OWNING "hacker tools" illegal in Germany as of TODAY (jail & fines for everyone)

[gjehle]

German government just passed a law today that makes OWNING any such "hacker tool" which aim is to "commit a crime" illegal.
I just can't take it anymore.

Read up here to get a feeling how "being German" is getting worse and worse by the minute:

[...]
If you own any hacker tool which "aim is to commit a crime"...

    * nmap
    * metasploit
    * any penetration testing tool in general
    * port scanners
    * network analyzers? (hopefully not those too)

... you're signing up for one year in jail or a hefty fine.
That reads OWNING, not using, it's just OWNING.
[...]

Long version here:
http://nrrd.de/dasbuch/hadez/now_theyve_done_it_just_owning_hacker_tools_illegal_germany

Please speard the word and DIGG IT http://digg.com/poli...rmany_jail_time_fine
It's no fun anymore. We're getting screwed big time.

[jgpaiva]

Now that's stupid.
And who's to tell what's a "hacker tool" or not?

network analyzers? (hopefully not those too)

Right... I've used a few of those tools when learning about internet and networkds, does that make me a hacker? How about my school, which has a bunch of those lying around?

That makes absolutelly no sense... Good thing i don't live in germany

[Lashiec]

Does this crap mean you can't use Wireshark anymore? It really sucks. I'm sorry for all of you there, and I sincerely hope this gets resolved.

[f0dder]

nmap's aim is to commit a crime? christ >_< - what about "netcat", then? Eeeeevil program, since it can be used for evil. And I guess networks sniffers are evil as well, regardless that they can be very useful when debugging [your own] network communications.

What about OllyDebug and DataRescue's IDA?

[gjehle]

It means we're fucked.

The government propaganda tells us it wont harm the IT sector at all, since this law will only be used on "the bad guys" (fuzzy FUD definition as always).
So it's an opt-out law, my most loved system of suppression.
Make everything illegal and let the courts decide who's bad and who's not.

[JoTo]

For sure in a short future knifes with which you slice your bread will be illegal here in germany too. Because you can kill s.o. with it. 

And what about a WiFi tool like "Stomper"? Its illegal too then. And i use it to measure my WiFi topologie in my house to see where the signal is strong and where i have to change sth.

ARRRG! I always suggested that our "wheelchair idiot" Schäuble (its our minister for inner cases and security) is getting totally crazy, but now i KNOW it. And i always thought too that the usa is still going in front of us when it comes to idiotic laws, but now i know we have them overtaken today.

Old men, no knowlegde about anything, but making laws. What a bad, bad world.

Angry greetings
JoTo

[gjehle]

yes joto! exactly
SS-chaeuble has to go. actually he should have already been gone for 2 years now.
police state countdown: 2 minutes to 12. (that's my optimistic guess)

[nudone]

i'm in the UK so i really don't know what is happening over there but perhaps you are overreacting at the moment...

as you've mentioned that the law targets tools that are designed to "commit a crime" then it sounds like they need to be more specific - how many tools are designed solely to commit a crime?

and if this applies to the individual then does that not also mean that they will need to prove that your intention was to "commit a crime". simply possessing a particular tool doesn't automatically mean you are going to do something criminal with it.

if it litterally means you'll be done for merely 'owning' something then i see many software programs quickly changing their names - or changing there names every month.

just trying to calm the waters - it might not be as bad as it sounds.

[JoTo]

Dear Nudone,

i wish i had your confidence in politcians and juges. When i look back mostly everything turned out more bad than expected. So better nip things in the bud.

And (please take no offense here, i dont mean your arguments itself, i'm only talking of the tenor in your post) your post sounds for me the same the politicans blah-blah sounds. Of course we'll only punish bad guys. Nobody wants to build a wall through germany (Ulbricht 1961), and it wont come up so bad and its all for terrorism-fighting and to keep our safety and the earth is a disk!

And i see it in a bigger context. Everything taken for its own is not so important and we can calm down. But when i look in the past what happened all there in little pieces, you have to assemble the puzzle and then we'll see the whole picture. And we lost so much "freedom" here in the last two year we haven't in the 50 years before together. And there are too much people that don't care about this trend and say "i have nothing to hide". And so they follow like sheep. 

Thats why i get so angry about it. Not exactly for this one decision...for all the changes in the near past.

If you are right, i will be happy, but your servant will believe it, when your servant will SEE it.

Sorry that i'm so pessimistic, but life is a good teacher!

CU
JoTo

[f0dder]

as you've mentioned that the law targets tools that are designed to "commit a crime" then it sounds like they need to be more specific - how many tools are designed solely to commit a crime?

-nudone

It's up to the same retards who passed the law to judge whether something was "designed to commit a crime" - there's reason to be reacting.

and if this applies to the individual then does that not also mean that they will need to prove that your intention was to "commit a crime". simply possessing a particular tool doesn't automatically mean you are going to do something criminal with it.

-nudone

Obviously you need to do something to get enough attention for law enforcement to get a search warrant and look through your computers. Doesn't make the law any less retarded, though.

if it litterally means you'll be done for merely 'owning' something then i see many software programs quickly changing their names - or changing there names every month.

-nudone

And then there's things like OllyDebug, IDA, (...) that have nothing to do with hacking (since reverse engineering != hacking), but because people in the legal system are such computer-illiterate idiots, they'd be classified that way. I don't live in .de or .uk and I'm not really doing anything to draw legal attention to myself, but I don't like how things are developing...

"Run anything but office applications and games, and we're gonna bust your ass".

[cmpm]

Would this "law" also apply to Microsoft?

[Lashiec]

cmpm raised an interesting question with it sarcastic comment

What happens, for example, with "legal" software designed to protect THEM for what US could do to their intellectual property? What happens with the Sony rootkit, the Cactus protection embedded in one of the releases of my beloved Natalie Imbruglia that install itself in the computer without asking me anything, Starforce (!!)? They're also hacker tools by their own definition (well, and by everyone), that could be used to commit crimes (uhm, I wonder what rootkit used certain viruses...)

nudone, I think this law is much more like the anti-piracy laws USA's general attorney is trying to impose there. You get in problems if you attempt to commit a property theft. I wonder if the plague would continue to infest the world...

[nudone]

perhaps this is the first step in trying to 'tighten up' the internet - in a typical ham fisted manner. i wouldn't be surprised to see such a law spread across europe.

whatever happens i would hope that human ingenuity finds away around or through it.

[mitzevo]

this is the stupidiest shit i've seen for a week.. (lol), so i can go to jail or get fined for having telnet on my computer? shit. obviously not, but you can do a lot with telnet.. it's probably one of the most basic "hacker tools"..

do they really know any thing about "hacker tools"? a web browser can be used to do a lot of damage.. so is our web browsers hacker tools? what about nbtstat and related? what about all the tools included in most *nix distro's... WTF... i imagine these days there are a lot of network testing/scanning/probing tools included with *nix.. this is the tip of the iceberg..

obviously.. im going a little crazy, but they don't actually know that many tools can be used for ill purposes even though they are not used for such.. like a hex editor, a telnet/ssh client, and all this stuff is standard on pretty much most boxes these days..

 

[app103]

I guess this outlaw's complete linux distros like nUbuntu.

[gjehle]

do they really know any thing about "hacker tools"? a web browser can be used to do a lot of damage..

-mitzevo (July 07, 2007, 12:33 AM)

sorry to break it to you
but NO, they know SHIT about "what a browser is" let alone "hacker tools"
it's also linked in the blogpost but let me link it here again:

kid reporters interview German politicians (German language)
Here's a small best off:

Kid: Do you own a computer?
Politician: Yes I do, but I hardly use it, it mostly "disagrees" with me.
Politician: No.
Politician: Yes, and I also use the internet. But only if I have specific questions for which I then seek answers online.

Kid: Could you name a couple of webbrowsers?
Politician: uhhm, wait, what are "browsers" again?

Kid: Do you have your own homepage?
Politician: Yes, I do have my own homepage,.... BUT I hardly know how to use it myself, I have people doing that for me.

[iphigenie]

Well I went to check the german original, and its not that broad.

The law makes it illegal to
* steal, sell, distribute passwords or other means to gain unauthorized access
* gain illegal access to computers or information
* use of software whose primary goal is to gain illegal access or sabotage computers. the law has an addendum covering the fact that many tools are also used for research, debugging, legitimate security testing etc.

It seems to me that many countries already have laws like this, but it seems germany didnt. WHich explains why so many hacker groups are based in germany

It might be a bit overkill but i understand the problem law enforcement has.

In our day of identity theft, people using palm computers to bypass car alarms or security systems, trojan malware being installed on peoples pc ad used to attack servers etc. you have the problem that if you catch someone in front of someone's house with security hacking tools there was nothig illegal with that. Neither was it illegal to own a laptop which had a list of 10000 credit card umbers, it seems... Neither was it illegal to by some device install spyware or backdoors on other people's pcs - no law covered these.

On the other hand there is something to be said for not-quite-legitimate use of tools to reverse engineer device communications (to create drivers for linux, make fixes or improvements the manufacturer should have done, test the security) - but i think in all those cases the difference would be you use the tools against systems you own or have legitimate use (contracted by work to do it etc)

It's a tricky act to balance

[JennyB]

On the other hand there is something to be said for not-quite-legitimate use of tools to reverse engineer device communications (to create drivers for linux, make fixes or improvements the manufacturer should have done, test the security) - but i think in all those cases the difference would be you use the tools against systems you own or have legitimate use (contracted by work to do it etc)

It's a tricky act to balance

-iphigenie (July 07, 2007, 09:43 AM)

British law has the magnificent-sounding charge of "Going equipping to steal."

From http://cps.gov.uk/le...tion8/chapter_a.html

Attempts

The appropriation may be complete even if the criminal's purpose is not fulfilled e.g. thief puts shopping into his bag dishonestly intending not to pay, but is caught before leaving the shop. Charge theft, not attempt theft.

The Prosecution does not have to prove that there is in existence property capable of being stolen. For example:
The would-be pickpocket who put a hand into someone else's empty pocket searching for something to steal will be guilty of attempted an attempt theft. In this example, the charge should be drafted as an attempt to steal property belonging to the victim.

If you cannot charge attempt because there is no act which is more than merely preparatory, consider section 25 Theft Act - going equipped to steal, cheat or burgle (Archbold, 21-324)

Thanks, Google!

It seems this law has similar intent: evidence is needed of preparation to commit an offence.

[tinjaw]

If you listen to security experts, much of "hacking" (which should be cracking, BTW) is just social engineering. Does that mean it will now be illegal to own a dictionary?

[Lashiec]

If you listen to security experts, much of "hacking" (which should be cracking, BTW) is just social engineering. Does that mean it will now be illegal to own a dictionary?

-tinjaw (July 07, 2007, 01:21 PM)

A Spanish author not long ago said that writing (especially with pen and paper) is still considered a subversive act by certain society sectors. Tha interwebs are flooding with hackers!

[f0dder]

If you listen to security experts, much of "hacking" (which should be cracking, BTW) is just social engineering. Does that mean it will now be illegal to own a dictionary?

-tinjaw (July 07, 2007, 01:21 PM)

No, breaking into computers==hacking, breaking copyright protection schemes== cracking.

Hacking isn't "writing code" anymore, except in the "I wrote a quick hack" sense, or "that's a pretty darn ugly hack".

[tinjaw]

Then the meaning has changed over the years. Hacking means doing something clever. Cracking means breaking into something. At least that is what my generation used as definitions.

[mitzevo]

in the world of hacking (and people who take a stab at it..), it's called cracking.. (malicious hacking).. well the people who take a stab call it hacking any way, lol..

i don't know why they can't just call it "malicious hacking" any ways..

just like fodder said, every one and there dog is "hacking" things these days.. css hacks, code hacking, spade hacking, hacking hacking, hack here hack there.

i think hackers get a bit upset and try to use the term cracker to show the bad side of hacking.. this is all very well in the hacking/netsec scene.. but in the software cracking/reversing scene a cracker is some one who cracks software which has nothing to do with hacking networks, pbx's, ipods or css (not that css is related to any real hacking..)

hacking and cracking is used interchangeably..

[f0dder]

In my experience, the real hackers call it hacking - only the wannabe /. crowd and a few people who have used ready-made exploits call that sort of activity "cracking". Ah yes, and some of the *u*x crows hangs on to the old definition of "hacking" as well.

[iphigenie]

I am usually against all the stupid laws that prevent reverse engineering etc.

But I am not sure it is a right for everyone to have these tools on their pc and be able to point them at any machine on the net that isn't theirs. I certainly think it should be illegal for someone to have people's credit card numbers on their machines with no good reason to have them! And it should be punishable to point a buffer overflow, password cracker etc. to someone else's machines. Even if you didnt get in and didnt destroy anything.

I think it's fine for people to own these tools and point them at machines and systems they own, their employers own (if their job implies) or their clients - they are after all testing and debugging tools as well - but if they point it at my machines and get caught, it should be a crime.