What's going on across the pond? :confused: This would never fly here...
http://www.timesonline.co.uk/tol/new...SS&attr=797084
CSR
Printable View
What's going on across the pond? :confused: This would never fly here...
http://www.timesonline.co.uk/tol/new...SS&attr=797084
CSR
I could have so much fun over there right about now...
I wonder how sys admins will manage this. For example, if there is a back door, how will they allow this "valid" exception? and more importantly, how will software (e.g. AV, rkhunters) be able to distinguish from a malcious back door. Not to mention folks that think like NukEvil (nothing personal NE). Seems like a recipe for disaster.
wow...
:spit:Quote:
He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.
Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.
Being the conspiracy theorist I naturally am...I thought the US governement has all ready been doing this to monitor their citizens...and others...by releasing malware and infecting machines...which they can then monitor.
I personally dont think its anything new.... :eek:
MLF
Yep agreed.. Im just surprised they even announced that they were going to do it. I would think they would do it anyway and if someone tried pursuing it they could produce documents saying they had a right to it.. There is no doubt in my mind that US govt does it plentyQuote:
Originally Posted by morganlefay
For you n00blets (new to the security/government hacking scene):
I mean, come on...
Let's pretend that I am a law enforcement officer, and I need to remotely gather info on some perp's computing habits.
The only really reliable way to pull this off would be to have physical access to the machine(s) in question. Ok, this alone implies that 1) the person in question only uses one machine or 2) the person in question uses multiple machines, but I know exactly which machines he/she uses for which purposes.
If the person has multiple machines, how would I get this info? Not from the ISP, for one. To them, it all looks like a lot of data all going to one machine (the router). Of course, using MAC address lookups, I'd know that the person was using a router, but other than that, I'd have NO information. I'd need to actually go to the person's house, hang around, and watch the person use each machine, take notes, etc. All without being seen or found out. Unless I secretly installed a camera in each room a machine was in, AND ran power to each camera, AND installed some way of transmitting whatever data each camera gathered to where I would be watching. All this before I even installed anything on any of the person's computers. Other than that, I'd just install multiple copies of the snooping software on each machine. Too much work the other way.
Now, assuming I've went to the guy's house to install software on the machine(s), I'd also need to know how to circumvent the protection capabilities this person has deployed not only on the machine(s) in question, but also on the physical barriers surrounding the machine(s). Ok, one home-installed remote-monitored security system disabled (either from cooperation with the security monitors or by hacking (heehee, cops hacking a security system).
Ok, I'm at the first machine. Turn the machine on, slip a live CD into the drive bay. Oops, the BIOS isn't set to boot from a CD, only from the internal harddrive. Reboot, press DEL (or whatever) to go into the CMOS settings. OOPS, need a password to access the settings. Screw this, pop open the machine, take out the battery, or jumper the pins, and hope it resets the CMOS to default settings. Oh, sh@t, it's still saved to the NVRAM chip, short that out as well. Ok, back to default settings.
Weee, my live CD is booting, now to grab the Admin password from the SAM file. Wait, this guy uses LINUX?? F#$%#^ this software only works with Windows!
Rince and repeat for all other machines in question. True, this perp may have a windows box, but the entire harddrive will undoubtedly be encrypted with some well-known algorithm with an ungodly number of bits.
Now, let's pretend I'm the suspect in question...
Meanwhile, I'm sitting at work, watching everything this officer is doing over remote webcam, via another machine sitting in my house somewhere, comfortably chuckling over watching this officer's efforts gone to waste. Maybe I'll send a remote message to one of the machines he's working on, thanking him for the attention, maybe not.
1) Because the officer will find it rather difficult to enter my premises without being noticed, being I have three dogs inside, on guard duty at all times. With a fixation on male genitals. Because, as we all know, people will break into houses, whether or not they see the obligatory "Beware of Dog" signs.
2) Even if he was able to gain access to one of my machines and install whatever he needed to install, I'd be instantly notified of any new installations within a certain timeframe. Let's pretend he'd also know the password he'd need to gain access to my firewall settings to tell it to let the program communicate with the remote office. And let's pretend that pigs have wings, Satan's made a batch order of antifreeze, and our moon is really made of a certain dairy product.
3) I seriously doubt I'd do anything to attract the attention of any government, unless that government decided they didn't like my opinions of their dictatorial laws.
Anyways, doesn't matter. They're just going to deny they've changed the rules on their people. Oh, wait, they just did:
http://www.theregister.co.uk/2009/01..._remote_snoop/
Well the average jo blow luser doesnt have all those safe guards in place....geez...they dont even update thier anti virus and click on every link they possibly can
Come on...
It take less then 10 mins for an unprotected computer to become infected once connected to the internet...and the stat was from a few years ago.
I still get " can you look at my machine...its running pretty slow" every time I visit someones house.
My point...you dont need physical access when you can social engineer a user to click on a link or visit a site and down load a keylogger.
Who is the fricken n00b??
MLF
True...but the average user probably isn't a criminal :P
The users that were found out to be criminals didn't get found out by snooping software, but rather by forensic software.
Oh, and what happens after an officer installs software onto one of my machines? I simply change my browsing habits.
Ever watch paint dry? I bet I can make even the smartest, most well-relaxed person's sanity crumble if they were forced to look at me accessing whitepapers, RFC documents, online ITIL manuals, and Microsoft Licencing agreements.
I agree with MLF re: nothing new re: The US government is probably already doing some of this. However, what is surprising is the public statement that they (EU) plan to do this.
IMO, It's kinda like torture. You know it's going on. The US government just isnt going to admit to it. If they did, the ACLU would be all over it.
I guess its time to 'drop' every gov ip range from the UK and the US on my firewalls. Also the French btw are doing this (maybe not officially but hey.. they are in the same pot).
If banning those ip blocks wont help.. hell. i will ban ALL ips from said countries.
Maybe its also time to quit my gmail acc.. and every online mail service :D
Easy to run my own mail server and filter out IPs.
No.. im not a paedo, terrorist nor spammer... but those b1tches dont have the right to look at my stuff. Its non of their buisiness what sites i go to and what i have on my hardrive.
Im getting sick of this gov crap. They breach my privacy.. then they loose my private data on some usb stick or some dumb gov employee whos not trained to wipe his ass even and my privacy gets leaked. No way.. no more!
Tell that to the RIAA and the likeQuote:
True...but the average user probably isn't a criminal :P
This way they can track whos stealing music\movies and software ...thats a crimminal offense in most countries
Makes pretty well everyone I know a crook.
Here in Canada they are trying to pass a bill...where even though you bought the cd...you dont have the right to change the format and put it on other media...such as an MP3 player or IPOD..........talk about targeting and pissing off the legit users.
I would love to know what brainyack thought that one up :rolleyes:
MLF
Well here are a few things to consider:
1. The police have neither the technical personnel nor the budget to do very much about cyber crime anyway. The government have been vacillating over creating a national cyber crime unit for some years now.
2. Just what safeguard do you think a magistrate's warrant gives? They are so easy to get the police might as well have a rubber stamp. Also they are not specific.............they are a total carte blanche, and anything found is admissible.
3. There is just too much traffic and too much diversity to monitor anything more than a minute and carefully targeted portion of it.
4. Do you think that MI5 and MI6 have to adhere to the Police Act? :lildevil:
5. It won't work.............how many major criminals have been caught due to random cyber surveillance?...............none...........
Traditional methods such as following the money, known criminal associates, tip-offs, etc. produces the suspects.
6. They never catch the big boys because they either have or have hired the expertise to remain undetected.
This has all the hallmarks of a political con trick. Give the police powers to apparently tackle cyber crime and people will think you are doing something about it.:rolleyes: