Australian Spy Agency Seeks Permission To Hack Third-Party Computers

New submitter LordLucless writes "ASIO, Australia's spy agency, is pushing for the ability to lawfully hijack peoples' computers — even if they are not under suspicion of any crime. They seek the ability to gain access to a third party's computer in order to facilitate gaining access to the real target — essentially using any person's personal computer as a proxy for their hacking attempts. The current legislation prohibits any action by ASIO that, among other things, interferes with a person's legitimate use of their computer. Conceivably, over-turning this restriction would give ASIO the ability to build their own bot-net of compromised machines. Perhaps inevitably, they say these changes are required to help them catch terrorists."

Re:How do we stop them?

[bakuun]

How can I harden my computer against being used as a node in an ASIO botnet?

ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.

If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).

In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).

Suggestions:

[thedarb]

* Run a BSD or Linux system. - Secure it. If you don't know how to do this, do your home work.
* Use a snapshot capable filesystem, and take snapshots (ZFS / BTRFS). - You can use these to identify file that have changed.
* Use Tripwire or a clone like AIDE. - This is a second level of checking for file changes.
* Manually audit your system regularly.
* Use OS repositories from outside Australia.

And the list would not end there.

Re:What happened to the "free" of the "Free World"

[CrimsonAvenger]

Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.

Well, technically, Iran has never been a "rouge nation". On the other hand, that's an apt description for all the communist nations...

On the other hand, if you really meant "ROGUE nation", then Iran would also fit nicely.

Why do so many supposedly educated people get "rouge" and "rogue" confused?

Re:How do we stop them?

[crutchy]

install linux (i prefer debian stable, but that's just me)

closed all uncessary ports

that's usually a function of your router, but linux can also be used for routing functions using an iptables script... here's an example that you can execute from /etc/rc.local (on a debian machine anyway):

#!/bin/bash
echo -n "Loading iptables firewall..."
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROP
echo "done."
exit 0

not the most locked down firewall that you can make with iptables, but its probably a similar configuration to what you would find in most off-the-shelf routers by default. you only need to add more exceptions if you run servers of sorts (ports 80 and 443 for httpd, 25 and 110 for mail, 53 for dns, etc). you can also nat between networks with iptables.

edit /etc/hosts.deny and make the only non-commented line ALL:ALL, and make sure there is nothing (except comments) in /etc/hosts.allow

also be sure to configure all users except human users and root so that shell is /bin/false in /etc/passwd and /etc/passwd-

also, don't install any programs from sources other than official repositories (except for things like flash from adobe website) and don't install garbage apps and avoid torrrent clients which are a breeding ground for malware for all operating systems. i tend to favor stable repositories (with auto security repos update), with many vulnerabilities being due to inadequately tested updates. despite the hype, the testing aspects of both waterfall and extreme programming methodologies are rarely followed in open source projects, with the most common being the "code and test" or (derogative) "cowboy coding" methodology.

use shields up @ https://www.grc.com/x/ne.dll?bh0bkyd2 [grc.com] to verify if you have any exposed ports

also, to protect your wifi network(s), only use wpa2 (don't use wep) and set up an access list so that only registered mac addresses will be able to connect

always use https for online banking and make sure the top and 2nd level domains are what you expect (most modern browsers highlight them)

some of this stuff is less to do with asio and more to do with security in general. no doubt other /. users will chime in if i've said something wrong or if i've missed something obvious. there's also other security things like wheel group, and there are hardening tutorials for most major distros out there. debian has a good one here: http://www.debian.org/doc/manuals/securing-debian-howto/ [debian.org] but for controlling remote access, the best way is to harden your browser settings (uninstall/disable any unneccesary plugins, disable java, etc), tighten up your wifi security and make sure no router ports are open

the internet is a scary place, but most viruses and malware is unintentionally installed by users from a web browser or email client (in windows). hacking is a problem, but its only serious if you're hosting. look up how a router works and that may help cool some of your fears. grc has a good info page here: http://www.grc.com/nat/nat.htm [grc.com]
summary: think of a nat router as sort of being like a one-way valve, so you can make requests out but only responses to your requests can come back in (ininvited requests are dropped)
if your computer is part of a botnet, there's a good chance that you unintentionally installed software from your web browser or email (or junkware/shareware) that caused it. malware rarely if ever gets onto your pc on its own, and also having malware or virus infected files on your machine is ok as long as they aren't op

Re:What happened to the "free" of the "Free World"

[stymy]

It sounds like you need to brush up on your own history classes -- unless they were in the US, in which cases they made some important omissions. Such as the fact that England started shipping its inmates to Australia only after the American Revolution made them lose their favorite penal colony. Prior to then, many punishments for criminals consisted of them having to spend several years or their whole lives in the US.

Re:Good news

[Anonymous Coward]

Insightful but not actually correct. 3 terrorist plots have been foiled in Australia since 9/11:
- http://en.wikipedia.org/wiki/2005_Sydney_terrorism_plot
- http://en.wikipedia.org/wiki/Abdul_Nacer_Benbrika
- http://en.wikipedia.org/wiki/Holsworthy_Barracks_terror_plot

ASIO definitely had involvement in the second one, not sure about the others. I'd be more inclined to suggest that actually they are doing their job just fine with the powers they currently have.