacking”.

    Now I agree that jail is where this pervert should be, but I am concerned about the illegal hacking. Some of the evidence used was gathered by a trojan horse hack.

    Surely there is enough support in the current surveillance laws to enable legal electronic watching. The s/w may involve trojan horse algorithms but it should be placed there legally with a warrant.

    I would hate for a far worse offender than Kline to get off because of illegal surveillance.

    And I hate the idea that some hackers may be able to justify their illegal activities because it “may” catch child abuser.

    When I was young it was “acceptable” for police to extract a confession by beating a suspect. It has taken 30 years to overcome this “end justifies the means” physical assault excuse, why should we tolerate it in the virtual world?

    Your comments please, regards Annette

All Comments

  • Author
    Replies
    • #2510817

      That practise is both unacceptable and illegal

      by hal 9000 ·

      In reply to Ethics of illegal hacking

      So the evidence gathered by it’s use should never have been accepted by the court as it is [b]Tainted Evidence.[/b]

      At a higher court it should be possible to get all the evidence presented thrown out because of the admitted Illegal Activity used to gather the evidence. Because some of the evidence gathered was tainted it will be up to the court to decide if this Tainted Evidence played a big enough role to allow any other follow up investigation if it does then everything gathered as evidence should be considered as inadmissible and the offender walks away free because there is nothing to present as evidence not even the sized computer will be admissible.

      The only way around this is if the offender was prosecuted under some of the new laws enacted since 9-11 and charged under Anti Terror Related Laws then it’s my understanding that there is no need for Legally obtained evidence to be used as the authorities can claim that they where protecting the society so their methods justify the ends.

      Col

      • #2510271

        The evidence was not gathered by law enforcement, but by a private citizen.

        by deepsand ·

        In reply to That practise is both unacceptable and illegal

        Said citizen subsequently gave it to law enforcement.

        The court of 1st instance did in fact throw out the evidence; but, on appeal, it was ruled admissible owing to the fact that, as said citizen was not acting as an agent of the State, the State had committed no illegal act. At this point, the defendant plead guilty.

        Barring a successful arguing of the guilty plea having been elicited by way of duress at the hands of the State, the defendant is bound by his plea agreement, leaving him with a civil action against the hacker as his only recourse.

        • #2510214

          The private citizen…

          by wmlundine ·

          In reply to The evidence was not gathered by law enforcement, but by a private citizen.

          …who recorded the cell phone conversation of Newt Gingrich, which resulted in a Gingrich conviction on tax evasion charges, was prosecuted by the state under criminal law. I guess it depends on who you hack.

        • #2535485

          Not who, but how & where.

          by deepsand ·

          In reply to The private citizen…

          In this case the “hacker” is Canadian, so that there is no legal nexus by which he can be charged for any criminal offenses.

        • #2535373

          The where…

          by wmlundine ·

          In reply to Not who, but how & where.

          …puts me in mind of the “NASA” hacker who resides in England I think. Are Canadian and GB laws so different?

        • #2535360

          No

          by hal 9000 ·

          In reply to The where…

          So I wonder what the difference actually is here.

          Col

        • #2535285

          It’s a matter of jurisdiction.

          by deepsand ·

          In reply to No

          The U.S. authorities developed their own evidence, based on information that originated with a non-citizen acting in a foreign nation. In this instance, the Canadian authorities would need to be persuaded to prosecute under Canadian law.

        • #2510150

          So Sandy are the Feds chasing the citizen

          by hal 9000 ·

          In reply to The evidence was not gathered by law enforcement, but by a private citizen.

          To charge with Terror Related Activities like they seem to be doing to anyone caught Hacking a Computer System lately?

          It would be interesting to see this happen as the citizen in question deserves this I certainly don’t support Child Abuse of any kind but by the same token I don’t see how one Illegal Activity justifies the other unless of course it’s the Government doing the Illegal things under the protection of Federal LAW!

          Besides it will no doubt be argued that when the Appeal Court Accepted the Illegal Evidence Gathered this was sufficient grounds for a Duress Plea anyway as the Court in question was unwilling to support the LAW.

          God I hate it I’m working with Legal WHORES way too much and am beginning to think like them. 🙁

          Col

        • #2535484

          Not that I am aware of.

          by deepsand ·

          In reply to So Sandy are the Feds chasing the citizen

          In this case the “hacker” is Canadian, so that there is no legal nexus by which he can be charged for any criminal offenses.

        • #2536372

          OK I’ll ask the obvious question

          by hal 9000 ·

          In reply to The evidence was not gathered by law enforcement, but by a private citizen.

          As the system was hacked just how did the Court Accept [b]The Chain Of Evidence?[/b] And allow a conviction to be recorded as the State didn’t initially Hack the System there is no possibility of knowing what was originally on the system and what had been added after the Original Hack that was not known about by the Systems Owner.

          This to me sounds like a great way of some pay back against someone you don’t like who has made a decision that has adversely affected you in some manner.

          From a strictly Legal Prospective as the system was broken into from outside it’s far more likely the the outside influence added the images and could have continued to do this over time to get a successful outcome to suit their own ends.

          I work with the high end professionals and they all know [b]Bugger All[/b] about their systems just last week I scanned a Surgeons system and the AV product was only 3 months out of date and the Spy Ware Products came up with a message that the last update was 481 days ago and I was asked why this was Important. 😀

          Col

        • #2535482

          The “Chain of Custody” is not an issue here.

          by deepsand ·

          In reply to OK I’ll ask the obvious question

          The Canadian “hacker” passed the information to a U.S. advocacy group, who then brought it to the attention of local law enforcement.

          Under “probable cause,” based on said information, local law enforcement then obtained a search warrant, whereby they themselves obtained physical evidence from the accused’s computer.

        • #2535358

          On a computer who’s security had been violated

          by hal 9000 ·

          In reply to The “Chain of Custody” is not an issue here.

          With no positive proof that the owner was responsible for downloading the images in question.

          I can not see how the Appeal Court ruled that the Images on the Computer where admissible particularly after they already knew that the Security of the system had been breached. So they would not be able to say positively that the images actually belonged to the owner of the machine. They could have been inserted onto the computer over a period of time by someone with a grudge against the person or they could have just been a complete Hoax.

          Personally I think that the Lower Court got it right in Ruling the Evidence as Inadmissible, because of the security breach.

          If I was placed in a position like that I would save my money for a defence and not try to have the case heard by a Court who wasn’t applying the Law Correctly.

          Anyway the US is currently trying to Extradite a British Guy for Hacking in the US so what’s stopping them doing the same thing here with Canada. As the two countries are so close they would stand a far better chance of getting a Positive Result in Extraditing the Hacker to the US from Canada for Trial. It would even improve their chances of doing this again in the future when they get a successful outcome on the first attempt.

          The problem with the British Guy who was a complete ID10T is that there is no way to prove Intent to do Damage where as with the Hacker in Canada there is a clear Intent to do damage and no proof that the images existed prior to the Trojan being activated.

          Col

        • #2535283

          I concur, and hope that this does not set a precedent.

          by deepsand ·

          In reply to On a computer who’s security had been violated

          However, I’m not all that hopeful, given that our Supreme Court recently effectively gutted the “knock and announce” requirement, which has its basis in old English Common Law, prior to serving search warrants; now it’s more like “bust in and announce.”

          In the case at hand, I see the hacker’s actions as being nothing but unlawfull trespass. Unfortunately, the courts here have given law enforcement increasingly greater latitude with regards to using evidence collected in “good faith.” That may have been the case here, were it that the police did not know that the information provided them by the local advocacy group originated with the hacker.

      • #2927585

        Evidence is allowed if a non-american and from another country.

        by stephen_maloy ·

        In reply to That practise is both unacceptable and illegal

        I read an article two days ago which said federal authorities were able to use evidence from a non-American hacking from another country. Out of a few thousand that the hacker reported, two had been convicted. Hacker utilized a backdoor Trojan to gather evidence. I would think the evidence would be considered tainted if it was given by an anonymous hacker. However, if the feds launched their own investigation based on the hacker?s allegations and got the proper warrants, then I could see it being legitimate.

    • #2510815

      Please post a citation

      by tig2 ·

      In reply to Ethics of illegal hacking

      So that we can follow your arguments based on same information.

      I may easily read another position that does not support your conclusion.

    • #2497602

      citations

      by axg ·

      In reply to Ethics of illegal hacking

      Here is the first article I noticed
      http://www.latimes.com/news/local/la-ex-judge20feb21,0,546099.story?coll=la-home-local

      and here is a brief discussion of the legality of the evidence
      http://www.metnews.com/articles/2005/klei121405.htm

      The case has been going on for a few years

      regards

      • #2509987

        Thanks!

        by tig2 ·

        In reply to citations

        I have learned that if I read the same information as everyone else, I sound much more intelligent.

        I appreciate the links!

    • #2497599

      There are courses offered in “Ethical Hacking” and even certification

      by why me worry? ·

      In reply to Ethics of illegal hacking

      in this, but who is to decide what methods of hacking is ethical or unethical? If a company hires you to perform a penetration test on their network and then secure it against similar attacks, then that can be deemed as ethical hacking because (1) you are being hired and paid to perform a service and (2), the company’s network you are targeting is aware of it and expecting it. Unethical hacking falls in the realm of extracting or stealing data without expressed permission of the party or parties the hacker is targeting. Although I agree that this judge should be convicted if he was engaging in illegal acts using his PC, but the method by which this evidence was gathered is by law “illegal” if it was obtained without a warrant, even though the judge is clearly guilty.

    • #2508888

      Overcome . . . ?

      by apotheon ·

      In reply to Ethics of illegal hacking

      “[i]When I was young it was ‘acceptable’ for police to extract a confession by beating a suspect. It has taken 30 years to overcome this ‘end justifies the means’ physical assault excuse, why should we tolerate it in the virtual world?[/i]”
      If you think we, as a society, have really “overcome” that approach to law enforcement, you haven’t been paying enough attention. I recommend you do some google searches for two things in particular: “no-nock raids” and “military commissions act”. Both are current problems. No-knock raids are epidemic, and innocent people are being killed in them regularly — but the “ends justify means” approach of modern law enforcement mandates that sort of approach, in case someone might flush a few ounces of heroin down a toilet. The Military Commissions Act of 2006, meanwhile, gives the DOJ the opportunity to circumvent the power of the courts to issue a Writ of Habeas Corpus any time the DOJ so desires, and significantly expands the power of law enforcement and military personnel to employ torture as an interrogation technique.

      • #2510205

        On No-Knock Raids

        by dr_zinj ·

        In reply to Overcome . . . ?

        Quote
        The number of no-knock raids has increased from 3,000 in 1981 to more than 50,000 last year, according to Peter Kraska, a criminologist at Eastern Kentucky University in Richmond.
        Botched raids are relatively rare, but since the early 1980s, 40 bystanders have been killed, according to the Cato Institute, a libertarian think tank in Washington.
        Unquote

        People have a Constitutional right to defend their lives, liberty and property. A no-knock raid precludes the possibility of serving a warrant to search a place. Failure to produce a warrant and identify the officers means that the person who’s abode is being raided has full, legal, right to resist the invasion of his or her home, including the use of deadly force.
        Pray for the people if they are ever foolish enough to toss a flash-band grenade into my home and breakdown the door in the middle of the night; I’m a gun owner, former military, and an expert marksman. It’d be safer if they just blew up the house and sifted through the wreckage.

        • #2510149

          Wasn’t it the same thing at Wacko

          by hal 9000 ·

          In reply to On No-Knock Raids

          A No Knock Raid and then when the Feds got their A$$ whooped good they called in reinforcements and by that time both sides where driven into a position where neither could give in and allow [b]Common Sense[/b] to prevail?

          Col

      • #2510025

        re:Overcome…?

        by axg ·

        In reply to Overcome . . . ?

        umm I live in NZ and the gov’t here has not enacted laws as radical as the “anti-terrorist” laws now in place in the US or the UK or some EU countries.

        There have been some changes made so that we can keep on trading with or visiting the USA. The worst of our police forces may take advantage in time, I suppose.

        regards, Annette

        • #2509961

          re: no-knock raids and “anti-terrorist” laws

          by apotheon ·

          In reply to re:Overcome…?

          The increasingly frequent practice of no-knock raids is not actually much linked to the so-called “war on terror”. Instead, it’s an outgrowth of the equally ludicrous “war on drugs”.

    • #2510029

      Just one of the other problems is…

      by mr l ·

      In reply to Ethics of illegal hacking

      Aside from the obvious issue of using the results of an illegal act to try someone else, there is equally obvious issue of whether the evidence existed on the PC prior to the hack at all.

      It would have been/is trivial to plant the images/history/electronic trails allegedly left by the defendant…once the system was hacked. It can be reasonably argued that once the box is back-doored succesfully, nothing on it can be safely assumed to be the work or property of the owner of the system.

      This is not about how reprehensible this meat-sack may or may not be…it’s about the “ends justifying the means” mentaility that has us just a step away from “Wellllllll, if you aren’t doing anything wrong, Mr Smith, why can’t we a) come into your home without a warrant whether you are here or not and look around b) read your mail whenever we feel like it c) tap your phone d) tap your internet connect e) install these little cameras around the interior of your house? Pick one, pick ’em all, they are all mearly extensions of the logic that allows “evidence” like this into our courts.

      Cheers.

    • #2509988

      ARE YOU TALKING ABOUT AMERICAN POLICE HERE?

      by balthor ·

      In reply to Ethics of illegal hacking

      In America it has always been a crime for police to physically beat anyone to obtain a confession.A Trojan Horse is a computer virus.How does a Judge come upon a virus?Bad Judge or not really a Judge to begin with—

      • #2536887

        accidents in custody

        by axg ·

        In reply to ARE YOU TALKING ABOUT AMERICAN POLICE HERE?

        My comment about excusable beatings by the police is not directly about American police. I have only ever visited the US for short periods of time.

        In all the countries that I have lived in, it has also been a crime for police to physically beat anyone, but 30 (and more) years ago, if a suspect “fell down” or “strongly resisted arrest” sometimes the instances were not investigated with as much vigour or public visibility as they are now.

        From what I have seen from the American media, a similar blind eye used to be turned in the US.

        Regards

    • #2536860

      Which picture viewing programs can be “Trojan-ed?”

      by jimtheengineer ·

      In reply to Ethics of illegal hacking

      This is unrelated to the ethics question, but leaves me wondering about vulnerability. I’m not hiding porn, but I am wondering about pictures that are embedded in spam.

      Which picture viewing programs are vulnerable to something like a trojan horse embedded in the picture file? Microsoft Photo Editor? If a picture is embedded in an email, will opening the email trigger the hack? Will looking at the email preview do so? Which picture formats are vulnerable to such hacking?

      • #2536846

        I think you’re operating under a misconception.

        by apotheon ·

        In reply to Which picture viewing programs can be “Trojan-ed?”

        A “trojan horse” program is some program that looks innocuous and useful, and may actually be useful, but contains a malicious payload of some sort. Any type of program can contain such a thing, but it’s highly unlikely that something like MS Paint will actually be a trojan horse program (unless Microsoft is giving us trojan horse programs — I leave that conspiracy theory as an exercise for the reader).

        It’s more likely that a trojan that finds its way onto your computer is something you downloaded from the Internet and installed, thinking it looked cool. You might be surprised by how much “freeware” actually conceals a malicious payload, sometimes in the form of some kind of virus “infection” capability or otherwise nasty, automated activity.

        More often, a trojan horse program is something that provides either automated or “manual” remote access to your computer. For instance, it may allow some remote security cracker to log into your system without having to have any “official” access permissions, or it may allow an automated process to connect to your system to perform some kind of unwanted activity like copying files or providing a proxy for malicious activity directed at others.

        The most common form of trojan horse program is one that makes your computer part of a “zombie network”, which sends out spam to millions of hapless Internet users’ email inboxes and spam comments (the current bane of my existence) to thousands of weblogs.

        At a guess, the security cracker in question created some innocuous-looking software that was downloaded and installed. At that point, it probably “phoned home” like ET, letting the security cracker know where to log in to the affected system remotely, bypassing the usual security precautions. Once there, he would likely be able to browse the filesystem, looking at anything he liked and using whatever programs he found on the machine. In the process of doing something like searching for credit card numbers, he probably stumbled across the kiddie porn, and the rest, as they say, is history.

        • #2536548

          Picture files are incorruptible?

          by jimtheengineer ·

          In reply to I think you’re operating under a misconception.

          I knew nothing of Ronald C Kline or the case, so I googled and came up with this article:

          http://www.metnews.com/articles/2005/klei121405.htm

          That contained this paragraph:

          “Willman had attached a “Trojan Horse” virus to pornographic images of children on the Internet. The virus, which is downloaded onto an individual’s computer when that individual downloads an image to which the virus is attached, enabled Willman to open, alter, and download files on the infected computer.”

          …which led me to believe that one could alter a picture file (like ,jpg, .gif, etc.) by planting code inside the file such that viewing the file with Microsoft Photo Editor or something similar would take over the viewer program and cause it to download a trojan horse. I had never heard of that before and it left me wondering about which viewers could be so corrupted.

          I use Eudora for email and I have seen it “choke” on certain picture files attached to (usually spam) email messages (“Eudora has generated and error and will be shut down…”). I haven’t traced it further, but the offending picture files all seem to start with the bytes “GIF87a” or GIF89″ or something like that.

          Your post suggests that the article I read was not correct in suggesting that picture files could be so corrupted. Whew!

          Thank you for your reply.

        • #2536494

          not exactly

          by apotheon ·

          In reply to Picture files are incorruptible?

          An image file can be “infected” with malware. It can even conceivably be “infected” with a trojan horse in some way.

          It’s difficult to determine what you’re talking about when you ask questions about the matter, because you’re not using terms that relate clearly to the way various types of malware operate. Articles like the one cited are not very clear on the specifics of how the technology worked in this given case. It may be that the description given was technically accurate, even though it doesn’t really describe the matter in precise terms — you just have to interpret it in light of an understanding of how various types of malware work.

          By the way, the use of the term “virus” in that explanation is probably inaccurate. Trojans are very rarely distributed by the mechanism of a virus. It’s far more likely that the term “virus” was used just because most nontechnical readers would not understand the term “trojan horse” as applied to software as a form of malware without the word “virus” attached.

        • #2536426

          I’m not doing so well on asking this :o(

          by jimtheengineer ·

          In reply to not exactly

          You’re right – I’m probably misusing terms like “virus.”

          Let me try a different approach. There are certain programs – usually supplied with a PC, like MS Photo Editor, or freeware, like irfanview – that will read a picture file (like a .jpg) and try to display a screen image. Is there any way of creating a picture file such that the display program changes from displaying a picture to executing an evil program, either on the PC or on the web?

          Is any of the available display programs vulnerable to being forced into that kind of operation?

          Note that this assumes the existence of a picture file (.jpg, etc.) somewhere, but no other program unwittingly (or wittingly) downloaded and/or executed.

          I’m quite careful to avoid executing – or even downloading – programs that are unknown to me, but I have been assuming that just viewing a picture file was not hazardous.

          Soooo – can I get bitten if I “view” a picture file?

          Come to think of it, would my “antivirus” program automatically scan a “.jpg” file, and would it detect an “evil” picture file?

          Thanks again for your help with this.

        • #2536404

          don’t sweat it . . .

          by apotheon ·

          In reply to I’m not doing so well on asking this :o(

          . . . I probably came off more harshly than I intended. It happens from time to time. I don’t expect everyone to know everything — I just try to help others know what I know, and look for opportunity to learn from others as well. Hopefully this is helping at least a little.

          “[i]Is there any way of creating a picture file such that the display program changes from displaying a picture to executing an evil program, either on the PC or on the web?[/i]”
          Possibly — but it would most likely require either an extremely overblown image viewer/editor that includes some macro capability or other scripting capabilities, or something simpler that is far too closely integrated with the OS (I don’t think that’s even possible with any Microsoft-based image editors or viewers).

          It’s more likely that something that isn’t actually an image is “disguised” as one, possibly with a “.jpg.exe” filename extension so that double-clicking it will cause it to be executed directly rather than opened by an image viewer of some kind. This is especially effective on systems where one has “.exe” filename extensions hidden by default.

          “[i]Is any of the available display programs vulnerable to being forced into that kind of operation?[/i]”
          Possibly any of them. A browser (especially IE through version 6, or version 7 on XP at least — the jury’s still out on Vista) or Photoshop is more likely exploitable than something like MS Paint, simply by virtue of overall complexity and the effects of featuritis (such as automatic handling of different filetypes regardless of what filetype you think it is). Almost any type of software is exploitable in some way, at least in theory — you just have to take reasonable precautions, choose software wisely, check often (enough) for signs of being exploited, and hope for the best.

          “[i]I’m quite careful to avoid executing – or even downloading – programs that are unknown to me, but I have been assuming that just viewing a picture file was not hazardous.[/i]”
          It usually isn’t. There isn’t much in life that’s certain, though.

          “[i]Come to think of it, would my ‘antivirus’ program automatically scan a ‘.jpg’ file, and would it detect an ‘evil’ picture file?[/i]”
          That depends on a number of factors, such as the antivirus software you use, its realtime scanning capabilities, whether it does a scheduled scan of the filesystem where the file is stored before the file’s malicious payload is activated, how you actually acquired the file, and so on.

          “[i]Thanks again for your help with this.[/i]”
          Hopefully, I’m actually helpful.

        • #2536335

          Thank you!

          by jimtheengineer ·

          In reply to don’t sweat it . . .

          “Hopefully, I’m actually helpful.”

          You are. The original article led me to believe that just viewing a picture could cause harm. It looks like that was not correct and I need not worry (much).

          (Of course, as my eyesight starts suffering from old age – any day now – viewing ANY picture might cause ME harm! :o)

          Thanks!

      • #2927658

        been reading a bit on this…

        by mikemajor3 ·

        In reply to Which picture viewing programs can be “Trojan-ed?”

        steganography is the practice of embedding other files or small programs in pictures…there are several good programs in freeware. The pic usually looks like the original, except a bit wider or longer, and the color values don’t change. You can look at it with anything, and its just a picture…but if you run the proper extraction program, the info is there.
        Really interesting stuff…

    • #2535061

      Zionists specialise in this kind of thing

      by thirdworldpatriot ·

      In reply to Ethics of illegal hacking

      I was posting in a Forum in 2005 and handily proving that the Zionists always intended to seize the land of Palestine and ethnically cleanse the natives.

      Here’s some of what turned up in my “private messaging”:

      10:07 PM kellyrmc hi
      My grandma’s b-day is May 16th she’ll be 93 my uncle’s b-day is May 21st
      he’ll be 72 what are u doing for mother’s day Kelly

      10:07 PM kellyrmc hi
      My grandma’s b-day is May 16th she’ll be 93 my uncle’s b-day is May 21st
      he’ll be 72 what are u doing for mother’s day Kelly

      8:57 PM kellyrmc hi (Wednesday 20th April 2005)
      My cousin is getting engaged. my aunt is married for 50 years.my grandma is
      getting home health care. I went to a craft fair. also saw the Irish dancers
      at the library. Kelly

      8:31 PM kellyrmc hi (Friday 15th April 2005)
      my mom goes to a computer class on Wed Kelly

      Apr-14 kellyrmc Hello
      I’m going to the dr this month. Kelly

      Apr-13 kellyrmc Hello
      Dear Straighttalk, Did u hear that Britney Spears is pregnant? Also prince
      charles got married.My mom voted on the school taxes and a new mayor. I got a
      haircut my aunt took my grandma to the dr. Kelly

      Apr-13 kellyrmc Hello
      Dear Straighttalk, Did u hear that Britney Spears is pregnant? Also prince
      charles got married.My mom voted on the school taxes and a new mayor. I got a
      haircut my aunt took my grandma to the dr. Kelly

      (Needless to say, having failing to entrap me, the Zionists barred me from their Forum anyway!).

    • #2535060

      (Sorry, accidental duplicate!)

      by thirdworldpatriot ·

      In reply to Ethics of illegal hacking

      (Sorry, accidental duplicate!)

    • #2534842

      German Police seek to use malware to spy on suspects.

      by deepsand ·

      In reply to Ethics of illegal hacking

      PC World

      [b]Can Malware Be Used to Fight Crime?
      German police are contemplating using Trojan horses and other malware to spy on suspected criminals.[/b]

      Jeremy Kirk, IDG News Service
      Thursday, March 15, 2007 11:00 AM GMT-08:00

      What if the good guys started using the tools of the bad guys to catch the bad guys, but other good guys stopped them from doing that?

      German police officials have expressed interest in developing software tools to help them surveil computer users who may be involved in crime. The tools might include types of software similar to those used in online fraud and theft schemes, such as programs that record keystrokes, logins and passwords. Security companies, however, are asserting that they wouldn’t make exceptions to their software to accommodate, for example, Trojan horse programs planted by law enforcement on users’ computers.

      Magnus Kalkuhl, a virus analyst with Kaspersky Lab Ltd., said on Thursday at Cebit that Germany confirmed in January it plans to invest ?200,000 (US$264,000) in the idea and fund two programmers. The project has been informally dubbed the “Bundestrojaner,” which translates literally from German to English as “Federal Trojan.”

      Two recent court rulings in Germany, however, have thrown doubt on whether use of such technology — without knowledge of the targeted users — would comply with German law regarding searches, Kalkuhl said.

      Germany’s Chaos Computer Club said last month it opposes the government program and such online searches and monitoring violate a user’s fundamental rights.

      The issue may be moot if online criminals use antivirus or antimalware security software, which are designed to detect Trojan horses and viruses and scrub them from a machine.

      While it could be compelled to help law enforcement with changes in the law, Kaspersky wouldn’t modify its software to allow a clandestine police program to infect a computer. Such a change would be at odds with what its software is intended to do, Kalkuhl said.

      “The decision is based on what the program does, not who wrote it,” Kalkuhl said at Cebit.

      F-Secure Corp., a security company based in Helsinki, decided in 2001 that it also wouldn’t modify its software at the request of law enforcement, said Mikko Hypponen, chief research officer. For example, granting an exception for French police would open a door to requests from other countries, he said.

      “Where would you draw the line?” Hypponen said. “We are not going to draw the line at all.”

      • #2533935

        Interesting connotations

        by axg ·

        In reply to German Police seek to use malware to spy on suspects.

        In the real world folk have locks on their premises and there are laws of various types against trespass and peeping.

        Law enforcement agencies with sufficient evidence can gain approval of the court(i.e. a “warrant”) to enter locked premises and install surveillance equipment. In particular, police with a warrant can force a caretaker to unlock someone else?s premises.

        If some EU police departments are already thinking about trojans and viruses to monitor computers then are we at the stage when someone will test if a court can force an anti-virus s/w company to not block or report ?official? viruses?

        This will be a big international can of worms!

        • #2533920

          Worldwide consequences.

          by deepsand ·

          In reply to Interesting connotations

          Should such practices be implemented, there will be little to prevent, for example, the Germans from spying on [b]anyone, anywhere[/b] in the world, and sharing such information with others.

      • #2533923

        sounds about right

        by apotheon ·

        In reply to German Police seek to use malware to spy on suspects.

        If there’s just cause (which, I think, is a bit too abstract for the unfortunately stunted legal maturity of today’s Germany), computer surveillance should be treated the same way as any other form of surveillance — with warrantless surveillance being illegal.

        Meanwhile, there shouldn’t be any legal compulsion for computer security firms to just let someone through because they fit some kind of predetermined profile for law enforcement. Protection should be technically universal as much as possible.

        • #2533919

          “with warrantless surveillance being illegal”

          by deepsand ·

          In reply to sounds about right

          Well, we’ve already seen how much, or little, protection that presently affords our own citizens, not only under the present administration, but under previous ones as well.

        • #2533811

          of course

          by apotheon ·

          In reply to “with warrantless surveillance being illegal”

          I speak in theoretical terms. It should be obvious to the casual observer that, in practice, this would end up just being a farcical bit of playacting meant to veil widespread, unhindered governmental violation of rights.

        • #2526720

          Just as “announce & enter,” or “knock and enter,” has become …

          by deepsand ·

          In reply to of course

          “enter.”

          The seemingly endless stream of “good faith” exceptions that the courts hand out to law enforcement leaves little more than a tattered veil between “law and order” on the one hand and “order” on the other.

      • #2533902

        Allowing exceptions for Feds

        by jdclyde ·

        In reply to German Police seek to use malware to spy on suspects.

        If you allow a federal trojan, how long will it take for someone to emulate it?

        And because in many cases, fedral agencies have physical requirements that exclude some of the greatest minds out there, who will be better armed in the virtual world?

        Don’t have to be pretty or be able to run an obstical course to run a computer.

        • #2526718

          Enterprising law enforcement agencies could become information brokers.

          by deepsand ·

          In reply to Allowing exceptions for Feds

          If, for example, the German police are allowed to proceed as they desire, what is there to prevent them from gathering data on behalf of and at the request of other agencies, in any country, to whom such methods are denied?

        • #2526478

          Absolutely nothing

          by jdclyde ·

          In reply to Enterprising law enforcement agencies could become information brokers.

          Here, groups like the ACLU that demanded freedom of information, and then turn around and complain that too much information is available, are destroying our country.

          (and then blaming everyone else for the problem they created)

        • #2532149

          Need to distinguish between [i]private[/i] and [i]public[/i] information.

          by deepsand ·

          In reply to Absolutely nothing

          It is the latter that groups such as the ACLU seek, not the former.

          For a very recent example of government trying to withhold the latter from the public, see
          http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=215407

    • #2533899

      legal is determined by laws

      by jdclyde ·

      In reply to Ethics of illegal hacking

      So all they need to do is pass a law allowing this, and it is no longer illegal hacking.

      Until it is legal, it is illegal. Pretty simple, actually.

      • #2526717

        That’s a simple point that most overlook.

        by deepsand ·

        In reply to legal is determined by laws

        People are very fond of saying that something is “illegal,” without understanding that it is so [b]only[/b] because at some time and somewhere a statute was passed by someone that forbade a previously “legal” act.

        And, just as easily, that which is now “illegal” can become “legal.”

        • #2526475

          Right vs Wrong, legal vs illegal

          by jdclyde ·

          In reply to That’s a simple point that most overlook.

          It is RIGHT to allow someone medical marijuana, it is illegal in many places to allow the same thing.

          Having laws that [b]can not[/b] be respected undermines ALL laws.
          Having laws that [b]are not[/b] enforced undermines ALL laws.

          The police are more interested in patrolling the streets looking to give out speeding tickets, than patrolling our neighborhoods, keeping us safe.

          Tickets generate revenue and show up on a report that an officer DID something.

          Preventing crime doesn’t show up as doing something because there are less calls responded to. Crime goes down, they decide they have too many cops and cut back. Crime naturally goes back up, so they can justify their own existence again.

        • #2532148

          The public demands “safety,” but, …

          by deepsand ·

          In reply to Right vs Wrong, legal vs illegal

          is doesn’t really want to pay for it.

          Too many people talk about the need for better law enforcement, tougher punishments, etal., but, when the costs of such necessitate either an increase in taxes and/or a reduction in services which they perceive a personal benefit, they bitch like hell.

        • #2532085

          But part of the problem is the different

          by hal 9000 ·

          In reply to The public demands “safety,” but, …

          Government Agencies not being prepared to work together as well surely? Here in AU the US Government runs an installation called Pine Gap where every bit of Telephony is intercepted logged and looked at, The AU Government runs a similar place in WA called The Australian Defence Forces Directorate that does the same thing. The US Federal Government has at least 1 installation within the US which does exactly the same thing as well as in any country where they have a major Base of operations. This is done for [b]Security Reasons.[/b]

          So what is so wrong with this Organisation sharing the information that they collect with the local Authorities when it comes to criminal activity? Granted like most Government Run Organisations they guard their Department and want to receive more money to run it and depending on the number of staff employed they consider themselves either More or Less Powerful that other Government Agencies and this Bureaucracy is hard to break down but why is Common Sense prevented from allowing Criminal Activity occurring while the Proper Authorities already know that it is happening?

          Personally as this exists why not use it to stop all crime and not just use it for part of what it is capable of intercepting? The current use is attempting to prevent Arabs for receiving Flying Lessons in Commercial Aircraft and to look at hits on Bio Weapons Sits but why not widen the search parameters out to include all the currently illegal activities and put an end to the problems in 1 swoop?

          Of course something like this will never happen because it makes Sense and that is one thing that Government Agencies have never been accused of having any of.

          Col

        • #2532078

          Can and does happen here, but is illegal without a warrant.

          by deepsand ·

          In reply to But part of the problem is the different

          Our U.S. Constitution, as well as those of many States, requires that such searches be done only upon the issuance of a warrant.

          In the case at hand, the information that the referenced organization passed on to local law enforcement was [i]illegally[/i] obtained by a non-citizen operating from outside the U.S.

        • #2927649

          think a “legal” virus or trojan is kind of an oxymoron…

          by mikemajor3 ·

          In reply to Can and does happen here, but is illegal without a warrant.

          but the growing numbers of successful prosecutions with data obtained from keyloggers, trojans, and even state-installed monitoring software for folks on probation, argues against my opinion.
          True, legal is defined by the paperwork…but what KINDS of info is permissible as evidence, needs to be pretty closely defined.
          Had one case in point here locally…guy had his puter monitored for suspected embezzling by a security company, at the request of the employer. He came up clean for that, but monitoring revealed he was having an affair with someone of the same sex. The company laid him off, with flimsy legality, and his wife filed for divorce.
          He sued both the company and the security folks; his former boss got fired, the security company got fined big, and he walked away with some serious cash. The beef he filed for was not the monitoring, but improper handling of the results – whether he was having an affair, or not, was outside the limits of what the tapping was supposed to be for, and should not have been placed in company records.
          Interesting twist.

      • #2793737

        Actually,

        by the maverick phantom wanderer (formerly macoza, nodice, kp, etc.) ·

        In reply to legal is determined by laws

        “Until it is legal, it is illegal.”

        it would be the other way around. The other points are correct though.

        Nodice

    • #2930618

      horse bolted?

      by jcdshs ·

      In reply to Ethics of illegal hacking

      This whole question of legal vs illegal “evidence” in court is a total nightmare, as evidenced by the continual debate about it. However, could the problem in terms of computer hacking not have been lessened if not even avoided, if a certain software company had sold us the house with all the doors and windows firmly shut and locked? Rather than leaving nearly everything wide open and expecting the poor old home user to learn which doors there are, which to shut and how to do it?

    • #2793697

      Any evidence that can be gathered by hacking,

      by tonythetiger ·

      In reply to Ethics of illegal hacking

      can be planted by hacking. I don’t know how ANY of it can be accepted by a court.

      Ethics…. Bah! It’s merely “what you can get away with”. 🙁

      Give me morals any day.

Viewing 13 reply threads