Linked by Thom Holwerda on Wed 4th Apr 2012 13:53 UTC
Legal "Cyber attacks on IT systems would become a criminal offence punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee on Tuesday. Possessing or distributing hacking software and tools would also be an offence, and companies would be liable for cyber attacks committed for their benefit." Wait, what?
Order by: Score:
Oh my...
by weland on Wed 4th Apr 2012 14:04 UTC
weland
Member since:
2012-02-19

Oh my, I´d better remove Wireshark from my computer, they´ll never believe I´m only using it to sniff USB packets.

Civil Liberties Committee my ass.

Reply Score: 8

RE: Oh my...
by kokara4a on Wed 4th Apr 2012 14:23 UTC in reply to "Oh my..."
kokara4a Member since:
2005-09-16

Civil Liberties Committee my ass.


It's called doublespeak.

Reply Score: 6

RE: Oh my...
by KrustyVader on Wed 4th Apr 2012 16:15 UTC in reply to "Oh my..."
KrustyVader Member since:
2006-10-28

Don't forget Tcpdump.

Reply Score: 3

RE[2]: Oh my...
by Lennie on Thu 5th Apr 2012 20:57 UTC in reply to "RE: Oh my..."
Lennie Member since:
2007-09-22

So what is a hacking tool ? nmap ? fping ? nc/telnet ? a compiler and API-documentation ? Any scripting language like Perl ?

"Hacking" really is just about sending the right series of bytes to a distination or maybe even a broadcast.

The recent Windows Remote Desktop vulnerability (MS12-020) is a perfect example and the instructions how to test for the vulnerability are:

nc SERVER 3389 < termdd_1.dat

It really is that simple.

Reply Score: 3

RE: Oh my...
by sagum on Wed 4th Apr 2012 18:23 UTC in reply to "Oh my..."
sagum Member since:
2006-01-23

Oh my, I´d better remove Wireshark from my computer, they´ll never believe I´m only using it to sniff USB packets.

Civil Liberties Committee my ass.



Not only that, but I'm pretty sure we all have hacking tools built into Windows.

Using a simple batch script, its possible to "ping" a range of IP, then use "net view". That can can be used to see shares even over the internet, sometimes entire drives being shared with read/write permissions. Thus giving 100% access to the remote PC using basic Windows 'hacking tools'.

Not only that, but there are even more dangerous tools such as Windows Live Messenger that can be used to talk to said victim and ask for details of their password/security setup! :O That in itself maybe one of the worst hacking tools ever invented as it allows 100% social engineering capabilities.


AND lets not for get using email as well! Last week I got a email from a friend who got it forwarded on from her mum's dad's brothers, best friend's uncle who works at MI5 in NASA who personally knows the guy who put the virus on everyones computer, it was totally by accident, but the email said to check for System32 in the Windows folder. If you have it, you got the virus so to delete it. I think I was too late because all the virus I deleted from the 4 computers here stopped working! I'm so glad the EU is going to ban email, its soo bad.

Reply Score: 7

RE[2]: Oh my...
by Doc Pain on Wed 4th Apr 2012 21:34 UTC in reply to "RE: Oh my..."
Doc Pain Member since:
2006-10-08

Not only that, but I'm pretty sure we all have hacking tools built into Windows.


Also consider that an important means of "distributed hacking" are botnets, typically consisting of hijacked "Windows" PCs that are carrying out the orders of the attacker who can hide in the background. Those PCs are hacking tools (given the broad idea of the definition of what "hacking" and maybe "cracking" is supposed to be interpreted). So everyone having a PC at home is in possession of a hacking tool which should be taken away.

Hell, meanwhile even (networked) printers can be used for hacking networks!

Furthermore, add corporate PC fleets to the mix. They're also a welcome means for performing DDoS attacks and sending spam, for committing industry espionage and data sabotage. As those also are hacking tools, they have to be removed from the offices.

Finally, everyone found guiltiy in having a hacking tool should pay. After all, getting the penalty fees is where the whole thing pays.

Do I see that correctly, or should I continue facing the telescreen telling me that WAR IS PEACE, FREEDOM IS SLAVERY, and IGNORANCE IS STRENGTH? :-)

Reply Score: 3

RE: Oh my...
by bitwelder on Thu 5th Apr 2012 07:57 UTC in reply to "Oh my..."
bitwelder Member since:
2010-04-27

Who the heck is this "Civil Liberties Committee"?

A new agreement on the transfer of EU air passengers' personal data to the US Department of Homeland Security was approved by the Civil Liberties Committee of the European Parliament on 27 March.

(from http://www.neurope.eu/article/civil-liberties-committee-narrowly-pa... )

It does not seem to me too much of a protection of EU citizens civil liberties, although their name doesn't promise anything in that direction ;-)

Reply Score: 2

If this is not an april fool...
by _QJ_ on Wed 4th Apr 2012 14:26 UTC
_QJ_
Member since:
2009-03-12

1. I can throw my security auditing tools.

2. Go raise goats.

Reply Score: 2

RE: If this is not an april fool...
by _QJ_ on Wed 4th Apr 2012 14:34 UTC in reply to "If this is not an april fool..."
_QJ_ Member since:
2009-03-12

More seriously, the French version is a little bit more accurate, to my point of view, by speaking about "tools to make cyber robbery"

... If I understand French correctly... O:-)

Reply Score: 1

Neolander Member since:
2010-03-08

The French version makes extensive use of the word "piratage", which is historically mostly about breaking into someone else's systems, DDoSing, privilege escalation, and other forms of cyber-attacks.

However, as soon as digitally clueless politics get involved, vocabulary always gets badly hurt. As such, the term has also recently also been used for unrelated illegal activities like cracking software or making illegal copies of copyrighted content.

Thankfully, we still use a different word in French for stuff involving cool ships and black flags, which is "piraterie". However, it's maybe only a matter of time...

Anyway !

In the former meaning, this "hacking tools" expression could target stuff like password recovery tools, which are exclusively used to break computer security for legitimate or illegitimate purpose. In the latter meaning, it is worse, basically the computer equivalent of a generalized ban on carrying knifes around in public places because you can hurt people with them (I believe they have something like that in the UK).

Edited 2012-04-05 07:07 UTC

Reply Score: 2

Lennie Member since:
2007-09-22

So "rooting" your phone is gonna be illegal in the EU ?

Reply Score: 2

Neolander Member since:
2010-03-08

I guess it depends on two things :
1/Is your copy of your phone's OS considered to be yours by EU law* ?
2/Can a rooting tool be used to root someone else's phone without consent ?


* Or, to say it otherwise, are EULA clauses in the spirit of "all rights which are not explicitly stated in this licence agreement are reserved by EvilCompany inc." legally binding ?

Edited 2012-04-06 04:37 UTC

Reply Score: 1

Soulbender Member since:
2005-08-18

I could rob you with a screwdriver.
This is an outrage! Those damn hardware stores must pay up!

Reply Score: 2

RE: If this is not an april fool...
by _QJ_ on Thu 5th Apr 2012 14:52 UTC in reply to "If this is not an april fool..."
_QJ_ Member since:
2009-03-12

I see the point:

Well trained goats are soooo dangerous !!

Reply Score: 1

But⦠research!
by Beta on Wed 4th Apr 2012 15:19 UTC
Beta
Member since:
2005-07-06

Guess I’ll just have to add ‘Pen. Testing’ to my job description and they’ll leave my need for wireshark and other tools alone?

Reply Score: 3

It would almost be worth it
by ToddB on Wed 4th Apr 2012 15:30 UTC
ToddB
Member since:
2012-01-25

If MPAA/RIAA were busted hacking into peoples computers and actually prosecuted and put in prison..
They are pretty bad about DDOS of computers they suspect of having copyrighted materials, and breaking into computers to get proof.. *sigh* I guess accountability and the law doesn't apply to everyone, we have the best governments money can buy..

Reply Score: 3

Comment by kaiwai
by kaiwai on Wed 4th Apr 2012 15:37 UTC
kaiwai
Member since:
2005-07-06

Question: How is a 'hacking tool' defined? it seems very much that one mans hacking tool is another mans tool used to test the security of their network.

Reply Score: 8

RE: Comment by kaiwai
by Alfman on Wed 4th Apr 2012 16:17 UTC in reply to "Comment by kaiwai"
Alfman Member since:
2011-01-28

"Question: How is a 'hacking tool' defined? it seems very much that one mans hacking tool is another mans tool used to test the security of their network."


Good question, tools can be used for many purposes, legitimate and nefarious. What troubles me is that if taken seriously, a law like this criminalizes honest people who are educating themselves while doing absolutely nothing to stop the real criminals.

Most likely the law won't be enforced very often, but it's disturbing to have laws on the books that innocent people will break so easily. It enables authorities to use it as a catch-all law to snag people who aren't doing anything wrong, but the authorities want to convict anyways. The real hackers are ALREADY breaking laws for real hacking offenses.

Reply Score: 4

RE[2]: Comment by kaiwai
by Moredhas on Wed 4th Apr 2012 20:42 UTC in reply to "RE: Comment by kaiwai"
Moredhas Member since:
2008-04-10

Depending on how broadly you define "hacking tool", I could be arrested for doing my job. I repair computers these days, and some of my tools are for data recovery, password retrieval or resetting, and malware removal. Pretty much 80% of the software tools I use get shot down by functioning antivirus software, not because they're infected, but because of the nature of the way they work to serve their purpose.

One particular tool I use is that NT password reset boot disc that I'm sure any good computer tech has, I'm sure that would be classed as a "hacking tool". For similar situations, I also use Konboot, which bypasses the password once without a trace of it having been done. That's certainly a "hacking tool" provided physical access to the machine.

Reply Score: 4

RE[2]: Comment by kaiwai
by Soulbender on Thu 5th Apr 2012 13:32 UTC in reply to "RE: Comment by kaiwai"
Soulbender Member since:
2005-08-18

It enables authorities to use it as a catch-all law to snag people who aren't doing anything wrong, but the authorities want to convict anyways.


I think you found the very reason for this law draft to exist.

Reply Score: 3

Hell!
by eantoranz on Wed 4th Apr 2012 15:44 UTC
eantoranz
Member since:
2005-12-18

Hacking tool? What's more of a hacking tool than a computer?

So, we can't use telnet anymore? GNU/Linux? Firefox/Chrome? You-name-it?

What a lousy attempt to stop hackers.

Reply Score: 5

PING!
by randy7376 on Wed 4th Apr 2012 15:50 UTC
randy7376
Member since:
2005-08-08

ping is a hacking tool!

Reply Score: 7

Visual Studio finally outlawed?
by dorin.lazar on Wed 4th Apr 2012 16:02 UTC
dorin.lazar
Member since:
2006-12-15

Does this mean that Visual Studio, GCC and any tool that can be used to write malicious code will be outlawed too? Hooray for the brave European Union!!!

Reply Score: 4

BushLin
Member since:
2011-01-26

Taken at face value, possession of a Windows password reset disk or the Sysinternals Suite (now owned by Microsoft) could potentially result in a criminal record.

I'm sure many IT professionals have tools such as this to recover forgetful users or to remotely run commands in order to fix problems... I'm also sure most of those folk have only used these with good reason and never to attack systems they have no business touching.

You'd hope the so called "Civil Liberties Committee" had enough expertise to differentiate between legitimate use and attacks but then again, this is the EU so who knows the origins/agenda of this draft?

Reply Score: 2

seanc7 Member since:
2012-03-26

I was going to mention that too. Not a good idea. Vague and generic laws are the police states favourite weapon.

Reply Score: 2

Gone fishing Member since:
2006-02-22

Taken at face value, possession of a Windows password reset disk or the Sysinternals Suite (now owned by Microsoft) could potentially result in a criminal record.


Taken at face value possession of Windows could could be criminal after all it comes with ping, tracert, pathping and nslookup all network hacking tools.

I suppose possession of a Unix box (OSX?) will mean they throw the key away.

Reply Score: 3

Ion Cannon to be retired
by MasterSplinter on Wed 4th Apr 2012 17:11 UTC
MasterSplinter
Member since:
2012-01-05

I guess all the little kiddies will have to go outside and play now... The game of "Anonymous H4x0r" is over.

I wonder if the Ion Cannon doubles as a Slushy machine...

Reply Score: 2

I'm ashamed
by Straho on Wed 4th Apr 2012 17:40 UTC
Straho
Member since:
2011-09-30

I always have a knife for cutting some things, even my fingers, when I was 4 years old. Still have a few knives, and thanks god 10 fingers, everyday I cut meat, bread, fruits etc. Four years ago, three gypsies attack me with a knife and get my money, documents and phone.
To criminalise possession of knives is more sane than what I just read.

I'm realy ashamed by this idiots with power.

Reply Score: 1

Definition
by jburnett on Wed 4th Apr 2012 17:45 UTC
jburnett
Member since:
2012-03-29

I really hope they put together a list of "illegal" hacking tools and keep it up to date. That way I will know which ones to get and study. Funny, I didn't think I would be able to say it was great to live in the USA on a computer tech issue...

Reply Score: 2

Buh-bye Google
by BallmerKnowsBest on Wed 4th Apr 2012 17:55 UTC
BallmerKnowsBest
Member since:
2008-06-02

One of the most widely used "hacking" tools is Google search (easiest way to find sites with common, easy-to-exploit vulnerabilities). So clearly this is part of a secret conspiracy led by Apple, with the goal of getting Google search outlawed... hey, it's no more stupid than the claims that "Microsoft is secretly funding Psystar to undermine GPL" or that "Jail-breaking will crash cell towers".

Seriously though, I'd love to know the origin of this legislation. Did the EU government take a look at SOPA and say to themselves "You call that a stupid and overreaching piece of legislation? Pffft, we can top that!"

Edited 2012-04-04 18:02 UTC

Reply Score: 3

Astoundingly short-sighted
by zeroth on Wed 4th Apr 2012 18:38 UTC
zeroth
Member since:
2012-04-04

Dear world: making things outright illegal doesn't make them go away, it just means that they will ONLY be used for Bad Things[tm] and never Good Things[tm].

You know there'd be no car wrecks if we outlawed vehicles. Good luck to people who nee ambulances, though.

Reply Score: 3

I'd like to know what an ARM is exactly.
by jefro on Wed 4th Apr 2012 19:40 UTC
jefro
Member since:
2007-04-13

Darn wrong post.

Edited 2012-04-04 19:49 UTC

Reply Score: 2

Same as other crimes.
by jefro on Wed 4th Apr 2012 19:49 UTC
jefro
Member since:
2007-04-13

I had my identity stolen and credit used and almost ruined. It took me two years to recover and countless hours and time spent on it. This crime seems to be harmless to juries but I'd give them 5 years for every person they hacked into. We just need to step up protection for the common person. It is time crooks get what they deserve. Yes, companies that allow these crooks to continue ought to pay also. I want my 2 years back. I want my $5000 back.





Possession of almost any tool used in a common crime is an offense.

Examples.
A spotlight in truck during hunting season.
Certain fishing nets in the boat.
Lock picking tools.
Metal bent to allow access to cars.
Metal bent to use as a way to open doors.

What? Like selling guns to crooks isn't a crime also?

Maybe they ought to put signs on banks. Sign ought to read, "Please remove ski mask and unload shotgun before entering!"

Reply Score: 2

RE: Same as other crimes.
by Neolander on Thu 5th Apr 2012 07:15 UTC in reply to "Same as other crimes. "
Neolander Member since:
2010-03-08

IMHO, this only proves, one more time, that the way we currently use credit and debit cards online is fundamentally flawed. Which is precisely why I don't own one of those.

So, you want to buy something. You put it in your virtual basket, log in, go to the billing page, then provide the website with all the information that is necessary to withdraw any amount of money from your bank account, at any time... wait, what ?

It is even worse when you realize that all those numbers are written on a single small physical object that may very easily be stolen.

All forms of online banking should work like paypal :
-At billing step, get redirected to your bank's website.
-Check that you actually are on your bank's website.
-Check the amount of money that is being withdrawn.
-Give your bank a one-time authorization to send exactly that amount of money to the target website, using login information that remains only shared between you and your bank.
-Go back to your online shopping.

I believe Thom once said that they have something like that in the Netherlands.

Edited 2012-04-05 07:20 UTC

Reply Score: 3

RE[2]: Same as other crimes.
by r_a_trip on Thu 5th Apr 2012 14:08 UTC in reply to "RE: Same as other crimes. "
r_a_trip Member since:
2005-07-06

I believe Thom once said that they have something like that in the Netherlands.

Yep, The Netherlands have that system. It's called iDeal. The website puts in the payment request via a trusted broker to the bank, the bank asks the user for their secure credentials and then the payment is made.

Reply Score: 3

RE[2]: Same as other crimes.
by WereCatf on Fri 6th Apr 2012 06:14 UTC in reply to "RE: Same as other crimes. "
WereCatf Member since:
2006-02-15

IMHO, this only proves, one more time, that the way we currently use credit and debit cards online is fundamentally flawed. Which is precisely why I don't own one of those.

So, you want to buy something. You put it in your virtual basket, log in, go to the billing page, then provide the website with all the information that is necessary to withdraw any amount of money from your bank account, at any time... wait, what ?


That's why you should use PayPal or similar services, with a strong password; the vendor never gets actual credit card details and cannot charge your account without you having to authorize it first.

I personally use PayPal exclusively these days, it is such a simple yet effective method of keeping your card details safe(r).

Reply Score: 3

d'oh
by marcp on Wed 4th Apr 2012 20:58 UTC
marcp
Member since:
2007-11-23

Criminal penalty for hacking? and what about TRACKING? Big corps can track you, but you can't hack them? they can invade your privacy, but you can't fight back?

And what about pentesters?

Reply Score: 2

What a Joke
by Lorin on Thu 5th Apr 2012 03:51 UTC
Lorin
Member since:
2010-04-06

A real hacker will just build their own tools just like a murderer will buy a gun under the radar, worthless laws only effective against the honest people.

Reply Score: 2

From the article
by dvhh on Thu 5th Apr 2012 09:59 UTC
dvhh
Member since:
2006-03-20

Using another person's electronic identity (e.g. by "spoofing" their IP address),


They are specifying that an IP address is like a person, which was debatable in recent P2P trial. This is preposterous.

Also,


No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world

Wrong analogy, computer and software company should be held liable for faulty product.

Too bad, it's already voted.

Reply Score: 2

Comment by phreck
by phreck on Thu 5th Apr 2012 13:03 UTC
phreck
Member since:
2009-08-13

Isn't every operating system and every turing complete device a hacking tool?

Does this is only cover software? Because, when I hack, I use my computer...

Reply Score: 2

The usual idiotic stuff
by Soulbender on Thu 5th Apr 2012 13:22 UTC
Soulbender
Member since:
2005-08-18

What morons comes up with this shit? Seriosuly, are they even able to put on their trousers in the morning?
From the article:

"No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world"


True but unfortunately not a single item in the proposal seem to be remotely related to this example.
If there was it would be about making software makers responsible for failures in their products but we all know how likely that is to happen.

Using another person's electronic identity (e.g. by "spoofing" their IP address), to commit an attack


Wow, welcome to 1995. IP spoofing hasn't been a big threat for a long while now since most ISP's implement proper ingress and egress filters these days. Sure, there's a remote chance that you could do it but it's pretty slim. Not to mention that you'd also have to hijack a large part of the worlds BGP for it to be useful outside of your own ISP.

which find a computer password by which an information system can be accessed, would constitute criminal offences.


So pretty much any tool used to verify the security of your users passwords are now illegal. Brilliant.

I'm sure it's all well-intented but for fscks sake, consult with someone with a clue and who doesn't have a vested interest in this kind of stupid things.

Reply Score: 3

sites don't hack themselves
by bnolsen on Thu 5th Apr 2012 21:55 UTC
bnolsen
Member since:
2006-01-06

You all should realize these websites don't hack themselves. It's the tools that do it! Having these tools makes you an immediate accessory to any hacking crimes. Just deal with it.

Reply Score: 1

RE: sites don't hack themselves
by Alfman on Fri 6th Apr 2012 07:05 UTC in reply to "sites don't hack themselves"
Alfman Member since:
2011-01-28

bnolsen,

"You all should realize these websites don't hack themselves. It's the tools that do it! Having these tools makes you an immediate accessory to any hacking crimes. Just deal with it."

How exactly is someone an "immediate accessory" to hacking crimes for merely possessing network tools? That's like saying I'm an "immediate accessory" to a robbery because I own a crowbar, which is one of the tools the robber used to gain entry.

The tools are not inherently good or bad, it's what one does with them.

Edited 2012-04-06 07:05 UTC

Reply Score: 3