[ISN] Austrian Police to use crime-busting Trojans

From: InfoSec News (alerts@private)
Date: Fri Oct 26 2007 - 00:23:58 PDT


http://www.techworld.com/security/news/index.cfm?newsID=10446

By John E. Dunn
Techworld
25 October 2007

The Austrian Police has become the latest European agency to express its 
intention to use specially-crafted Trojans to remotely monitor criminal 
suspects.

According to reports in Austrian media, the minister of justice Maria 
Berger, and Interior Minister Gunther Plater, have drafted a proposal 
that will be amended by legal experts and the cabinet with the intention 
of allowing police to carry out such surveillance legally with a judges 
warrant.

There doesnt appear to be a defined timescale for such a law, and it is 
not clear whether the move would face the legal challenges encountered 
by the German authorities in the last year as they attempted to get a 
similar law off the ground. According to Berger, Trojans would only be 
used in cases of serious crime, such as terrorism and organised 
racketeering.

The Swiss authorities have declared the intention of using the same 
controversial technique, but only in cases of the most extreme nature, 
such as terrorism.

One formidable hurdle is that opinion in the security software industry 
is almost universally hostile to the idea. You dont have to dig far to 
find negative reaction.

"I'm sure the Austrian Secret Service will develop some pretty ingenious 
software to infect users' PCs, but there is a real danger that the 
package could leak into the hacker community," said Geoff Sweeney of 
security outfit Tier-3, which went to the bother of putting out a 
release on the topic.

"That scenario would create a serious free-for-all on the industrial 
espionage and identity theft fronts as legitimate Trojans are redirected 
to create an even more hostile environment for organisations to defend 
against," he said.

The authorities have been keen to portray the use of Trojans as similar 
to phone-tapping, a long established police practise the world over. 
However, Trojans are different on one important respect from phones, and 
this is where the anti-malware companies sense trouble.

"How should anti-virus companies react to the existence of such malware? 
Detect it? Avoid detecting it on purpose? Avoid detecting hacking 
software used by governments of which country? Germany? USA? Israel? 
Egypt? Iran?," commented F-Secures Mikko Hypponen in a blog earlier this 
year.

The Austrian, German and Swiss governments have yet to explain how they 
would circumvent security programs that might be used by criminals to 
protect themselves, whether this would involve collusion with security 
software companies, and what would happen if such software-busting 
Trojans were subsequently reverse engineered and deployed by criminals 
themselves.

"The anti-virus companies aren't going to turn a blind eye to 
state-endorsed Trojan horses," said Graham Cluley of Sophos, himself a 
good barometer of likely industry opinion.

"We're going to add detection for them just like any other spyware. So, 
if the cybercops think they can give us a funny handshake, a wink and 
buy us a pint for not adding detection for the Trojan they're using to 
spy on their suspect they're mistaken.

"The reason why we take that policy is that we can't know if the Trojan 
has been placed there by the cops or a criminal. It's unlikely that the 
Trojan will say Copyright (c) FBI 2007," he said. 


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Fri Oct 26 2007 - 00:36:19 PDT