No more security problems or what?16/08/2007 Written by Jakub Maslowski
Germany is the first one of European countries, where very strict rules have been introduced, rules that will (atleast this is the opinion of government) prevent hacking. Anti-hacking law says now, that creating or possesion of tools related to security that could potentially be used in attacks, is now forbidden.
Amendment of this law defines clearly that also Denial of Service attacks and targetting single hosts/targets are offence to it. “Hacker” — person who commits serious breach can now be sentenced to up to 10 years in prison. Controversion — that word describes quite good, what is now in head of Germany security professionals, who are not sure, if they are allowed to do their job. For example, creation or possesion of tools that could be used in more then one way.
So, tools designed to test networks are not legal since you could use them in DoS attack, or how about passwords reminders and crackers? How about effective Google usage? The fact is, that every security company is doing illegal activities, when checking security using for example port scanners or vulnerability scanners. It seems, that German government missed the meaning of IT security.
Security consultants would like to see some changes made, following UK’s Computer Misuse Act, that cleared situation in Great Britain.
Many groups that were involved into security are removing stuff related to that “anti-hacking” law, like “The Hacker’s Choice” (http://www.thc.org/), or even moving to Netherland, like creators of KisMAC (tool used to scan networks) did.
But consider, what is “tool that can be used in hacking”? Is it your browser (that can be actually used for web application hacking tasks)? Or simplier — command line (in Windows) or terminal console (in Linux)…telnet… notepad, vi…? Because sometimes no other tools are needed to breach into weak systems.
Chaos Computer Club (respected hacking group in Germany) resumed this situation: “seems that German politics decided their country is free of security problems”.
So, will everone in security industry drop, what they were doing or it will move to undeground?