German security shop challenges anti-hacker laws

German security shop challenges anti-hacker laws

Summary: Fed up with the "ambiguity and confusion" surrounding Germany's controversial anti-hacker laws, a private security research firm has put its hacking tools back online as part of a public test of the interpretation of the new law.

SHARE:
TOPICS: CXO, Security
2

German security shop challenges anti-hacker lawsFed up with the "ambiguity and confusion" surrounding Germany's controversial anti-hacker laws, a private security research firm has put its hacking tools back online as part of a public test of the interpretation of the new law.

n.runs AG, a well-known penetration testing shop that counts Microsoft as a client, has repopulated its Security Tools page with two versions of BTCrack (a Bluetooth cracking and PIN recovery tool) and n.bug (a runtime library call trace program for Windows).

According to n.runs security engineer Thierry Zoller (left), the company is encouraging other German security firms and researchers to put their security tools and research back online. "The current confusion and uncertainty is affecting everyone around here... "Germany is most certainly not becoming a safer place because of these laws.""

The law (see SecurityFocus background), which took effect Aug. 10, mandates fines or prison sentences for any person who violates 202a or 202b "by providing access to, selling, acquiring, leaving at the disposition of someone, distributing or otherwise making accessible" passwords or access control information.

It also outlaws computer programs whose purpose is solely criminal.

[SEE: Exploits, security tools disappear as German anti-hacker law takes effect]

Last month, in response to the law taking effect, security pros in Germany removed exploits and hacking tools from the Internet. German security shop challenges anti-hacker laws

Stefan Esser (right), the PHP security guru behind the Month of PHP Bugs project, yanked all the proof-of-concept exploits from the project page because of uncertainty about the law and how it applies to the work of legitimate security researchers.

Phenoelit, another German site that distributes hacking tools, has posted a goodbye note that refers to the new law. Phenoelit’s tools and security material have been moved to a different server outside Germany. Kismac, a wireless network discovery and attack tool, has also disappeared.

Topics: CXO, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Hacking is now about making money; It is no longer about Microsoft

    A few years ago, hacking was about making Microsoft products look bad. Today it is about real money.

    Once a computer is hacked, data harvesting can begin and data can be sold to companies like ChoicePoint which combine that data with data provided by public disclosure laws and then sell it to well anyone - Bush, police, crooks - it doesn't matter. Gang kids sitting in parking lots can make money just collecting unsecured Wi-Fi key strokes. The data eventually gets used in identity theft and financial institutions like Wells Fargo Bank (of Patty Dunn Barclay Bank fame) and Bank of America are expending a lot of effort trying to suppress the magnitude of the problem.

    I suspect that this notion of hackers being kids looking for fame, or Linux advocates ragging on Microsoft, is one that makes criminals real happy. It is a distraction, a shield, obscuring the real problem which is mobster criminal real money activity.
    mighetto
    • The Ethical Theif?

      THE FOLLOWING IS A BIT TONGUE IN CHEEK HUMOR

      Hi! My name is Joe Hacker. I'm doing a personal psychology study of the gullibility of users of computer systems and have semi-randomly selected your name from a list of several billion residents of the planet.

      Please fill out the following survey:

      https://american.redcross.org/site/Donation2?idb=2038243081&df_id=2362&2362.donation=form1

      Make sure you enter a figure greater than 5.00 in the first feild, and that you double check all information entered in the fields with a red asterisk.

      Confirmation of entry in this survey should reach you via your next credit card statement.
      Dr_Zinj