Exploits, security tools disappear as German anti-hacker law takes effect

Summary:Security professionals in Germany have begun to remove exploits and hacking tools from the Internet in response to a new German law that expressly forbids the distribution of any software that can be used in computer/network attacks.

Exploits, hacking tools disappear as German law takes effect
Security professionals in Germany have started removing exploits and hacking tools from the Internet in response to a new German law that expressly forbids the distribution of any software that can be used in computer/network attacks.

Stefan Esser (left), the PHP security guru behind the recent Month of PHP Bugs project, has yanked all the proof-of-concept exploits from the project page because of legal concerns related to the new law.

"This new law renders the creation and distribution of software illegal that could be used by someone to break into a computer system or could be used to prepare a break in. This includes port scanners like nmap, security scanners like nessus and of course proof of concept exploits," Esser explained.

[ SEE: Flaw trifecta kicks off Month of PHP bugs ]

He said the law explicitly forbids the creation, distribution and usage of tools that can be used to prepare for, or actively exploit computer systems. However, there is uncertainty about the law and how it applies to the work of security professionals in Germany.

The big problem is that the paragraph is not clearly written. It allows too much interpretation. While our government says that they do not want to punish for example hired penetration testers, this is NOT written down in the law. The written law does not know any exception. And that is the big problem.

Phenoelit, another German site that distributes hacking tools, has posted a goodbye note that refers to the new law. Phenoelit's tools and security material have been moved to a different server outside Germany.

Kismac, a wireless network discovery and attack tool, has also disappeared.

* More from SecurityFocus.com's Rob Lemos.

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.