• Revista PROGRAMAR: Já está disponível a edição #53 da revista programar. Faz já o download aqui!

djthyrax

German Police Creating Law Enforcement Trojan

3 mensagens neste tópico

After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…

Of course they define who the bad guys are, and according to law 202© it could be us..

This is very definitely questionable when it comes to ethics, it’s almost as bad as backdooring highly secure encrption alogrithsm just so the government has a universal key..so yes you say what happens when the bad guys get the key? Same things happen when the bad guys take over this ‘remote forensic software’ network..

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop “remote forensic software” - in other words, a law enforcement Trojan.

Leaked documents outline proposals by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions. A second leaked document from the Bavarian Ministry of Justice outlines costing and licensing proposals for the software. Both scanned documents (in German, natch) have found their way onto the net after being submitted to Wikileaks.

They are even looking at jacking Skype so they can monitor net based VoIP calls..and intercepting SSL communications, although that shouldn’t be too tricky.

Either way they are both very dodgy.

Proposals to give explicit permission for law enforcement officials to plant malware stem from a Federal Court ruling last year declaring clandestine searches of suspects’ computers to be inadmissible as evidence, pending a law regulating the practice. Germany’s Federal Court of Justice said the practice was not covered by existing surveillance legislation.

Joerg Ziercke, president of Germany’s Federal Police Office (BKA), expressed frustration about their inability to decipher the encryption used by Skype in order to tap into the VoIP calls of suspected terrorists. Digitask, if the leaked documents are to be believed, has stepped into the breach.

Ok so normal people can’t make security tools to test their networks….but the government can create malware to monitor private communications?

Yah that really makes sense.

Once again - this is ridiculous!

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" - in other words, a law enforcement Trojan.

Leaked documents outline proposals by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions. A second leaked document from the Bavarian Ministry of Justice outlines costing and licensing proposals for the software. Both scanned documents (in German, natch) have found their way onto the net after being submitted to Wikileaks.

As previously reported, the German government is looking to recruit coders to develop "white hat" malware capable of covertly hacking into the PCs of suspects in investigations of terrorism or other serious crimes.

Proposals to give explicit permission for law enforcement officials to plant malware stem from a Federal Court ruling last year declaring clandestine searches of suspects' computers to be inadmissible as evidence, pending a law regulating the practice. Germany's Federal Court of Justice said the practice was not covered by existing surveillance legislation.

Joerg Ziercke, president of Germany's Federal Police Office (BKA), expressed frustration about their inability to decipher the encryption used by Skype in order to tap into the VoIP calls of suspected terrorists. Digitask, if the leaked documents are to be believed, has stepped into the breach.

Skype is widely used by consumers to make VoIP calls. The firm has commissioned security experts to audit the encryption and security of its software.

However, other experts have contested the security of Skype's software. Skype uses widely trusted encryption techniques, such as Advanced Encryption Standard, to encrypt conversations and RSA for key negotiation. But unlike Zfone, its source code has not been publicly released.

In a presentation (pdf) at Black Hat Europe 2006 Philippe Biondi and Fabrice Desclaux argued that without access to the source code we can't be sure if Skype is secure. The researchers also expressed concerns that Skype has the keys to decrypt calls or sessions, a claim the firm itself denies.

Often law enforcement agencies are just as interested in who someone is talking to and for how long. Skype offers confidentiality, but not anonymity.

In 2006 a fugitive chief exec was tracked down to Sri Lanka after a Skype call. Quite how he was tracked down remains unclear, beyond the availability of papers on tracking anonymous peer-to-peer VoIP traffic.

El Reg has been seeking to speak to someone from Skype about security and VoIP systems for over a week since news of flaws involving the interaction between Skype and video-sharing sites such as DailyMotion broke in mid-January. Skype blocked this particular exploit as a workaround pending the arrival of a more complete fix.

Petko Petkov, a UK-based penetration tester and one of those most vocal about warning of the poison movie peril also expressed concerns about Skype's security architecture more generally. He suggested that unencrypted data within Skype's ads created a means for hackers to taint ad traffic with malware by using packet injection tools such as Airpwn in environments such as public wireless hotspots.

Skype has since declined to set up an interview about VoIP security, saying no one was available. It offered to respond to email questions but is yet to respond to a question on Petkov's concerns either.

Even alerting it that we were planning to write about the wikileaks story on Monday failed to elicit a response from the ostrich-like eBay subsidiary. ®

Fonte: PTsec

Uma palhaçada...

EDIT: Aqui fica o documento que foi parar à Internet: http://wikileaks.org/wiki/Skype_and_SSL_Interception_letters_-_Bavaria_-_Digitask

0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

Isto é o que é tornado publico... Então e o que cpntinua nos "segredos dos deuses"  :confused:

Cumps

0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

Isto é o que é tornado publico... Então e o que cpntinua nos "segredos dos deuses"  :confused:

x2. Isto é uma palhaçada completa... Primeiro, proíbem ferramentas como o nmap, e agora passa a ser legal o governo usar malware... Onde é que isto vai parar...
0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

Crie uma conta ou ligue-se para comentar

Só membros podem comentar

Criar nova conta

Registe para ter uma conta na nossa comunidade. É fácil!


Registar nova conta

Entra

Já tem conta? Inicie sessão aqui.


Entrar Agora