Exploits, security tools disappear as German anti-hacker law takes effect

Exploits, security tools disappear as German anti-hacker law takes effect

Summary: Security professionals in Germany have begun to remove exploits and hacking tools from the Internet in response to a new German law that expressly forbids the distribution of any software that can be used in computer/network attacks.

SHARE:
TOPICS: Security
25

Exploits, hacking tools disappear as German law takes effectSecurity professionals in Germany have started removing exploits and hacking tools from the Internet in response to a new German law that expressly forbids the distribution of any software that can be used in computer/network attacks.

Stefan Esser (left), the PHP security guru behind the recent Month of PHP Bugs project, has yanked all the proof-of-concept exploits from the project page because of legal concerns related to the new law.

"This new law renders the creation and distribution of software illegal that could be used by someone to break into a computer system or could be used to prepare a break in. This includes port scanners like nmap, security scanners like nessus and of course proof of concept exploits," Esser explained.

[ SEE: Flaw trifecta kicks off Month of PHP bugs ]

He said the law explicitly forbids the creation, distribution and usage of tools that can be used to prepare for, or actively exploit computer systems. However, there is uncertainty about the law and how it applies to the work of security professionals in Germany.

The big problem is that the paragraph is not clearly written. It allows too much interpretation. While our government says that they do not want to punish for example hired penetration testers, this is NOT written down in the law. The written law does not know any exception. And that is the big problem.

Phenoelit, another German site that distributes hacking tools, has posted a goodbye note that refers to the new law. Phenoelit's tools and security material have been moved to a different server outside Germany.

Kismac, a wireless network discovery and attack tool, has also disappeared.

* More from SecurityFocus.com's Rob Lemos.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • For the "Super Wealthy" only.! As 8x broadband gets closer. . .

    Hang it up the death of the x86 home computer is in the hands of the Dept. of the Interior and the leading 'Monopoly" Complex Corporations in content media. I personnally don't know how 802.11 PDA's or Laptops do under the type of dog training we go through under the Solar sky of Prescott,AZ.
    RobeTirm@...
  • LOL.. sounds like pre ww2 germany is back.

    Fourth Reich anyone?

    "Phenoelit?s tools and security material have been moved to a different server outside Germany."

    Oh look, a way around the new law.. didnt see that coming. Such a pointless law( or section of law).
    Been_Done_Before
    • Das machinkontrol is nicht for gefengerpoken und mittengrabben.

      "Oh look, a way around the new law.. didnt see that coming. Such a pointless law( or section of law)."

      He himself will have to move out of Germany or he gets arrested. If anyone post things that are illegal in some countries, you will get arrested when you set foot in that country.

      But one thing for sure, this activity will go completely underground.
      osreinstall
      • Same old story

        Law makers just don't get how the internet works the way it does. They might as well ban excessive heat in the Sahara Desert.
        Cayble
        • Prohibition.

          Prohibition will never work because it is unenforceable. You don't ban products. You ban behaviors that are enforceable. As grandma would say, das dumbkopfs. Maybe we can get some of our legislation straightened out also. It isn't working either.
          osreinstall
  • NRA should be all over this...

    After all - exploits don't hack machines, people hack machines.
    jasonp@...
    • Well, if you could prove that...

      ...hacking is another form of bearing arms, you might get their attention. Then again, I think the NRA General Council would rather be out target-shooting, duck hunting or selling guns anyways.
      flatliner
  • Will MS have to remove Ping

    Ping, Traceroute, nslookup, http and many more use all the time in hacking. They use these to footprint the target they wish to attack.

    So what about all the operating systems out there that have these "Dangerous" tools?
    voska
  • WELL YOU CAN'T MAKE SOFTWARE ILLEGAL NOW CAN YOU

    What hackers use technically isn't software.
    BALTHOR
  • Yet Scat Porn & Underage Sex Vids Are Still Available

    I bet the Germans are proud.
    itanalyst
  • Negative effect of German Law

    All this does is move such tools underground, where only the most dedicated hackers who can spend the time finding it finds it.

    Those of us who are legitimate and use these tools to ensure our networks are fortified are now forced to go underground to find these same tools. This law gave the bad guys a leg up on the good guys.

    Intelligence 101 anyone?
    yyuko@...
    • I see this argument used a lot...

      and it never makes any sense. Imagine what this world would be like if we just took that kind of logic and ran with it. There may be valid reasons why this is a bad law, but giving a leg up on the bad guys is a pretty pathetic one. You can't keep people from doing things, all you can do is enforce the law. If your thought process were truly realized, we'd eventually settle into a nice anarchistic society where nothing is illegal in fear that making it so would "give the bad guys a leg up".
      jasonp@...
      • And, we hear that argument...

        ...all the time from the anti-gun lobby and apologists. And the, "I don't want to take care of myself, or take any responsibility for myself, or my children - let the government do it" crowd. The grasshoppers sucking us ants dry.
        Dr. John
        • Swing and a miss...

          I think most of the anti-gun crowd is a bunch of loonies, but there are those who have a little common sense and realize that over-regulation is bad, but no regulation can be even worse. There are crazy ideologues on both sides of the issue...those who think that the government shouldn't be trying to place any regulations on weapons and those who think the government should ban all weapons completely. One thing I believe is that rabid ideology on either side of an issue of importance does nothing to advance solutions at best, destroys any chance of finding solutions at worst, and 99+% of the time does something in between. My problem was not with the sentiment of the original post, it was with the flawed reasoning. As I said...this may be a bad law, but not because of that.
          jasonp@...
          • rednecks

            and you both should grab your guns and do a big favor to the rest of the world: use them on your selfs
            quimkaos@...
      • Now there is a strawman.

        "There may be valid reasons why this is a bad law, but giving a leg up on the bad guys is a pretty pathetic one."

        That comment is the whole thrust of your argument and its a dead bloody loss.

        No valid argument here is suggesting that "giving a leg up on the bad guys" is a good reason to do anything. You just made a baseless claim on your own volition and are attributing it to others who never said giving a leg up to the bad guys is a good reason to do anything. Your whole argument is lost.

        The problem with this German law is it completely fails to accomplish anything that it claims to be its reason for existing. You might as well try to eliminate dirt from the world simply by telling stores they cant sell potting soil. Its not only pointless in so far as any hope of eliminating, or even reducing significantly the dirt from the world, it makes it more difficult for those with good uses for dirt to get it.

        Its a dumb law. Or maybe just silly. Either way, it proves the lawmakers either just don't get how the modern world works or they are aimlessly clutching at straws in desperation and causing as much harm as good in the process.
        Cayble
  • People doing illegal things

    don't follow laws. Therefore, this law or portion is meaningless. Hackers have been underground forever and saying that they must remain underground is nothing new.
    THEE WOLF
  • Programming Tools

    Since all the hacker software out there was built with programming tools of some sort, the Germans should be cracking down on such nefarious software packages like PHP, Java and MS Visual Studio. I mean, seriously? Were they planning outlawing JavaScript?
    aureolin
  • Not good enough! What about 'ping' and 'telnet'?

    This is not good enough! There are certainly sites in Germany that have such "hacking
    tools" as "ping" and "telnet" and "traceroute" installed. It's time for good Germans to
    do their duty and remove them!

    What? You think I'm joking?

    Seriously, if "kismac" is a "hacking tool", then so are these programs... all included
    with every copy of UNIX or Windows, including XP, Vista, Linux, and OSX.
    Resuna
  • Yet another...

    example of government that doesn't know what they're writing laws for, but do so anyway to pay lip-service to their countrymen...

    Oh wait. This is Germany. My bad!

    Outlaw exploits, and security tools in Germany? Excellent move! Then get them off a server in say Belgium, England, Luxemburg.

    Brilliant move!

    Now lets kick out kiddyporn out of Germany shall we?

    - Kc
    kcredden2