Förderverein Informationstechnik und Gesellschaft

Aussies Lead in Legitimizing LEA Hacking

[Sehr zukunftstraechtiges Gebiet - verdient IMHO intensive Beobachtung! --AHH]

------- Forwarded Message Follows -------
From:          Vin McLellan <>
Subject:       Aussies Lead in Legitimizing LEA Hacking
Date:          Fri, 26 Mar 1999 18:28:07 -0500

        The report below -- announcing changes in Australian law to
the lead Australian LEA to hack into targeted computers with a
Ministerial warrant -- may mark an important event. I suspect it is a
precursor of things to come in the US and elsehwere as LEAs and
intelligence agencies come to terms with the widespread availability
and use of strong cryptography.  

        While crypto effectively protects data in transit and (to a
extent) operationally stored data, the relative vulnerability of the
common Wintel PC and other computers -- the end points of a crypto
link -- make them an obvious target for eavesdroppers foiled by

        This is not a new insight. The Australians (and the famous
Walsh Report on AU Crypto Policy) are only more public than other
nations in their shift to focus on the end-point computers as the
primary vulnerability of encrypted communicaton links. 

        One approach is to develop specialized black bag techniques,
        where a
burglar "under color of law" -- or with minimal or no concern for
local Law, in "intelligence" ops -- slips into a target's home or
office to steal disk-stored crypto keys, or to replace a target's
crypto apps (SSL, SSH, S/MIME, PGP, RSA SecurPC, etc.) with a
corrupted or backdoored versions.  

        (I recall that a CIA operative arrested in the US on espionage
charges last year was described as a specialist in this. I think
everyone can take it for granted that such skills (both burglary and
subversive programming) are in great demand throughout the
international intelligence community, and will soon figure prominently
in warranted LEA surveillance. 
        In Australia now; elsewhere soon. Perhaps everywhere

        A burglar or a penetration agent who can switch copy crypto
switch smartcards or a smartcard reader, load keyboard sniffers, or
install "dual purpose" crypto packages on a target's computer will
probably always be the most effective way of attacking an end-point
computer --- but there is also a huge universe of active network
attacks (viruses, worms, ActiveX modules, and more) that can also be
used against networked computers. 

        This is a range of vulnerabilities, particularly for PCs, that
should be much more widely discussed and categorized. The elite
Bugtraq and NTBugtraq readers, black hat and white, may be on top of
this stuff, but the typical sysadmin just waits for his OS vendor to
send him a patch, and the typical user ignores it all in blissful

        And it isn't as if the vendors can just change their
        priorities and
make the world a better place. As W.H. Murray keeps pointing out, we
install more flawed new computers daily than the number which are,
daily, being fixed, patched, or upgraded. More to the point, some
reports suggest that no more than one percent of Unix sysadmin have
actually installed all the security patches that have been made
available to them.  <sigh>)

        The NSA is still largely dependent upon passive intercept,
to Agency lore, but it is also well-known in the intelligence
community that former CIA Director John Deutch in 1996 ordered a major
redirection in NSA budget priorities to foster more research into
active attacks on target computer and communication systems.

        Of course, hackers, vandals, and cyber-savvy crooks are
also far more likely to exploit host vulnerabilities over the Internet
than they are to burglarize corporate offices. 



The Sidney Morning Herald (Au)
"ASIO cleared to hack into computers"

Friday, March 26, 1999

Australia's domestic spy agency, ASIO, will be given sweeping powers
to hack into computers and place tracking devices on people and cars. 

In the most far-reaching upgrade in a decade to ASIO's powers, the
agency will also be permitted to collect foreign intelligence in
Australia and pass the information to the Australian Secret
Intelligence Service (ASIS), the foreign spy agency. 

The Federal Government is acting on the recommendations of a secret
report by ASIO's former deputy director, Mr Gerard Walsh, which was
mistakenly sent to public libraries and published on the Internet late
last year. 

His report - copies of which were later recalled by the
Attorney-General's Department - urged that ASIO be given the power to
"hack" a nominated computer system to "secure access to that system or
evidence of an electronic attack on a computer system". 

The Attorney-General, Mr Williams, told Parliament yesterday the
agency would be able to access data stored on computers "through other
means which cannot presently be used". 

The changes will allow ASIO officers, with ministerial approval, to
gain access to data stored in computers by "remote access" - commonly
referred to as hacking. 

The change appears to give ASIO very broad powers to hack into any
computer system. 

An explanatory memorandum issued by the Government about the changes
says: "The effect is to provide the minister with the power to
authorise ASIO to access and copy computer data where unauthorised
access is otherwise prohibited by Commonwealth or State or Territory

For the first time ASIO will have the powers to install tracking
devices on vehicles or even people - the devices are small beacons
which transmit signals to other locations. 

Mr Williams told Parliament the devices were necessary for the more
efficient use of ASIO's resources. 

The Walsh report had strongly urged that ASIO be allowed to use
tracking devices, saying "the absence of this investigative tool is a
privation for the Australian Federal Police, the National Crime
Authority and ASIO". 

Other changes will allow ASIO to expand its foreign intelligence
gathering within Australia by dispensing with the present need for it
to obtain a special warrant for each case. 

According to the Government the change will allow ASIO to supplement
foreign intelligence gathered by other agencies, such as ASIS. 

ASIO will be able to use information from the Australian Transaction
Reports and Analysis Centre (AUSTRAC) to follow money trails. 

The changes also mean ASIO will be permitted to carry out security
assessments during the Olympics. 

      Vin McLellan + The Privacy Guild + <>
  53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
                         -- <@><@> --