[CTS] Re: [alerts@theMezz.com: T0rn' Arrest Alarms White Hats, Advocates]
- From: "Russ Blakeman" <rhb57@xxxxxxx>
- To: <computertalkshop@xxxxxxxxxxxxx>
- Date: Thu, 26 Sep 2002 16:01:11 -0500
Yep - that Linux box project is on hold yet again, I already have an OS with
security holes and another is just more pain in the bum.
> -----Original Message-----
> From: computertalkshop-bounce@xxxxxxxxxxxxx
> [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of Hal Brown
> Sent: Thursday, September 26, 2002 3:34 PM
> To: computertalkshop@xxxxxxxxxxxxx
> Subject: [CTS] [alerts@xxxxxxxxxxx: T0rn' Arrest Alarms White Hats,
> Advocates]
>
>
>
> ----- Forwarded message from alerts@xxxxxxxxxxx -----
>
> From: alerts@xxxxxxxxxxx
> Subject: T0rn' Arrest Alarms White Hats, Advocates
> To: cybercrime-alerts@xxxxxxxxxxxxx
> Date: Thu, 26 Sep 2002 16:09:24 -0400
> Reply-To: cybercrime-alerts@xxxxxxxxxxxxx
> Sender: cybercrime-alerts-bounce@xxxxxxxxxxxxx
> X-Mailer: Calypso Version 3.30.00.00 (3)
>
> I thought this was interesting to say the least.
>
> Hal
>
> ---------------------------------------------------
>
> * subscribe at http://techPolice.com
>
>
> http://online.securityfocus.com/news/813
>
> By Kevin Poulsen,
> Sept 24, 2002
>
> It could almost pass as a routine computer crime case -- a year-long
> probe leads Scotland Yard cybercops to a home in the upscale London
> suburb of Surbiton, where they seize computer equipment and arrest a
> 21-year-old man under the UK's 1990 Computer Misuse Act.
>
> But last Thursday's raid was anything but routine, because the unnamed
> suspect, who has not yet been formally charged, isn't accused of
> cracking computers, launching a denial of service attack or
> distributing a virus. Instead, the joint Scotland Yard/FBI
> investigation is focused on his alleged authorship of the "T0rnkit," a
> collection of custom programs that help an intruder hide their
> presence on a hacked Linux machine. It's apparently the first time the
> UK's national computer crime law has been used to crack down on a
> programmer for writing a tool with malicious applications -- and it's
> a chilling development to some security researchers and electronic
> civil libertarians.
>
> "I would definitely see it as troublesome," says Lee Tien, senior
> staff attorney at the Electronic Frontier Foundation. "It's something
> we have to look at very closely, because the general idea that you can
> go after someone criminally for simply writing a program raises
> issues."
>
> T0rnkit first began showing up on hacked boxes two years ago. Like
> other so-called "rootkits," it includes programs that an intruder can
> drop into place over genuine system commands that render the attacker
> invisible to the computer's administrator. A replacement "ps" command,
> for example, will omit the hacker's network sniffer from a list of
> processes running on the machine, where an unadulterated version of
> the command would finger the intruder.
>
> The package also includes a backdoor function that allows the attacker
> to covertly return to a machine that they've hacked. "The more recent
> ones have had loadable kernel modules, distributed denial of service
> tools, and stuff like that," says Dave Dittrich, senior security
> engineer at the University of Washington. "Most of the versions are
> circulated in the underground, and they're tightly held."
>
> In 2001, Chinese virus writers incorporated a modified T0rnkit into
> the nasty "Lion" worm. But the kit itself is not a virus; it can't
> spread on its own accord. And the man arrested last week -- now free
> pending an October 19th court appearance -- is not accused of breaking
> into any computers, or of falling in with Chinese cybergangs. "The
> writing and distribution of the tool is the offense," a Scotland Yard
> spokesman confirmed in a telephone interview Monday.
>
> And that worries some computer security researchers, who find it all
> to easy to visualize themselves in the position of the anonymous UK
> suspect. So-called "white hat" hackers often create programs with
> potentially malicious applications as an exercise, or to advance the
> published research base -- active intruders tend to keep their work
> private.
>
> "I've written tools myself that have only marginal social value, so it
> actually concerns me quite a bit," says Mark Loveless, a senior
> security analyst with Bindview Corporation. "I'm worried that
> something like that could happen to someone just because they have a
> high profile."
>
> "Pretty Frightening"
>
> Researchers are even publicly working on a rootkit for Windows NT
> machines, a project that's headed -- not by anonymous denizens of the
> cyber underground -- but by Greg Hoglund, co-founder and CTO of
> security software company Cenzic, Inc. Aside from research projects,
> many security professionals use hacker tools to perform legitimate
> "penetration tests" against clients. And some of the most common
> security tools like nmap or TCPdump can be used for good or ill.
>
> "If they're arresting guys just for writing tools, that's pretty
> frightening," says Steve Manzuik, co-moderator of the VulnWatch
> security mailing list. "I guess anyone who's written a security type
> tool should be concerned if this is going to become the next trend."
>
> It's not a trend yet, but outlawing hacker tools has never been far
> from law enforcement thoughts. Last year 33 countries, including the
> UK and the U.S., signed the Council of Europe's international
> cybercrime treaty, which recommends prohibiting the creation or
> distribution of a hacking tool with the intent that it be used to
> commit a crime, though a last minute change to the treaty allows
> signatory countries to opt out of the provision.
>
> So far, laws explicitly outlawing hacker tools are hard to find. The
> UK's Computer Misuse Act applies to someone who "causes a computer to
> perform any function with intent to secure access to any program or
> data held in any computer," knowing that he or she is acting without
> authorization. The hacker doesn't have to direct the attack against
> any particular computer to be culpable under the law, which carries up
> to two years in prison for a first time offense -- seven, if damage
> resulted.
>
> But the legalese, not dissimilar to U.S. computer crime laws, still
> allows prosecutors some wiggle room. "You might not have a direct
> offense in the computer crime law, but if there's an aiding and
> abetting or solicitation -- those inchoate offenses -- you don't
> necessarily have to have it in the law," says Tien.
>
> Jennifer Granick, director of Stanford Law School's Center for
> Internet and Society, says the result could be a kind of
> Sklyarov-in-reverse. Following the arrest of a Russian programmer at a
> Las Vegas conference last year, some cryptographic researchers
> professed reluctance to make presentations in the U.S. for fear of
> running afoul of the Digital Millennium Copyright Act, which prohibits
> distributing or using tools that circumvent copy protection schemes.
> Depending on what happens in the T0rn case -- which is still in the
> earliest stage -- U.S. security researchers may develop a reciprocal
> aversion to the U.K.
>
> "If this is really against their law, then you have jurisdictional
> problems," says Granick. "Anywhere a tool is written, if it becomes
> available in the UK, that becomes a crime... All sorts of researchers
> would have to hesitate before visiting the UK."
>
> --
> This was sent to you from http://theMezz.com
> To Subscribe/Unsubscribe go to http://techPolice.com
> http://www.theMezz.com/cybercrime/archive
>
> *** TECH NEWS AT http://theMezzenger.com ***
>
>
>
>
>
> ----- End forwarded message -----
>
> --
> Hal Brown
> mailto: hal@xxxxxxxx
> http://adwt.com
> ------------------------------------------------------------------
> ---------
> -----
> Computer Talk Shop http://www.computertalkshop.com
> Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm
>
> List HowTo: http://szaroconsulting.com/cts/faq
>
> To join Computer Talk Shop's off topic list, please goto:
> http://szaroconsulting.com/cts/other_cts_lists.htm
> ------------------------------------------------------------------
> ---------
> ------
---
____________________________________________________
RB Custom Services / Clarkson, KY USA
Professional & Dependable PC, Printer/Plotter/Bus Machine & Network Services
http://rbcs.8m.com (270) 242-9019 Mon-Sat 8am to 8pm incl. holidays
=== Flat rate service avail for inshop and ship-in/out service ===
_______________________________________________________
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
---------------------------------------------------------------------------
-----
Computer Talk Shop http://www.computertalkshop.com
Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm
List HowTo: http://szaroconsulting.com/cts/faq
To join Computer Talk Shop's off topic list, please goto:
http://szaroconsulting.com/cts/other_cts_lists.htm
---------------------------------------------------------------------------
------
Other related posts:
