RSS
EU Cybercrime Bill Targets Anonymous: Makes It A Criminal Offense To Conduct 'Cyber Attack'
from the seems-a-bit-broad dept
While we're still sorting through the crazy cybersecurity bill proposals in the US, it appears that some in the EU are going through a similar process. The EU Parliament's "Civil Liberties Committee" has approved a legislative proposal concerning "cyber attacks," which appears to ramp up criminal penalties for all sorts of broadly defined activities. It even applies criminal penalties to a company if an employee hacks into a competitor's database (even if they weren't told to do it). But where it gets scary is when it appears to directly target "hactivism" like what Anonymous does. While we still think Anonymous' DDoS attacks are incredibly counterproductive, are they really criminal?
The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.Even more ridiculous? Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal? This whole thing seems like a bad overreaction by politicians who are freaked out, but who clearly don't understand the technology in question.
A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.
One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.
Reader Comments (rss)
(Flattened / Threaded)
Proposed by the clueless, and punishing everyone.
Giving people power gives them brain damage, prove otherwise.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
And thus sets back European security research by decades
Way to go, ignorant assholes.
[ reply to this | link to this | view in chronology ]
Re: And thus sets back European security research by decades
Revolution #9
[ reply to this | link to this | view in chronology ]
Re: And thus sets back European security research by decades
So this law basically will make a criminal out of most network security professionals who will have to choose to be a criminal or change their job. They cannot do their job effectively without these tools and yet having them will be illegal.
On the other hand the true hackers will throw a party and run wild. Suddenly every hackers greatest enemy has been shut down by the government because the destructive hackers don't care about the law.
[ reply to this | link to this | view in chronology ]
Re: Re: And thus sets back European security research by decades
If you outlaw hacker tools people will be cracking systems with slide rules.
[ reply to this | link to this | view in chronology ]
Because we all know the usual idiots are going to accuse Mike of supporting Anonymous attacks...
Now, I've been very clear since Anonymous started this effort -- shutting down various websites using what is effectively crowdsourced distributed denial of service attacks -- that I think the strategy is really dumb.
I think that denial of service attacks are a pretty dumb idea.
I've been on record for a while now that I think the strategy of doing DDoS attacks on websites that people don't like is a bad idea, that will lead to backlash.
[ reply to this | link to this | view in chronology ]
Re: Because we all know the usual idiots are going to accuse Mike of supporting Anonymous attacks...
Their business is disrupted for a short time, people get their message out. (Most times DDOS attacks are followed with twitter or facebook announcements as to why the attack occured)
I get the idea behind the attacks, but it seems they're leading to a more, and more locked-down internet for the rest of us who don't participate in them, but protest these companies in our own ways.
With that said, they seem like the kids are having fun, but it's all fun and games until the internet is no longer useful for the rest of us.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
Giving up a password = the password protected stuff can now be accessed, where it couldn't be before.
Unencrypting a HD = the encrypted stuff can now be accessed, where it couldn't be before.
What kind of drugs was the judge on to think there is any difference at all between those two?
[ reply to this | link to this | view in chronology ]
Re:
Why you should never talk to the police EVER video.
http://www.youtube.com/watch?v=i8z7NC5sgik&feature=my_liked_videos&list=LLykP7pfCDlv 4ksMbbYzbR4A
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
How would this apply to zombie botnets, I wonder?
"Merely "possessing... hacking software and tools" could lead to criminal charges. Does that make everyone with a computer a criminal?"
That would be the logical conclusion for anyone who knows what they're talking about. I have Wireshark installed on my laptop, nmap and a live CD of Backtrack for diagnostics of my company network. Apparently I need to go to jail...
[ reply to this | link to this | view in chronology ]
Re:
Soon we'll have cops dropping flash drives with hack tools on them to run sting operations on people who pick them up.
[ reply to this | link to this | view in chronology ]
"It has protruding wires, it must be a bomb!"
"There are musics there, it must be illegal!"
"I don't understand this piece of software, it must be a hack!"
"You're pretty knowledgeable with computers, you must be fluent in every piece of software."
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
That's a tazing.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
prison time!
After making your statements, you can walk straight to the mearest prison, do not pass the dole office, do not collect 70 quid.
[ reply to this | link to this | view in chronology ]
"considerable damage ... financial costs or loss of financial data"
[ reply to this | link to this | view in chronology ]
Re: "considerable damage ... financial costs or loss of financial data"
This way they can just sue the bad actors for whatever losses are caused by their failure to protect data in their care.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Guyz
They're gonna come for me. :(
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
- Peasants have hacking tools (for chopping down trees).
- Orcs have hacking tools too (for chopping down peasants).
- Considerable damage is happening all the time (it *is* war, after all), which, in turn, brings considerable financial loss (to your enemy, hopefully).
- I tend to play with AI players. Does ganging up on the enemy together with the AI count as using "botnets specifically designed for large-scale attacks"?
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
That was the sound of both Mike's opinion and the criticisms being made sailing above your head high enough to bring satellites out of orbit.
SOP, of course.
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Define 'hacking software and tools'.
The DOS prompt?
Telnet?
IP Scanners?
Ethernet Sniffers?
All of those - while being critical tools to 'hack' - are also have a quite legitimate and sometimes necessary role.
I sweep subnets often at work looking for Remote Access Controllers since they don't register with DNS, and we don't use WINS.
Ethernet Sniffers are sometimes the only way to track down rouge traffic on a LAN, situational, of course.
And some of these tools are on just about every windows/linux install - so they need to arrest everyone with a computer.
[ reply to this | link to this | view in chronology ]
Re:
You guys are way too literal for your own good sometimes.
[ reply to this | link to this | view in chronology ]
Re: Re:
So while yes, claiming that this will outlaw ping is hyperbole, it's still an overreaching law written by those who know nothing about technology.
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
Agreed. Also, pretty much anything considered a 'hacking tool' (including malware) can be and is used for stress testing and security audits.
I'll even add another example for you. When Conficker was big, I infected a computer on my test network on purpose to test the removal tools for it. That way if it got past all of the safeguards that we put in place, I knew that I could remove it safely and effectively.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
https://www.eff.org/sites/default/files/filenode/Submission-Parliament-Hacking-Tools-vf.pdf
[ reply to this | link to this | view in chronology ]
And when "law enforcement" does it?
Or is it as usual, laws only apply to non-governmental groups (ie: everyone not on tax-payer payroll)?
[ reply to this | link to this | view in chronology ]
Re: And when "law enforcement" does it?
> it was to coordinate or pay a group from India
> to coordinate a DDoS against The Pirate Bay?
No.
This is a proposed EU law. If passed, it will only apply to EU member countries. Since neither the US nor India are EU member countries, nothing they do will be criminalized under this law.
[ reply to this | link to this | view in chronology ]
Re: Re: And when "law enforcement" does it?
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re: a hammer is not a weapon
If something can plausibly be used as a weapon, police may treat it as a weapon - so, your opinion is interesting, but not the one that ultimately matters.
[ reply to this | link to this | view in chronology ]
Re: Re: a hammer is not a weapon
[ reply to this | link to this | view in chronology ]
To further your analogy. No it is not about tools like hammers, more like tools like knives. The country where I live it is illegal to carry a knife in public places unless I have specific legal reason to, like carpenters are allowed to if they are working in a public place. Now regardless of my intent to use it to hurt someone with said knife I still run the risk of being jailed up to six months.
This is a case where a tool like nmap would be classified as a cyber attack tool Possesion and/or distribution such a tool would carry to the risk iregardless of intent at least two years of jail time in a pound-you-in-the-ass prison.
Read the comments from about the intent(under the header mens rea) part from EFF https://www.eff.org/sites/default/files/filenode/Submission-Parliament-Hacking-Tools-vf.pdf
[ reply to this | link to this | view in chronology ]
Goodbye White hats
1) White hat hackers driven away. Young hackers driven heavily towards black hat pursuits.
2) Supply of new security professionals drys up. Supply of black hat hackers increases.
3) Firesale/Nuke hack gets through the inadequate security.
4) Chaos, death, destruction.
5) Building a new world from the ashes, if anyone is left.
Conclusion:
Politicians are horrible strategists.
[ reply to this | link to this | view in chronology ]
Re: Goodbye White hats
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Regulation is going cancerous.
In the future the aforementioned cancer and its carriers will likely be targeted and eradicated.
[ reply to this | link to this | view in chronology ]
im sure there terrified of the mean old politicians/possible pedophiles that wrote this.
[ reply to this | link to this | view in chronology ]
I dare the government to arrest me since all of that is "hacker software".
(If I need to check for holes in my config, I use nmap. If I need to test the network; ping/traceroute. Need to compile? GCC. Need to have a secure connection to a remote server? SSH and bash. IF I NEED A FUCKING WEB SERVER, I USE LIGHTTPD).
ffs, seriously
[ reply to this | link to this | view in chronology ]
"I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences,"
he was found guilty and sentenced to jail time under Computer Misuse Act despite having no criminal intent associated with his actions. The EU Cybercrime bill not only would allow this kind of abuse across all of Europe, it would be worse than the CMA or the US CFAA.
http://www.out-law.com/en/articles/2012/february/british-facebook-hacker-sentenced-to-eight -months-in-jail/
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Arrests
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Unrelated but ....not
http://www.guardian.co.uk/commentisfree/2012/apr/04/national-liberty-counter-terrori sm-secret-courts
[ reply to this | link to this | view in chronology ]
Compromise Amendments
You can read a debate along with the compromise amendment here:
http://forum.intern0t.org/security-news-feeds/4177-update-existing-eu-cyber-law-makes-worse-g ood-guys.html
(The compromise amendment comes directly from the Europa Parlament)
[ reply to this | link to this | view in chronology ]
Add Your Comment