×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Germany Declares Hacking Tools Illegal

Zonk posted more than 6 years ago | from the hack-the-planet-leave-germans-alone dept.

Security 299

dubbelj writes "Germany has updated their computer crime law to declare 'hacking tools' illegal. This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]). Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal.' We discussed a similar measure in January when Australia considered the same kind of legislation. How will this affect Linux distribution in Germany, as most standard Linux distributions come with these kind of 'hacking tools' installed by default?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

299 comments

man ping (5, Interesting)

Anonymous Coward | more than 6 years ago | (#19340869)

ping - a hacker tool used for detecting computers connected to the internet for the purpose of breaking in to them

Re:man ping (4, Interesting)

blowdart (31458) | more than 6 years ago | (#19341503)

Better than that;

Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten
Because of XSS that has just made all browsers illegal. Microsoft, Opera and Mozilla must report for prosecution.

Problem Solved (4, Funny)

Blahbooboo3 (874492) | more than 6 years ago | (#19340899)

Great! Well, problem solved. We can all stop patching our servers and running firewalls now! Yippee!! :D

Re:Problem Solved (-1, Troll)

Anonymous Coward | more than 6 years ago | (#19341381)

What a bunch of fucking Nazis!

Sounds good on paper (2, Insightful)

Anonymous Coward | more than 6 years ago | (#19341507)

But as the technically educated know, many tools that can be useful for diagnostics, troubleshooting, performance optimization, and usage monitoring can also be used for hacking. This, like many laws, will likely be arbitrarily enforced based on criteria not specified in the law.

Knives are tools that can be used to stab people, but we do not make them illegal. If we *did* make them illegal (defining the item as "tools that can be used to stab people") then in actual practice the law will only be used to increase the charges already leveled against someone, or to target someone who has otherwise broken no law but is doing something of which the powers-that-be disapprove (such as...i dunno...criticizing this or that government official or policy).

Reply: Well, no phreaking problem folks...HAVEFUN. (5, Insightful)

OldHawk777 (19923) | more than 6 years ago | (#19341609)

Well anyway, I am not going to phreak out about hacker tool being illegal. Funny part: For the foreseeable future, any nation without citizens having, using, and learning hacker/cracker/phreaker/... tools (with hands-on experience) is defenseless in case of war/threat. Nations will need as many phreaked crackers, cracked phreakers, 31337 draftees/recruits as they can find (including the wheelchair, gay, and grandma ones).

In a MAD dash governments globally will make all "Hacker Tools" illegal. Zoll Gestapo will be contracted and trained by the US Government, then deployed to Russia, China, USA, France, Canada... All heidi-holes, small/large dark crevices, and generally anything that can be screwed will be looked into.

"Hacker Tools" from telnet, ping, TFTP ... to PGP, RMON, Tripwire, C++ compilers ... eventually all technology will be confiscated and most people will be in jail where they belong. Yes, the Germany government of the EU is proving to be as bright as the government of Mississippi in the USA.

Luddites love politics; because they are not required to know or do, anything right, and are paid anyway. Politics has become a form of welfare for the wealthy incompetent of the US, EU, Iran, Saudi, Russia, China, Egypt, India, Sudan, Mexico.... Politicians in any country are a pitiable basket of low intelligence, corrupt ethics, and fetid morals.

US, EU, and many others are in troubled/stupid times.

Let's cut to the chase (1)

spun (1352) | more than 6 years ago | (#19341899)

We should just make everything illegal. That way, when the government figures out that someone is a bad person, they will have a whole list of things to charge them with. What could possiblie go wrong?

Who is ... (3, Interesting)

BosstonesOwn (794949) | more than 6 years ago | (#19340925)

Default and why is he installing hacking tools in Linux distro's ?

On a serious note doesn't this basically make watching dvds on a linux computer illegal as well ? Sounds to me like this can be wide open for abuse much like our beloved DMCA.

Can't RTFA since the laws are in German.

Lock Hacking (5, Insightful)

TheLazySci-FiAuthor (1089561) | more than 6 years ago | (#19340939)

How are hacking tools really different from locksmith's tools?

I certainly have found a locksmith to be very useful in very legal ways - but then again, I'm the kind of person who has key problems ;)

Re:Lock Hacking (5, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#19341181)

Yes, actually. Hacking tools like nmap, ethereal, dictionary crackers (i.e., cracklib), etc. are absolutely necessary in securing a network. There is no way I could lock down a network without scanning to see what ports are open or determine the security of traffic on a network without a packet sniffer. Heck, packet sniffers are useful in determining problems in misbehaving networked applications. How could I check the security of my users' passwords without a dictionary cracker?

Hacking tools are more like guns: make them illegal and only the criminals will have them.

Re:Lock Hacking (0)

Anonymous Coward | more than 6 years ago | (#19341411)

I have used ethereal for debugging. It sure is nice to read that SOAP packet right of the web and see what it contains (especially if it doesn't contain what it should ...).

Re:Lock Hacking (1, Insightful)

X10 (186866) | more than 6 years ago | (#19341559)

Hacking tools are more like guns: make them illegal and only the criminals will have them.

That is sooooo untrue. In countries where guns are illegal, criminals don't use guns very often. In countries where guns are legal, deranged college students use them to kill their fellow students.
If you pick a metaphore, pick one that works.

Re:Lock Hacking (3, Insightful)

Rakishi (759894) | more than 6 years ago | (#19341857)

Uhm, can you comprehend basic english or not?
He is perfectly right, by definition if you make guns illegal the only people who own guns would be criminals (and law enforcement but then its not a total ban on guns). There may be many or a few of them but by definition his statement holds true.

Anyway in some of those places they use knives instead and kill more people than they did when they had guns. After all, why would they bother with a gun when they know their victim doesn't have one? Not only is the knife perfectly legal unlike a gun (convicted criminals can't legally own guns in most if not all of the US) but in a knife fight the criminal is probably much better off than in a gun fight. Remember that criminals are in better shape, younger, less prone to fear and are free to train with knives as much as they want (unlike guns which they can't train much with) compared to their victims.

In other places they all use guns since the main source of crime is gangs and they escalate the weapons used accordingly (their "victims" have guns in that case). Washington, DC bans almost all guns and there are tons of shootings there, the highest murder rate in the US by far actually.

In countries where guns are legal, deranged college students use them to kill their fellow students.
Bringing guns onto the VT campus was/is illegal. As a result the only persons who had guns there were law enforcement and the deranged college student. Interestingly enough there is one case where a different deranged college student was shot dead by other students before he could do much damage.

So please heed your own advice and don't use statements that don't work.

Re:Lock Hacking (1)

broeman (638571) | more than 6 years ago | (#19341925)

It is an old story that lacks proof. I live in Denmark (No. 3 peaceful country), where we actually don't have many restrictions on buying guns (basically you have to be 18 years of age and go to a police station and get a gun permit), but there are some limits to types of weapons to buy. Hunters are pretty common in most OECD countries, and mostly only the US have larger issues with criminal gun use. Guns doesn't commit crime, people do.

I don't know how strict the weapon-law is in Germany (I have read about one year checkup), but they also have a share of school shootings [bbc.co.uk].

Re:Lock Hacking (0)

Anonymous Coward | more than 6 years ago | (#19341827)

Hacking tools are more like guns: make them illegal and only the criminals will have them.

Of course. If hacking tools are illegal, then possessing them would make you a criminal.

Re:Lock Hacking (1)

linux_geek_germany (1079711) | more than 6 years ago | (#19341947)

> Hacking tools are more like guns: make them illegal and only the criminals will have them. Probably a significant majority of German politicians will not have a problem with that...

Re:Lock Hacking (4, Informative)

ushering05401 (1086795) | more than 6 years ago | (#19341185)

Last time I looked into it numerous U.S. states required certification before you could legally be in possesion of certain types of locksmithing tools. These certs were incrediblly easy to obtain (basically cash and a short course), making the whole thing look like yet another set of rules designed to increase cash flow for an industry.

From the N.C. statute:

" 74F-2. Purpose.
Locksmiths have the knowledge and tools to bypass or neutralize security devices in
vehicles, homes, and businesses. The laws of this State do not protect citizens from the
unscrupulous use and abuse of this knowledge and these tools by persons who are
untrained or have criminal intent. Therefore, the licensing of locksmiths is necessary to
protect public health, safety, and welfare."

Regards.

Re:Lock Hacking (2, Insightful)

Hatta (162192) | more than 6 years ago | (#19341333)

How are hacking tools really different from locksmith's tools?

Not at all. If you are against the prohibition of network security analysis tools you must also be against the prohibition of locksmithing tools.

Re:Lock Hacking (1)

GustoGaiden (1080739) | more than 6 years ago | (#19341665)

'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data' Its still fine for you to use tools on your own system to secure it. A locksmith is an authorized user after all. It sounds like it's just going to become harder to get your hands on a good set of lockpicks. I'm not sure if this is going to hurt anyone but admins.

So.... (4, Insightful)

Nick Driver (238034) | more than 6 years ago | (#19340945)

...when will they start requiring computer professionals to have to become licensed by the govt in order to to possess and use the tools necessary for them to do their jobs?

Re:So.... (1)

drinkypoo (153816) | more than 6 years ago | (#19341019)

Instead, they decided to just deny them the ability to do their jobs. WTG Germany! And here I thought they were on the right track, with all their environmental goodness.

Re:So.... (5, Informative)

HoosierPeschke (887362) | more than 6 years ago | (#19341297)

This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]).
(Emphasis Mine)

If I'm an admin, I'm probably authorized to test my own network's security. I hack and probe my server constantly to determine my own security. The real gray area is if I'm guilty simply because I possess these tools or if I'm unauthorized to do something with those tools.

Re:So.... (0)

Anonymous Coward | more than 6 years ago | (#19341935)

As the saying goes, a government big enough to give you everything you want is big enough to take everything you have.

Computers (1)

Normal Dan (1053064) | more than 6 years ago | (#19340961)

can be used as a tool to 'hack', are they going to outlaw computers too?

Re:Computers (5, Funny)

kalirion (728907) | more than 6 years ago | (#19341495)

The rulebook of my high school explicitly forbid bringing to school "anything that can be used as a weapon." I brought up the point that this would effectively expel all small freshmen who could be picked up and thrown at other people.

Re:Computers (0)

Anonymous Coward | more than 6 years ago | (#19341603)

The rulebook of my high school explicitly forbid bringing to school "anything that can be used as a weapon." I brought up the point that this would effectively expel all small freshmen who could be picked up and thrown at other people.
The pen is mightier then the sword.

Re:Computers (1)

RockoTDF (1042780) | more than 6 years ago | (#19341607)

Ah, but you didn't bring the freshmen to school, now did you? In this case, tell your district that they are just gonna have to fire all the bus drivers...

Bablefish of the CCC article (5, Interesting)

davecb (6526) | more than 6 years ago | (#19340979)

Prohibition of computer safety tools opens Bundestrojaner door and gate

May 25, 2007 (46halbe)
The Bundestag has today the prohibition of computer safety tools invariably durchgewunken (criminal law law of change for the fight of the computer criminality, more again 202 StGB). To be punished is in particular a manufacturing, a programming, a leaving, a spreading or providing software, which is urgently necessary for the daily work of network administrators and safety experts.

The Bundestag has today the prohibition of computer safety tools invariably durchgewunken (criminal law law of change for the fight of the computer criminality, more again 202 StGB). To be punished is in particular a manufacturing, a programming, a leaving, a spreading or providing software, which is urgently necessary for the daily work of network administrators and safety experts.

With it the delegates acted against the express advice of the experts belonged in the committees with the consultation of the law out of science and practice. Also on the part of the InterNet economy and from the Upper House of Parliament the law change had been criticized sharply. With exception of the Party of Democratic Socialism and a lonely SPD delegate now the completely large coalition that votierte notion lots to make Germany the professional disqualification zone for computer safety experts.

By expressed far version law becomes possession, which production and the spreading of preventive tools, with which security can be examined by computers, in Germany punishable. These tools are however essential, in order to ensure the security from computer systems to. The general prohibition of this software is to be forbidden about as helpfully as the production and the sales of hammers, because sometimes thereby also damages are accomplished.

Andy Mueller Maguhn, speaker of the chaos computer club, commentated: "the prohibition of the possession of computer safety tools opens also for the employment of the Bundestrojaners door and gate industry and citizen systematically the possibility is taken of examining their systems adequately for security. This prohibition endangers the security of the IT location Germany."

As the automobile industry, is examined in the computer industry the system security makes its vehicles with Crashtests safer by the controlled employment by attack programs. It will be legally no longer free of doubts possible in the future for sensitive computer systems will test whether they are safe or not.

On the yearly congress of the federal office for security in the information technology (BSI) Minister of the Interior Schaeuble announced planned certifying "more trustworthily" to Sicherheitsdienstleister. With this step obviously the abilities and the knowledge, which are necessary for effective safety examinations of computer systems, are into which hands by yard suppliers handread out by the government are monopolized, while the independent computer safety research can be kriminalisiert as desired selectively.

CCC speaker Mueller Maguhn in addition: "the explanations of the Minister of the Interior for computer security are pure lip-service. Here systematically the legal and organizational framework is created, in order to make citizens and enterprises defenseless opposite computer attacks, restaurant economics and also the Bundestrojaner. Safety research can take place only in an unacceptable legal gray area."

MOD PARENT UP!!! (0)

Anonymous Coward | more than 6 years ago | (#19341279)

+5 Funny

IE illegal? (3, Interesting)

rasteri (634956) | more than 6 years ago | (#19340987)

You can use a browser to hack poorely written web apps (some forum software springs to mind). Doesn't this effectively make all browsers illegal?

Re:IE illegal? (1)

arth1 (260657) | more than 6 years ago | (#19341137)

I would expect the lawmakers to exclude software that has genuine non-contrived uses, whether it also can be used as a cracker tool.
In other words, the web browser and telnet would be kosher despite telnet being THE most prevalent hacking tool, while it might be hard to argue with a straight face how phishing botnet software was used legally.

Re:IE illegal? (1)

Opportunist (166417) | more than 6 years ago | (#19341463)

You look at the laws they created so far and you can be this sure that they thought about this? Or at least know about it?

Re:IE illegal? (0)

Anonymous Coward | more than 6 years ago | (#19341175)

Don't forget, you can ssh or ftp in and guess the password, humans conduct brute force which is a form of hacking, which would I guess make them us ourselves a hackers tool.

I guess we should outlaw people too.

Re:IE illegal? (1)

BosstonesOwn (794949) | more than 6 years ago | (#19341467)

Nope , just the stupid ones who use simple passwords !

Well Im getting on the first train out of Germany , I know Im screwed when it comes to stupidity.

Exactly (0)

Anonymous Coward | more than 6 years ago | (#19341245)

There's no such thing as "hacking tools". Imagine a law banning "murder tools", guns, sharp instruments, blunt instruments, pillows...

Germans should ask the government for compensation when their networks are hacked as a result of an ambiguous law that prohibits the very tools required to perform a security audit. Actually it's not fair taxpayers have to carry the can, those who draft such stupidity should be directly liable.

Where was the German IT industry when this law was being written?

Futile effort? (1)

ThadG (947830) | more than 6 years ago | (#19340989)

Laws like these never seem to do more than frustrate "normal" users while the people it is designed to inhibit find a way around it and continue on their merry way, or as just another charge to tack on when one of these people actually gets caught.

Wait, what? (5, Insightful)

Xtense (1075847) | more than 6 years ago | (#19340993)

So how they are going to distinguish hacking tools from security software? Nmap can be used as both, and I sincerely cannot imagine securing anything without it. Next, packet loggers. Will Ethereal be banned too? It's one of the best tools IMO that gives a user the power to see exactly what he is sending or receiving, showing potential problems and vurnabilities, but it, of course, can be also exploited beyond any limits. And it's the case with all the rest of popular networking software.

Re:Wait, what? (2, Interesting)

Randseed (132501) | more than 6 years ago | (#19341283)

You could make the argument that "netstat" is a hacking tool. Which, I suppose, makes the C library a hacking tool, and the C compiler a hacking tool, and the kernel... Agggggh. Make it stop.

Re:Wait, what? (3, Insightful)

Anonymous Coward | more than 6 years ago | (#19341633)

So how they are going to distinguish hacking tools from security software?

Finally, a question which even I am qualified to answer.

It's simple -- who provided the tool?

If I install a rootkit on your computer, it's a hacking tool.

If Sony installs a rootkit on your computer, it's a perfectly legal way of enforcing their digital rights.

In simpler terms, it's a combination of gross annual income and number of legislators purchased.

Outlaws (5, Funny)

dbzero (64544) | more than 6 years ago | (#19341003)

If "hacking tools" are outlawed, only outlaws will have "hacking tools."

Re:Outlaws (1)

mulvane (692631) | more than 6 years ago | (#19341089)

Maybe they should outlaw idiots so only outlaws would have them...Or is outlaw now a synonym for government?

obligatory attempt at lame humor (-1, Redundant)

evansvillelinux (621123) | more than 6 years ago | (#19341035)

"If hacking tools are outlawed, only outlaws will have hacking tools."

Re:obligatory attempt at lame humor (1)

Biff Stu (654099) | more than 6 years ago | (#19341235)

Sorry, somebody posted this two minutes beore you did. You will now get modded to -1 for redundancy. Kiss your karma goodbye.

Re: obligatory attempt at lame humor (1)

evansvillelinux (621123) | more than 6 years ago | (#19341415)

Sorry, somebody posted this two minutes before you did. You will now get modded to -1 for redundancy. Kiss your karma goodbye.
Karma's highly over-rated. And /. should display comments faster. Then maybe there wouldn't be so much redundancy. ;)

Here's something legislators never learn (1, Insightful)

Rosco P. Coltrane (209368) | more than 6 years ago | (#19341051)

As with firearms, it's the shooter that commits a murder, not the gun. In this case, it's hackers that commit hacking, not the tool. And just as with guns, when they outlaw hacking tools, only outlaws will have them, and the new laws will just annoy the shit out of legit users.

Re:Here's something legislators never learn (1)

Corbets (169101) | more than 6 years ago | (#19341161)

The irony of this comment that you may not realize is that Germans tend to be very anti-firearm. ;-) So this argument probably won't sway many up there!

Re:Here's something legislators never learn (1)

gadgetman (4992) | more than 6 years ago | (#19341645)

Yeah, no doubt.

"This year will go down in history. For the first time, a civilized nation has full gun
        registration. Our streets will be safer, our police more efficient, and the
        world will follow our lead into the future!"
--Adolph Hitler, 1935

They have a history of following stupid facists movements.

Re:Here's something legislators never learn (3, Informative)

duckle (738287) | more than 6 years ago | (#19341435)

You can take it even farther than that. Guns don't really have a positive use. No one is really hunting for survival anymore. Many hacking tools were created with sysadmins in mind. I personally have run into a situation where I either have to reinstall IRIX from scratch (licensing and all) or run john the ripper on the root password for a while. Yes, there is a way around in this case, but completely legitimate use of John the ripper saved me tons of time. I don't even want to think where I'd be without the likes of tcpdump, nmap, or other tools. We would have to guess our systems are secure without actually knowing.

Re:Here's something legislators never learn (1)

mcrbids (148650) | more than 6 years ago | (#19341717)

As with firearms, it's the shooter that commits a murder, not the gun. In this case, it's hackers that commit hacking, not the tool.

Yep. Standard mantra posted various times in various forms on this page.

But what's interesting for me is that viruses and worms, especially polymorphic ones, have the potential to commit hacking of their own accord. How long will it be until a polymorphic virus is written with a recombinant genetic algorithm (not unlike DNA) that achieves long-term viability? Somehow, such a virus combined with the tremendous (and largely wasted [slashdot.org]) computing resources now available online strikes me as the most likely candidate for true, "artificial intelligence" and/or "artificial life".

So, in this case, wouldn't a GA polymorphic virus actually be "doing the hacking"?

what made the list? (5, Insightful)

Original Replica (908688) | more than 6 years ago | (#19341091)

I imagine the list of tools useful only to hackers is pretty short. And I imagine that german hackers will find ways to use "legit" software to their ends.

On another note, expect little in the way of secure software innovation out of Germany in the next few years.

Re:what made the list? (2, Interesting)

Xtense (1075847) | more than 6 years ago | (#19341237)

There is also the problem of using these "only useful to hackers" tools to evaluate your security. If this is outlawed, how can you keep yourself secure legally, if these tools are basically churned off daily, with newer and newer methods of attacking? This is basically suicide for legal safety. If this law is passed, I can actually see German government websites being hacked on a daily basis not long from now.

Re:what made the list? (1)

necro2607 (771790) | more than 6 years ago | (#19341269)

No doubt - even the most common software used by "hackers" is just as often used by totally legit network admins. nmap, ethereal, John The Ripper, and so on. Sweet, yet another blanket law slapped on, making criminals out of an even larger percentage of totally decent people.

Re:what made the list? (1)

BosstonesOwn (794949) | more than 6 years ago | (#19341663)

What you don't know is it is actually a conspiracy to put all the geeks in jail. Then only then my friend will all the user$ roam free and admin-less to destroy our years of trouble making and tweaking the tech gadgets they love so much !

I for one would like to welcome our , new non-geeky , law making non-technically inclined overlords.

Re:what made the list? (1)

einhverfr (238914) | more than 6 years ago | (#19341531)

Legit software, like telnet and a hex editor to exploit buffer overruns manually.

I have never understood the desire to outlaw hacking tools. Unlike firearms, you can't make the argument that "oh, well, at least we are preventing deadly accidents in which kids accidently kill eachother." A better analogy would be outlawing bokkens because someone who is skilled with it can kill someone easily with it.

Now, I have few problems with outlawing production of certain forms of malicious software (viruses intentionally released into the wild, keyboard loggers, and the like), but that seems overly broad for a prohibition.

So called malicious software (2, Insightful)

stardyne (113935) | more than 6 years ago | (#19341843)

Even programs that contain keyboard loggers have their uses. Most automated software testing tools use keyboard logging as part of the testing process. Viruses have their uses, as well. On a limited network, I have heard of admins using viruses that are "mutated" so they install patches without any user intervention.

Like banning guns (2, Interesting)

Grishnakh (216268) | more than 6 years ago | (#19341109)

This sounds like banning guns in a hypothetical country where there's a lot of gun violence, and people commonly wear bulletproof vests. (Note the "hypothetical" here; this is just for the sake of argument.) Suddenly, a new law banning guns is passed, and the vest-making companies can't develop new vests because they have no way of testing them.

Brilliant.

Another parallel: this is like making it illegal to wreck a car, whether by accident or intentionally. With a law like this, cars can't be crash-tested, and auto crash safety research comes to a stop.

Of course, in the real world, computer simulations can be used to get around these problems. But with this new real-world law, the simulations themselves are illegal!

Re:Like banning guns (1)

Ironsides (739422) | more than 6 years ago | (#19341201)

Of course, in the real world, computer simulations can be used to get around these problems.

Not really. Simulations generally need to be verified by actual tests. No simulation is perfect as there is always something that could not be included in the simulation or was not/is not yet known about. If simulations were perfect, why would we bother to perform tests at all?

Re:Like banning guns (1)

Grishnakh (216268) | more than 6 years ago | (#19341359)

Simple: because real tests cost too much. So what we do instead is just release the untested products to the marketplace and allow the consumers to test them....

That seems to be the general trend these days anyway.

Re:Like banning guns (1)

Ironsides (739422) | more than 6 years ago | (#19341535)

Only in the Computer world and Google do they do that. Others actually test their products.

How about Cain & Abel? (1)

necro2607 (771790) | more than 6 years ago | (#19341123)

I wonder if this will make Cain & Abel [www.oxid.it] illegal in Germany...? This software is an extremely useful "multi-tool" for any network/server administrator, and I've been using it for years to recover lost passwords, evaluate security, etc. but I imagine it is used constantly to assist with people's [sic?] questionable hacking activities.

Of course, being in Canada, these blanket-like laws won't have any jurisdiction here, but I still wonder about what kind of effect this is going to have on sysadmins in Germany. Pretty messed up. We've all heard the horror stories of technically-challenged judges not understanding the key concepts behind potentially grey-area situations (using someone's open WiFi network, for example).

doesn't that illegalize any programming language? (1)

jimstapleton (999106) | more than 6 years ago | (#19341133)

at least, any language with a networking library?

Add netcat to that as well. It's not a programming language but it's Frickin' useful for network processes.

netcat + bzip2 + dd combine to make my favorite backup tool...

Single User Mode (1)

duckle (738287) | more than 6 years ago | (#19341147)

Booting into root without a password seems like it fits their definition of a hacking tool. Can't use the Apple or 's' keys anymore!

Well... (4, Informative)

Crazy Taco (1083423) | more than 6 years ago | (#19341149)

This is going to stop a lot of software companies from opening up German software houses. Just trying to maintain any computer network for regular developers would probably be illegal under these rules, because a lot of network maintanence tools could be considered "hacking tools" under this definition. Without those tools, it would be prohibitive to try to support an enterprise infrastructure.

so, is gdb illegal now? (1)

ameline (771895) | more than 6 years ago | (#19341211)

So are debuggers illegal now? How about compilers? Logic analysers? I'm pretty sure Germany has extradition treaties with USA/Canada/the rest of Europe. Does that make most of us criminals?

What about debugging by printf or cout?

Pretty soon we'll have to be licensed members of the programmers guild. Please line up to pee in the cup and be fingerprinted for your mandatory background check. (oh, and your papers please) (does that count as a Godwin when we're talking about the Germans? :-)

Re:so, is gdb illegal now? (2, Informative)

IthnkImParanoid (410494) | more than 6 years ago | (#19341341)

I'm pretty sure Germany has extradition treaties with USA/Canada/the rest of Europe. Does that make most of us criminals?
Extradition treaties don't make one country's laws applicable in another, they allow people who commit crimes in one country to be returned to that country after fleeing to another.

Our brains... (2, Insightful)

Etherwalk (681268) | more than 6 years ago | (#19341307)

Brains are the best hacking tools of them all, and the only ones necessary--anything else can be rebuilt from scratch, or worked around. (Though it would take a while, in some cases.)

So they've outlawed brains.

Brilliant. =)

Re:Our brains... (1)

Hognoxious (631665) | more than 6 years ago | (#19341447)

Brains are the best hacking tools of them all
True but irrelevant, it's Germany we're talking about.

Re:Our brains... (1)

BosstonesOwn (794949) | more than 6 years ago | (#19341833)

Yeah haven't you ever seen Hogans Hero's [imdb.com] , it proves that the Germans are dumb !

Germany has actually sprouted some of the great minds in the security industry , one has to wonder how they let this slide by.

Re:Our brains... (0)

Anonymous Coward | more than 6 years ago | (#19341949)

Not like they're used nowadays anyway. The average Joe Schmoe won't even notice if it's shut off.

I wonder what counts as hacking tools. (1)

smellsofbikes (890263) | more than 6 years ago | (#19341335)

GCC? Excel macros? using Word to create cross-site-scripting-attack webpages? Just using IE with ActiveX enabled?

Morons (0, Flamebait)

unity100 (970058) | more than 6 years ago | (#19341339)

let me tell you whats gonna happen - they are going to take back that law. thats whats going to happen.

ALL lawmakers and judiciaries should be OBLIGED to take courses in I.T. before ever attempting to do anything about it.

End of Days||Daze (4, Insightful)

packetmon (977047) | more than 6 years ago | (#19341361)

That's humorous (in a scary way) considering the following:

The commission communication "towards a general policy on the fight against cyber crime" [europa.eu]

There is no agreed definition of "cyber crime". From a strictly legal point of view, it can be questioned whether there is any need for the term at all - it could be argued that "cyber space" is just a new specific instrument used to commit crimes which are not new at all. The term may thus be most interesting from an operational point of view, i.e. the operational instruments and procedures to fight against this type of crime must be developed.

With that said, as an American, I can almost indicate any connection to me as being an illegal one and cost the German taxpayers a bucketload of money with false claims. Let's consider the following scenario.. Ping. Simple administrative tool, can also be used for DoS attacks. Suppose I start a business ... eFishSkinSales.com that sells fish skins... I find a German counterpart GermanFishSkin.com... I take their IP addressing and spoof a pingflood to my routers and send German authorities the logfiles. Would they know what a spoof is for one. How about the following... A German websurfer visits my page and does not close his browser. For the next nMinutes where n equals the amount of time he has his browser on my page, he will make repeated GET's thus resulting in a DoS attack of the lamest kind. What then. Are browsers hacking tools?

Let's take it a step further into XSS (cross site scripting)... The browser IS THE TOOL. Should all browsers be banned now. Oh those Germans. I know... What about a German, with a shell on a server in America developing tools. Now those tools don't reside ANYWHERE in Germany then what. I would have laughed that law all the way to the bitbucket. But... You're likely dealing with e-Incompetent lawmakers driving Beamers and Benz' who care little about the advances in LIFE as a whole thanks to computing both good and bad (malicious hacking has forced companies to improve themselves).

What about the script kiddies? (1)

farker haiku (883529) | more than 6 years ago | (#19341371)

What are all the script kiddies going to do now? For the love of god, won't somebody think of the children?

Illegal Security (1)

Bent Mind (853241) | more than 6 years ago | (#19341591)

Cool. Germany just made computer security illegal. The real question is what will their next step be? Will they realize their mistake and revoke the law? Or, once no one can scan their own network for security breaches, will they make it worse and start outlawing software like netcat?

So does that include google and other indexers? (1)

jofny (540291) | more than 6 years ago | (#19341639)

I mean...so much of "hacking" involves gathering information...and lately some of the best information is off of the google and etc...

Well, let's see what we'll get that way... (1)

Opportunist (166417) | more than 6 years ago | (#19341651)

I am usually quite wary when it comes to prediction, unless I can be fairly certain that I'm right. So let's take a look at the not so far future...

"Hacking" tools are outlawed. Now, "hacking" tools usually work two ways, like pretty much everything on the internet (that's another thing our legislator just don't seem to get), i.e. they can be used to find security holes in networks.

In other words, it's now illegal in Germany to test your network against security holes.

This, in turn, means that, no matter what kind of guru you may be in the field of network security, you will sooner or later leave a hole open (or, like in my case, ignore yet another bullshit law, but let's assume you actually still care about the manure that house creates).

A criminal, with criminal intentions (hence the name) doesn't care about the law either. He has those tools, that's a given. He will find the security hole you didn't find. And there he goes and grabs your last year's research.

Now, this isn't something most companies really like. They tend to keep their research under cover 'til they can patent it. They'll be royally pissed, I tell you that. And they'll realize that:

a) Germany is insecure
b) Wages in Germany are still pretty high when compared to, say, Poland.
c) Poland is now also a member of the EU.

And you can wave another "invention company" good bye. Not necessarily without their skilled staff, the Germans are already pretty mobile when it comes to working (no kidding, look around Germany and you'll see a lot of "foreign workers", Germans working in Austria, the Netherlands, France...).

Taxes, of course, will be paid to Poland.

Well, every country has the government it deserves. But even Germany hasn't deserved to suffer this badly.

Coordinated International Effort (2, Insightful)

mpapet (761907) | more than 6 years ago | (#19341701)

To criminalize so-called hackers.

Most policy wonks that deal with this sector have already spread the word that computers are dangerous tools in the wrong hands. So, step 1 is to make the tools illegal. For example, "Your honor we found hacking applications wireshark installed on the defendants computer." No questions about approved uses are allowed because that makes things too complicated.

Don't bother with legal challenges, the objective is to make computers a content delivery device. Anything else is too threatening to governments, regardless of their borders.

Best case scenario as other posts have pointed out, the government gives out licenses that allow you to use/own "hacking" software. In the U.S., probably a process similar to getting a clearance would be required. This is happening internationally.

Since this is the /. echo chamber, no one will do anything but whine and go back to their work/entertainment.

Required reading for Americans unhappy with their political process: http://www.vanityfair.com/politics/features/2007/0 6/murphy200706?printable=true&currentPage=all [vanityfair.com]

Virus (1)

Nick_taken (1090721) | more than 6 years ago | (#19341759)

Good luck with virus, with no cracking/reverse engineering tools theres no way to get rid of them, and yes, virus have protection measures.

Making Admin's Jobs Harder (1)

wiseguy02 (991465) | more than 6 years ago | (#19341871)

If a hacker is using these tools for illegal purposes, what is this law going to do. They are already acting in illegal activities, so what.. now they have illigeal software. This will just limit what software admins are going to be able to use to test their security. IMHO.

Running In Place (1)

blueZhift (652272) | more than 6 years ago | (#19341883)

This is just the usual running in place that politicians do so that they can say they've done something. I'm sad to see that it is the case in Germany, just as the US. In the end, this law will do nothing to stop the real criminals and be a potential pain for the professionals charged with thwarting said real criminals. h4x0r ftw!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...