Forgot your password?
typodupeerror
Australia Government Privacy Security The Internet Your Rights Online

Australian Spy Agency Seeks Permission To Hack Third-Party Computers 210

Posted by Soulskill
from the you-are-doing-it-wrong dept.
New submitter LordLucless writes "ASIO, Australia's spy agency, is pushing for the ability to lawfully hijack peoples' computers — even if they are not under suspicion of any crime. They seek the ability to gain access to a third party's computer in order to facilitate gaining access to the real target — essentially using any person's personal computer as a proxy for their hacking attempts. The current legislation prohibits any action by ASIO that, among other things, interferes with a person's legitimate use of their computer. Conceivably, over-turning this restriction would give ASIO the ability to build their own bot-net of compromised machines. Perhaps inevitably, they say these changes are required to help them catch terrorists."
This discussion has been archived. No new comments can be posted.

Australian Spy Agency Seeks Permission To Hack Third-Party Computers

Comments Filter:
  • How do we stop them? (Score:5, Interesting)

    by Anonymous Coward on Saturday January 12, 2013 @08:06PM (#42570935)

    I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

    The only thing I can think of at the moment is to use Linux and make sure I've closed all uncessary ports...?

    What else? I am not a security buff. Encryption doesn't seem particularly useful, since the problem here isn't that ASIO is accessing our files (although they would probably definitely be doing that too), but that they're using our bandwidth and processing resources.

    • Hopefully, someone with some significant power there in the Australian government cordially invites them to piss off.

      • If you read the article. it's a senior member of the government proposing the legislation.

        • I did actually have a look at the article, and saw that it was Australia's AG that is proposing this. Surely there are more people higher up the government food chain than the AG?

          • by Anonymous Coward

            Not really the AG is pretty high up. She is a totalitarian bitch though, along with Conroy they plan to make Australia worse than China. I am honestly considering moving countries because both major parties are evil.
            I really hope the Green party have something to say about this, they seem to be the only voice of reason in regards to anything in relation to privacy and government powers.
            Time for a massive change in politics in Australia.

            • I reckon the other option would be for Australian citizens to take up their knives and baseball bats and... Nah. Don't think that would be very effective due to the super short range of those things. :/

              • by Antarius (542615)
                Baseball bats? Surely you meant "cricket bats?"
              • by dryeo (100693)

                Probably be a lot less deaths then the American revolution of 1861. Has their ever been a case of a violent revolution improving things besides the odd one that ended up as a successful war of separation?
                Most successful revolutions seem to be the majority of the population doing civil disobedience with minimal violence and even that only works some of the times.

            • by Antarius (542615)

              along with Conroy they plan to make Australia worse than China

              Fortunately that one [slashdot.org] has been cancelled.

          • by davester666 (731373) on Saturday January 12, 2013 @10:41PM (#42571835) Journal

            You can use this argument to do anything

            -open and read every piece of mail
            -listen to every phone call
            -attach gps monitors to every vehicle
            -install and record video cameras everywhere
            -require every computing device to have a backdoor so the gov't can search through it unhindered
            -stop and search everyone in a given area

            The gov't would potentially 'catch a terrorist' with any of these things. Obviously, they must be implemented immediately.

            • by AHuxley (892839)
              Re -install and record video cameras everywhere.
              Line your own home with the better quality gum stick video recorders - add storage, test the battery life for 12h?.
            • by dryeo (100693)

              Well as all of your list also works very well for catching dissidents they'll all eventually be implemented. Dissidents are a much bigger threat to the established powers then terrorists.

          • No, the article clearly says it is the Attorney-General's department (the public service organisation that contains ASIO) through an anonymous "spokesman for the Attorney-General's Department" not the Attorney-General herself that is "pushing for new powers for the Australian Security Intelligence Organisation to hijack the computers of suspected terrorists." ASIO playing the fear card in public arenas and making excessive demands is the typical method of ratcheting up their existing powers to some some

      • by Taco Cowboy (5327) on Saturday January 12, 2013 @08:36PM (#42571133) Journal

        Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

        And they deserved it, for those countries never about the human rights of their citizens, and those countries spied on their own citizens.

        Nowadays, countries that are supposed to be "FREE", such as Australia, New Zealand, United Kingdom and United States are becoming more and more like those rogue states.

        What the fuck has happened to the spirit of "FREEDOM" of the free world?

        • by Runaway1956 (1322357) on Saturday January 12, 2013 @09:04PM (#42571323) Homepage Journal

          Pal, Australia. What does the word conjure up? Think. I know you had history classes in school. Australia was a penal colony. Meaning, they were rogues before they ever got to Australia. They are EXPECTED to be rogue! Putting the words "Australia" and "rogue" in the same sentence is redundant and repetitive.

          • by stymy (1223496) <pdezuviria AT gmail DOT com> on Saturday January 12, 2013 @10:52PM (#42571889)
            It sounds like you need to brush up on your own history classes -- unless they were in the US, in which cases they made some important omissions. Such as the fact that England started shipping its inmates to Australia only after the American Revolution made them lose their favorite penal colony. Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.
            • But, of course! Why do you think the 2nd amendment is so important to us? It's important that all us criminals can defend ourselves from each other! Not to mention that we don't want the warden or his gang to come back!

            • by snero3 (610114)
              Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.

              Don't tell the Yanks but that is still the case!!

        • by Yaa 101 (664725)

          It got sold away under your ass...

        • Re: (Score:3, Informative)

          Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

          Well, technically, Iran has never been a "rouge nation". On the other hand, that's an apt description for all the communist nations...

          On the other hand, if you really meant "ROGUE nation", then Iran would also fit nicely.

          Why do so many supposedly educated people get "rouge" and "rogue" confused?

        • by Phrogman (80473)

          The Spirit of Freedom has been bought and sold to the mega-corporations and their client governments. Privacy doesn't need to be dead, but its more advantageous to the business community if it is, therefore things like this proposed legislation to "Combat Terrorism" - i.e. to combat those whom the Media Industry wants to close down and prevent from copying their copyright works.

        • freedom was ok when there weren't so many things the folks in charge could invade and bug or tap.

          but now, there is so much out there to bug and snoop on, well, you can't blame a kid for being hungry in a candy store, can you?

          THEY WANT IT!

          and they have most of the power to do whatever they want. in fact, 'asking' is just a formality, these days. if you are on a network, folks in charge think they have a right to your data.

          THIS is the brave new world. huxley had zero idea about what the real future was goi

      • by crutchy (1949900)

        i doubt much of the australian government has any idea who they are even dealing with

        • I assure you they do. The official cracking industry employs a few very smart computer security people.

      • by spazdor (902907) on Saturday January 12, 2013 @08:38PM (#42571153)

        Or, if the ASIO really needs the resources it says it needs, let them go to the Australian people with their hat in their hands and ask for volunteers to run an Aussie-Government 'network agent' on their Internet-connected PCs to help them catch child molesters and plane-bombers for the good of the homeland, and if appeals to patriotism don't do the trick, let them offer money, and we'll find out how much a person's Internet privacy sells for on the open market.

        • by LordLucless (582312) on Sunday January 13, 2013 @01:58AM (#42572629)

          I don't think this is raw CPU cycles they're looking for here. It's more like: "We're trying to grab information on this guy. We see he visits www.somesite.com.au an awful lot. Let's get access to the computer of somesite's developer, grab his access keys, and modify somesite to deliver our trojan to the target."

          Of course, once you've compromised a computer, are you going to just clean it up and let it go? After all that trouble of getting a warrant? Pfft, no - what if you need it again? You're going to list it as a resource and add it to the pile of private computers your agency owns.

      • by daem0n1x (748565)
        I'm so glad the Eastern Socialist Block came crumbling down in pieces. Now we can enjoy the joys of freedom and democracy our Western Capitalist governments give us.
    • by sabri (584428) * on Saturday January 12, 2013 @08:14PM (#42570989)

      I am an Australian.

      Find the nearest Equadorian embassy and request political asylum :-)

    • by jamesh (87723) on Saturday January 12, 2013 @08:22PM (#42571025)

      I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

      Over here! We have a troublemaker!

      Seriously though, I wouldn't worry too much. All the hardening you already do to you computer to keep the existing viruses out will be just fine. The only possible problem will be that the antivirus vendors may be persuaded to ignore government sanctioned malware, but such a thing will be self correcting when the malware authors figure out how to mimic government malware.

      • I've been concerned Microsoft already has back doors into computers already with the whole warrant-less wiretapping in the US. Maybe AUS will force MS and Apple into compliance and force backdoors onto computers. Then as governments are known to do lately, just adopt a law that is 'working' in another nation. They don't try this stuff as much in the US first anymore because we had massive public backlash against SOPA/PIPA. Maybe its time for the people AUS to stand up now. I always think it is a beaut
    • Most likely they will instrument your operating system or hardware in your absence so look at ways to keep it secure while you are away, or keep it with you at all times. Remember that they could log keystrokes with a simple device inserted into your machine.

      • So it's okay for Conroy to ban technology company Huawei from supplying equipment for the NBN over spying concerns yet it's okay for our government to target its own citizens. Hmmm...

        • Yeah because we elected him.

          • He's a Victorian Senator (and is in the half of the Senate that got elected 2010 and won't be up again next election). I didn't vote for him (NSW here) - in fact I doubt many people at all actually voted for him (below the line on the ballot paper). Thanks to the way the senate gets elected combined with the inertia of the two major parties (the coalition might as well be one party these days), it'd actually be rather hard to vote him out - He's second on the ticket, so as long as Victorian Labor manages to

    • by drankr (2796221)
      Why aren't you using Linux already?
    • by crutchy (1949900)

      don't use windows as your os for starters

    • by bakuun (976228) on Saturday January 12, 2013 @09:00PM (#42571295)

      How can I harden my computer against being used as a node in an ASIO botnet?

      ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.

      If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).

      In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).

      • by whoever57 (658626)

        If you're using Windows, keep it up-to-date and use a decent antivirus program -

        I you are using Windows, then the simple answer is that you can never be sure that your machine is secure. You can never know if Microsoft has put a backdoor into the system that hides itself.

        Even if you are using anti-virus, it is ineffective. I have seen 2 machines compromised in the last year that both had fully up-to-date antivirus. Only a couple of days after the compromise did the anti-virus detect the issue (in the

        • antivirus will NEVER catch government approved bugs!

          if you think about it, you'll understand.

          and you won't ever trust antivirus apps again. they only block the things 'theyre allowed to'.

          and yes, I'm serious. this has been covered several times before.

    • Re: (Score:3, Informative)

      by crutchy (1949900)

      install linux (i prefer debian stable, but that's just me)

      closed all uncessary ports

      that's usually a function of your router, but linux can also be used for routing functions using an iptables script... here's an example that you can execute from /etc/rc.local (on a debian machine anyway):

      #!/bin/bash
      echo -n "Loading iptables firewall..."
      iptables -F
      iptables -P OUTPUT ACCEPT
      iptables -P FORWARD DROP
      iptables -P INPUT DROP
      iptables -A INPUT -i lo -j ACCEPT
      iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -A INPUT -j

    • basic iptables config

      *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0]
      -A INPUT -i lo -j ACCEPT
      -A OUTPUT -o lo -j ACCEPT
      -A INPUT -m state --state ESTABLISHED -j ACCEPT
      COMMIT

      save that in /etc/iptables/iptables.rules and /etc/ip6tables.rules

      and make sure if your distro doesn't have an iptables rc unit or something similar, to add

      iptables-restore /etc/network/iptables
      ip6tables-restore /etc/network/iptables

      to your /etc/rc.local

      that works great for desktops.
    • by AHuxley (892839)
      Run haiku-os.org, most of Australia's task forces and spooks buy in Windows, Mac (ppc/intel) and Linux (ppc/intel), ios, droid 'software' from friendly US, Canadian and UK security cleared providers.
      en.wikipedia.org/wiki/OpenBFS might be fun for them to wonder about everytime your OS fails to phone home :)
    • by pla (258480)
      I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?

      Now why oh why would you want to help the terrorists, Citizen?

      More seriously, how would that play out in the courts, if you discovered your computer participating in a "legal" police operation and chose to clean their BS malware off?
    • by rtb61 (674572) on Sunday January 13, 2013 @12:39AM (#42572319) Homepage

      I am an Australian and I find the whole idea of the gutless and cowardly attack appalling. ASIO is proposing to leave some poor innocent nobody holding the bag for when the attack is detected. Some innocent person minding their own business acceding the internet, who suddenly finds the local swat team raiding their home and threatening that family with death. That whole family now finds itself on trial for espionage and treason a death penalty offence in many countries. That trial will be accompanied by torture. At which point will the Australia Government have the courage and stand up and tell the truth to the country so that the innocent family are no longer standing under the threat of execution.

      This all smells of a request by the US government who has all sorts of laws to deny any rights at all to foreigners. Sounds like those people at Pine Gap have been up to some naughty business and are looking to tidy up the legalities of a 'Joint Facility', Australian and US, doing stuff that is legal for the US part of the partnership but illegal for the Australian part of the partnership and as the attack must eventually leave the joint territory and cross Australian land it is subject to Australian law.

      It is well known that the US consider innocent third parties as nothing more than statistics and collateral damage, to be lied about in press releases but the Australian government better think long and hard about likely sending people to their death because those other countries aren't all rank computer security amateurs who wont detect the attack, after all if they were ASIO could attack direct or more accurately stand idly by and ignore the US led and controlled attack.

      You only have to look at the MEGAupload case to see how badly it can go when you trust the US inJustice system.

    • by TheSpoom (715771)

      How can I harden my computer against being used as a node in an ASIO botnet?

      Against a nationstate with effectively unlimited resources where essentially all hacking has been declared legal? Nothing. You're screwed.

    • by Z00L00K (682162)

      Linux with MLS enabled, but it will require you to learn how MLS works, and it's something that can cause dandruff just by reading the first page.

      Using random unusual operating system can also work.

      • Concurrent CP/M-86
      • HP MPE
      • OS/2
      • TRON
      • Sintran
      • FreeVMS
      • AROS

      At least it will cause them to scratch their heads for a while.

    • by Burz (138833)

      This looks interesting: http://qubes-os.org/ [qubes-os.org]

      Its based on Linux and uses some newer virtualization features in CPUs to increase system security, and is able to enforce (and represent) security context in the GUI. They even tout a feature (anti-Evil Maid) that foils attackers with physical access (though they say nothing is perfect).

      They say that garden variety VMs like VirtualBox and VMware increase security to some extent, but that they were mainly designed to make computing more convenient and efficient (i

  • by xtal (49134) on Saturday January 12, 2013 @08:07PM (#42570941)

    So what happens when one of these third parties is detained as a spy, if their compromised computer is detected at a border? Depending on where you go, taking a machine with you sounds like it could actually put your life - or at least, your freedom - at risk?

    Have we given up even maintaining the facade of the rule of law now?

  • by Anonymous Coward

    You know... you start trespassing on peoples property and eventually you find some people who do the same back at you.

    I don't have the remotest sense of faith anything public servants or defense personnel put together in this country could stand to defend against penetration attempts from vetted software security experts.

    Is this really a smart idea? It's like asking for backlash, with the risk of having potentially sensitive information exposed as a result.

    • by AHuxley (892839)
      You will find a laptop in suburbia running Windows logging you from a house rented by a front company.
  • These days are justifying their actions with âoehelp the childrenâ or âoecatch terroristsâ.

  • by NettiWelho (1147351) on Saturday January 12, 2013 @08:13PM (#42570981)
    You get charged with interfering with law enforcement operation?
  • Ha (Score:3, Insightful)

    by Moe1975 (885721) <mauriceroman@gma[ ]com ['il.' in gap]> on Saturday January 12, 2013 @08:25PM (#42571047)

    I'd like to see them do that to someone's OpenBSD box!

    • Key logger

      • by Moe1975 (885721)

        Not remotely.

        • Sure. Break in to the guys house to install your logger, with a cellular network connection. ASIO can break into houses easily enough.

  • What will Woz Do? (Score:5, Insightful)

    by Macrat (638047) on Saturday January 12, 2013 @08:33PM (#42571117)
    Will Woz still want to buy Aussie citizenship if this is allowed?
  • by thegarbz (1787294) on Saturday January 12, 2013 @08:38PM (#42571147)

    Dear ASIO, The only people (and I use that term loosely) currently terrorising Australia are you. Kindly take your hacking desires against lawful citizens and shove them.

  • by Anonymous Coward

    AH. For the good old days. Way back in the day the then Attorney-General personally led a raid on the HQ of ASIO on the grounds that he believed that ASIO had not given him full or accurate information about...yes...terrorist activity in Australia by Croatians. And this was back in the early 1970's

    The kicker was that he did not consult with the Prime Minister or the Cabinet before he did it. The Government of the day had a great mistrust of Intelligence agencies

  • Translation (Score:5, Insightful)

    by russotto (537200) on Saturday January 12, 2013 @09:03PM (#42571321) Journal

    Headline: "ASIO is already breaking into third-party computers unlawfully, but is tired of covering it up."

    ''The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests,'' : "The purpose of this power is power".

    ''(It would be used) in extremely limited circumstances and only when explicitly approved by the Attorney-General through a warrant.": "We'll use it whenever and order several redundant sets of rubber stamps for the warrants"

    'The Attorney-General's Department refused to explain yesterday how third-party computers would be used, ''as this may divulge operationally sensitive information and methods used by ASIO in sensitive national security investigations.''' : "We use them for all sorts of things no one in their right mind would approve of"

  • Suggestions: (Score:4, Informative)

    by thedarb (181754) on Saturday January 12, 2013 @09:24PM (#42571431) Homepage
    * Run a BSD or Linux system. - Secure it. If you don't know how to do this, do your home work.
    * Use a snapshot capable filesystem, and take snapshots (ZFS / BTRFS). - You can use these to identify file that have changed.
    * Use Tripwire or a clone like AIDE. - This is a second level of checking for file changes.
    * Manually audit your system regularly.
    * Use OS repositories from outside Australia.

    And the list would not end there.
  • Good news (Score:5, Insightful)

    by KeensMustard (655606) on Saturday January 12, 2013 @09:43PM (#42571523)
    Ever since terrorism became such a huge problem in Australia, ASIO have been unable to catch a single terrorist. So hampered were they by a lack of access to my computer, they have been unable to foil a single, credible terrorist plot. In the last decade or so, an attack by terrorists has been imminent, at any moment, I expect to be attacked by terrorists. The lack of an actual attack, the lack of any suspicion of an actual attack, the lack of any identifiable group with any plausible reason to attack, the lack of any identifiable person associated with any group planning to attack, these are simply indicators of how clever these devious, brown people are. If only someone would use my computer to hack into theirs, then Australians would know the reason for the constant stream of messages telling us to fear.
    • Re: (Score:3, Informative)

      by Anonymous Coward

      Insightful but not actually correct. 3 terrorist plots have been foiled in Australia since 9/11:
      - http://en.wikipedia.org/wiki/2005_Sydney_terrorism_plot
      - http://en.wikipedia.org/wiki/Abdul_Nacer_Benbrika
      - http://en.wikipedia.org/wiki/Holsworthy_Barracks_terror_plot

      ASIO definitely had involvement in the second one, not sure about the others. I'd be more inclined to suggest that actually they are doing their job just fine with the powers they currently have.

  • by kawabago (551139) on Saturday January 12, 2013 @10:34PM (#42571795)
    I'd rather have terrorists.
  • im from ASIO, and theres a terrorist in your vagina. and i have to catch it with my penis.
  • ...may conceivably spell doom for some of the innocent (but possibly identifiable) "third parties" implicated by remote control without their consent or knowledge.

    Shouldn't our taxes at least buy us the due diligence of authorities to consider the most obvious and grave dangers before trying to get such plans implemented?

  • Citizens the world over have voluntarily given up numerous freedoms and control of parts of their lives in order to maintain security against enemies. How far is too far? Should we do every single thing possible, giving up all privacy, allowing our governments to take away our freedom, to stop [most] terrorists? If it causes you to alter the way you live your life, doesn't that mean the terrorists are winning? You've got to draw a line somewhere and stick to it, rather than continually moving it back, littl

"Irrationality is the square root of all evil" -- Douglas Hofstadter

Working...