Australian Spy Agency Seeks Permission To Hack Third-Party Computers 210
New submitter LordLucless writes "ASIO, Australia's spy agency, is pushing for the ability to lawfully hijack peoples' computers — even if they are not under suspicion of any crime. They seek the ability to gain access to a third party's computer in order to facilitate gaining access to the real target — essentially using any person's personal computer as a proxy for their hacking attempts. The current legislation prohibits any action by ASIO that, among other things, interferes with a person's legitimate use of their computer. Conceivably, over-turning this restriction would give ASIO the ability to build their own bot-net of compromised machines. Perhaps inevitably, they say these changes are required to help them catch terrorists."
How do we stop them? (Score:5, Interesting)
I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?
The only thing I can think of at the moment is to use Linux and make sure I've closed all uncessary ports...?
What else? I am not a security buff. Encryption doesn't seem particularly useful, since the problem here isn't that ASIO is accessing our files (although they would probably definitely be doing that too), but that they're using our bandwidth and processing resources.
Re: (Score:3)
Hopefully, someone with some significant power there in the Australian government cordially invites them to piss off.
Re: (Score:2)
If you read the article. it's a senior member of the government proposing the legislation.
Re: (Score:3)
I did actually have a look at the article, and saw that it was Australia's AG that is proposing this. Surely there are more people higher up the government food chain than the AG?
Re: How do we stop them? (Score:2, Interesting)
Not really the AG is pretty high up. She is a totalitarian bitch though, along with Conroy they plan to make Australia worse than China. I am honestly considering moving countries because both major parties are evil.
I really hope the Green party have something to say about this, they seem to be the only voice of reason in regards to anything in relation to privacy and government powers.
Time for a massive change in politics in Australia.
Re: (Score:2)
I reckon the other option would be for Australian citizens to take up their knives and baseball bats and... Nah. Don't think that would be very effective due to the super short range of those things. :/
Re: (Score:3)
Re: (Score:2)
That was actually what I was thinking, it just came out baseball instead of cricket, due to distractions here.
Re: (Score:3)
Comment removed (Score:4, Funny)
Re: (Score:2)
Though I vaguely recall some Kiwi in the early 90s beating a shark off with a cricket bat...
Re: (Score:2)
Probably be a lot less deaths then the American revolution of 1861. Has their ever been a case of a violent revolution improving things besides the odd one that ended up as a successful war of separation?
Most successful revolutions seem to be the majority of the population doing civil disobedience with minimal violence and even that only works some of the times.
Re: (Score:2)
Fortunately that one [slashdot.org] has been cancelled.
Re:How do we stop them? (Score:5, Insightful)
You can use this argument to do anything
-open and read every piece of mail
-listen to every phone call
-attach gps monitors to every vehicle
-install and record video cameras everywhere
-require every computing device to have a backdoor so the gov't can search through it unhindered
-stop and search everyone in a given area
The gov't would potentially 'catch a terrorist' with any of these things. Obviously, they must be implemented immediately.
Re: (Score:3)
Line your own home with the better quality gum stick video recorders - add storage, test the battery life for 12h?.
Re: (Score:2)
The thing is, if you make it too hard for terrorists to use computers/phones etc (ie they are/can be monitored), they simply switch to communicate via hand delivered notes written on paper.
Then forbid paper as a terrorist's tool.
Re: (Score:3)
Well as all of your list also works very well for catching dissidents they'll all eventually be implemented. Dissidents are a much bigger threat to the established powers then terrorists.
Re: (Score:2)
Partially true. For example both Romney and Obama probably cared a lot who won the presidency whereas those pulling the strings only cared that the Paulians and various third parties were removed from the running. The parties while subservient to the powers that be do still have quite a bit of power and want their golden retirement plan.
Re: (Score:2)
No, the article clearly says it is the Attorney-General's department (the public service organisation that contains ASIO) through an anonymous "spokesman for the Attorney-General's Department" not the Attorney-General herself that is "pushing for new powers for the Australian Security Intelligence Organisation to hijack the computers of suspected terrorists." ASIO playing the fear card in public arenas and making excessive demands is the typical method of ratcheting up their existing powers to some some
Re: (Score:2)
The AG is the stand-in for a King/Queen with 3 basic duties. Proposing policy or law is not her duty. Australians never admit their subservience to the US military but it's not difficult to imagine who is driving this.
I suppose there is a decent possibility of that. But surely Australia and other First World nations can descend into an Orwellian nightmare on their own without our coaching?
Re: (Score:2)
I think you're confusing the Attorney General with the Governor General.
What happened to the "free" of the "Free World" ? (Score:5, Insightful)
Last time when we talk about Soviet Union and/or China and/or Cuba and/or Iran and/or North Korea or East Germany, or any of those countries we used words like "ROUGE COUNTRIES" to describe them.
And they deserved it, for those countries never about the human rights of their citizens, and those countries spied on their own citizens.
Nowadays, countries that are supposed to be "FREE", such as Australia, New Zealand, United Kingdom and United States are becoming more and more like those rogue states.
What the fuck has happened to the spirit of "FREEDOM" of the free world?
Re:What happened to the "free" of the "Free World" (Score:5, Funny)
Pal, Australia. What does the word conjure up? Think. I know you had history classes in school. Australia was a penal colony. Meaning, they were rogues before they ever got to Australia. They are EXPECTED to be rogue! Putting the words "Australia" and "rogue" in the same sentence is redundant and repetitive.
Re:What happened to the "free" of the "Free World" (Score:5, Informative)
Re: (Score:2)
But, of course! Why do you think the 2nd amendment is so important to us? It's important that all us criminals can defend ourselves from each other! Not to mention that we don't want the warden or his gang to come back!
Re: (Score:2)
Don't tell the Yanks but that is still the case!!
Re: (Score:3)
It got sold away under your ass...
Re: (Score:3, Informative)
Well, technically, Iran has never been a "rouge nation". On the other hand, that's an apt description for all the communist nations...
On the other hand, if you really meant "ROGUE nation", then Iran would also fit nicely.
Why do so many supposedly educated people get "rouge" and "rogue" confused?
Re:What happened to the "free" of the "Free World" (Score:4, Funny)
Re: (Score:2)
...got to keep the loonies on the path.
(and that means, you and me!)
Re: (Score:2)
Well rouge is the colour of political parties that preach one thing while doing the opposite, usually making things free for the common person while concentrating power in the powerful. Of course most political parties are doing that. :)
I see that your user name is a synonym for the rouge avenger
Re: (Score:3)
The Spirit of Freedom has been bought and sold to the mega-corporations and their client governments. Privacy doesn't need to be dead, but its more advantageous to the business community if it is, therefore things like this proposed legislation to "Combat Terrorism" - i.e. to combat those whom the Media Industry wants to close down and prevent from copying their copyright works.
Re:What happened to the "free" of the "Free World" (Score:4, Insightful)
No, buying is a bad practice in the corporate world. It has just been co-opted by the DiscoverCard Spirit of Freedom(TM), brought to you in part by McDonald's, and by the generous donation of the Monsanto Corporation. They are "Loving It"
Re: (Score:2)
freedom was ok when there weren't so many things the folks in charge could invade and bug or tap.
but now, there is so much out there to bug and snoop on, well, you can't blame a kid for being hungry in a candy store, can you?
THEY WANT IT!
and they have most of the power to do whatever they want. in fact, 'asking' is just a formality, these days. if you are on a network, folks in charge think they have a right to your data.
THIS is the brave new world. huxley had zero idea about what the real future was goi
Re: (Score:1)
i doubt much of the australian government has any idea who they are even dealing with
Re: (Score:2)
I assure you they do. The official cracking industry employs a few very smart computer security people.
Re:How do we stop them? (Score:5, Interesting)
Or, if the ASIO really needs the resources it says it needs, let them go to the Australian people with their hat in their hands and ask for volunteers to run an Aussie-Government 'network agent' on their Internet-connected PCs to help them catch child molesters and plane-bombers for the good of the homeland, and if appeals to patriotism don't do the trick, let them offer money, and we'll find out how much a person's Internet privacy sells for on the open market.
Re:How do we stop them? (Score:4, Insightful)
I don't think this is raw CPU cycles they're looking for here. It's more like: "We're trying to grab information on this guy. We see he visits www.somesite.com.au an awful lot. Let's get access to the computer of somesite's developer, grab his access keys, and modify somesite to deliver our trojan to the target."
Of course, once you've compromised a computer, are you going to just clean it up and let it go? After all that trouble of getting a warrant? Pfft, no - what if you need it again? You're going to list it as a resource and add it to the pile of private computers your agency owns.
Re: (Score:2)
Re:How do we stop them? (Score:5, Funny)
I am an Australian.
Find the nearest Equadorian embassy and request political asylum :-)
Re: (Score:2)
So it's only ok to have racist government policy that gives entitlements to certain races and not others, but not ok when someone complains about it on the internet?
You've drunk too much PC kool-aid.
Re: (Score:2)
I don't know much about Australia but around here the original owners of the country who happen to be a different race made a deal to sell their land on a payment plan and now the buyers are trying to weasel out of making their payments. How would you feel if you sold something on a payment plan and as soon as the buyer occupied the property you sold started claiming that due to your race you shouldn't get paid?
It is a problem with payment plans but when you're dealing with someone who doesn't recognize tha
Godwin (Score:2)
I'd like to amend Godwin's Law to include any mention of Tony Abbott.
Re:How do we stop them? (Score:5, Interesting)
I am an Australian. Assume this passes. How can I harden my computer against being used as a node in an ASIO botnet?
Over here! We have a troublemaker!
Seriously though, I wouldn't worry too much. All the hardening you already do to you computer to keep the existing viruses out will be just fine. The only possible problem will be that the antivirus vendors may be persuaded to ignore government sanctioned malware, but such a thing will be self correcting when the malware authors figure out how to mimic government malware.
Re: (Score:2)
Re: (Score:3)
Here, you can use some of my tinfoil now.
Wait a minute... how do I know you haven't tampered with it?
Re: (Score:2)
Most likely they will instrument your operating system or hardware in your absence so look at ways to keep it secure while you are away, or keep it with you at all times. Remember that they could log keystrokes with a simple device inserted into your machine.
Re: (Score:2)
So it's okay for Conroy to ban technology company Huawei from supplying equipment for the NBN over spying concerns yet it's okay for our government to target its own citizens. Hmmm...
Re: (Score:2)
Yeah because we elected him.
Re: (Score:3)
He's a Victorian Senator (and is in the half of the Senate that got elected 2010 and won't be up again next election). I didn't vote for him (NSW here) - in fact I doubt many people at all actually voted for him (below the line on the ballot paper). Thanks to the way the senate gets elected combined with the inertia of the two major parties (the coalition might as well be one party these days), it'd actually be rather hard to vote him out - He's second on the ticket, so as long as Victorian Labor manages to
Re: (Score:1)
Re: (Score:1)
don't use windows as your os for starters
Re: (Score:2)
spot the windows fanboi... the proof is in the pudding... the number of linux kernels operating in the world (including beneath android and in embedded systems like set top boxes) far exceeds the number of windows installs, and yet no malware or virus problems, yet windows STILL needs antivirus and even then it gets infected
windows is only competently set up if it has antivirus... linux doesn't need it
keep drinking the microsoft kool-aid, moron
Re: (Score:2)
counting android? Windows doesn't need anti-virus, stupid users need anti-virus. Big difference.
Re: (Score:2)
First of all, android rootkits inject into the linux kernel. Second of all, most distributions are no more secure than windows after XP. They both prompt for a password to do administrator things, and both allow user files to be overwritten and infected silently.
Re:How do we stop them? (Score:5, Informative)
How can I harden my computer against being used as a node in an ASIO botnet?
ASIO would come in the same way that normal cybercriminals would, so it's a matter of standard common-sense security precautions.
If you're using Windows, keep it up-to-date and use a decent antivirus program - Microsoft's security essentials works fine. Don't click links in emails from strange people. Don't open email attachments from strange people. In terms of software, a good rule, originally by Brian Krebs I believe, is not to install software if you didn't search for that software in the first place (with other words, don't install if it comes to you by email, or if it pops up when you're browsing around generally, etc etc).
In addition to the operating system, a few other pieces of software are fairly important to keep up-to-date: Your internet browser. Adobe flash and reader, if you use those. Java (or better yet, disable Java in the browser completely).
Re: (Score:2)
I you are using Windows, then the simple answer is that you can never be sure that your machine is secure. You can never know if Microsoft has put a backdoor into the system that hides itself.
Even if you are using anti-virus, it is ineffective. I have seen 2 machines compromised in the last year that both had fully up-to-date antivirus. Only a couple of days after the compromise did the anti-virus detect the issue (in the
Re: (Score:3)
antivirus will NEVER catch government approved bugs!
if you think about it, you'll understand.
and you won't ever trust antivirus apps again. they only block the things 'theyre allowed to'.
and yes, I'm serious. this has been covered several times before.
Re: (Score:3, Informative)
install linux (i prefer debian stable, but that's just me)
closed all uncessary ports
that's usually a function of your router, but linux can also be used for routing functions using an iptables script... here's an example that you can execute from /etc/rc.local (on a debian machine anyway):
#!/bin/bash
echo -n "Loading iptables firewall..."
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j
Re: (Score:2)
*filter
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
COMMIT
save that in
and make sure if your distro doesn't have an iptables rc unit or something similar, to add
iptables-restore
ip6tables-restore
to your
that works great for desktops.
Re: (Score:2)
en.wikipedia.org/wiki/OpenBFS might be fun for them to wonder about everytime your OS fails to phone home
Re: (Score:2)
Now why oh why would you want to help the terrorists, Citizen?
More seriously, how would that play out in the courts, if you discovered your computer participating in a "legal" police operation and chose to clean their BS malware off?
Re: (Score:2)
Re:How do we stop them? (Score:5, Insightful)
I am an Australian and I find the whole idea of the gutless and cowardly attack appalling. ASIO is proposing to leave some poor innocent nobody holding the bag for when the attack is detected. Some innocent person minding their own business acceding the internet, who suddenly finds the local swat team raiding their home and threatening that family with death. That whole family now finds itself on trial for espionage and treason a death penalty offence in many countries. That trial will be accompanied by torture. At which point will the Australia Government have the courage and stand up and tell the truth to the country so that the innocent family are no longer standing under the threat of execution.
This all smells of a request by the US government who has all sorts of laws to deny any rights at all to foreigners. Sounds like those people at Pine Gap have been up to some naughty business and are looking to tidy up the legalities of a 'Joint Facility', Australian and US, doing stuff that is legal for the US part of the partnership but illegal for the Australian part of the partnership and as the attack must eventually leave the joint territory and cross Australian land it is subject to Australian law.
It is well known that the US consider innocent third parties as nothing more than statistics and collateral damage, to be lied about in press releases but the Australian government better think long and hard about likely sending people to their death because those other countries aren't all rank computer security amateurs who wont detect the attack, after all if they were ASIO could attack direct or more accurately stand idly by and ignore the US led and controlled attack.
You only have to look at the MEGAupload case to see how badly it can go when you trust the US inJustice system.
Re: (Score:3)
How can I harden my computer against being used as a node in an ASIO botnet?
Against a nationstate with effectively unlimited resources where essentially all hacking has been declared legal? Nothing. You're screwed.
Re: (Score:2)
Linux with MLS enabled, but it will require you to learn how MLS works, and it's something that can cause dandruff just by reading the first page.
Using random unusual operating system can also work.
At least it will cause them to scratch their heads for a while.
Qubes OS (Score:2)
This looks interesting: http://qubes-os.org/ [qubes-os.org]
Its based on Linux and uses some newer virtualization features in CPUs to increase system security, and is able to enforce (and represent) security context in the GUI. They even tout a feature (anti-Evil Maid) that foils attackers with physical access (though they say nothing is perfect).
They say that garden variety VMs like VirtualBox and VMware increase security to some extent, but that they were mainly designed to make computing more convenient and efficient (i
Re: (Score:3)
CALEA export hardware is wonderful in that way
So expect any desktop consumer OS or hardware to be wide open by default.
If that fails, expect a sun tanned "tradie" to be at your home while your at work
2 plumbers, one day.
If your under ASIO watch, its still not so bad.
If you upset the Australian Secret Intelligence Service, they have a different origin in Australian law.
The
Insanity (Score:3)
So what happens when one of these third parties is detained as a spy, if their compromised computer is detected at a border? Depending on where you go, taking a machine with you sounds like it could actually put your life - or at least, your freedom - at risk?
Have we given up even maintaining the facade of the rule of law now?
Huh... (Score:1)
You know... you start trespassing on peoples property and eventually you find some people who do the same back at you.
I don't have the remotest sense of faith anything public servants or defense personnel put together in this country could stand to defend against penetration attempts from vetted software security experts.
Is this really a smart idea? It's like asking for backlash, with the risk of having potentially sensitive information exposed as a result.
Re: (Score:2)
All Governments (Score:1)
These days are justifying their actions with âoehelp the childrenâ or âoecatch terroristsâ.
What happens if you get rid of their backdoor.. (Score:5, Interesting)
Re: (Score:2)
Re:What happens if you get rid of their backdoor...
.
Probably something similar to what happened to the guy who found the FBI's GPS tracker on his car and ended up with them coming to him to retrieve it :
.
http://news.slashdot.org/story/10/10/08/1413240/College-Student-Finds-GPS-On-Car-FBI-Retrieve [slashdot.org]
.
http://www.blogrunner.com/snapshot/D/5/1/caught_spying_on_student_fbi_demands_gps_tracker_back/ [blogrunner.com]
.
CBS News: FBI Spies on Student, Retrieves GPS Device [cbsnews.com]
.
.
Then, in March of 2012, the FBI claims that it turned off a [techdirt.com]
Re: (Score:2)
Getting the wrong house attracted the print press and tv.
There will be no digital 'raids', nothing beyond another AV product not protecting a computer in time.
The spyware will be the usual suburban type and any ip linked from it will an endusers home.
Re: (Score:2)
The ip it reports/logs back to will look like a local bonnet.
If you have the telco skills/a friend... the ip will be a house in a state capitol running a consumer computer/OS.
Just like any bonnet....
Comment removed (Score:3, Insightful)
Re: (Score:2)
Key logger
Re: (Score:1)
Re: (Score:2)
Sure. Break in to the guys house to install your logger, with a cellular network connection. ASIO can break into houses easily enough.
Re: (Score:2)
Its lawful because they can go to the parliament to get the power to do it. It can be discreet and efficient because they can set themselves up to do it properly. Follow all the people who live in the house. Employ lock experts. Buy vehicles and brand themselves as electricians, whatever. Just walk in and do the job.
Re: (Score:2)
Congratulations Mr AC. Due to your fanstastic karma score Thinkgeek have given you a brand new Das keyboard for your ongoing posting convenience.
What will Woz Do? (Score:5, Insightful)
I'd like to report a terrorist (Score:5, Insightful)
Dear ASIO, The only people (and I use that term loosely) currently terrorising Australia are you. Kindly take your hacking desires against lawful citizens and shove them.
ASIO (Score:1)
AH. For the good old days. Way back in the day the then Attorney-General personally led a raid on the HQ of ASIO on the grounds that he believed that ASIO had not given him full or accurate information about...yes...terrorist activity in Australia by Croatians. And this was back in the early 1970's
The kicker was that he did not consult with the Prime Minister or the Cabinet before he did it. The Government of the day had a great mistrust of Intelligence agencies
Translation (Score:5, Insightful)
Headline: "ASIO is already breaking into third-party computers unlawfully, but is tired of covering it up."
''The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests,'' : "The purpose of this power is power".
''(It would be used) in extremely limited circumstances and only when explicitly approved by the Attorney-General through a warrant.": "We'll use it whenever and order several redundant sets of rubber stamps for the warrants"
'The Attorney-General's Department refused to explain yesterday how third-party computers would be used, ''as this may divulge operationally sensitive information and methods used by ASIO in sensitive national security investigations.''' : "We use them for all sorts of things no one in their right mind would approve of"
Suggestions: (Score:4, Informative)
* Use a snapshot capable filesystem, and take snapshots (ZFS / BTRFS). - You can use these to identify file that have changed.
* Use Tripwire or a clone like AIDE. - This is a second level of checking for file changes.
* Manually audit your system regularly.
* Use OS repositories from outside Australia.
And the list would not end there.
Good news (Score:5, Insightful)
Re: (Score:3, Informative)
Insightful but not actually correct. 3 terrorist plots have been foiled in Australia since 9/11:
- http://en.wikipedia.org/wiki/2005_Sydney_terrorism_plot
- http://en.wikipedia.org/wiki/Abdul_Nacer_Benbrika
- http://en.wikipedia.org/wiki/Holsworthy_Barracks_terror_plot
ASIO definitely had involvement in the second one, not sure about the others. I'd be more inclined to suggest that actually they are doing their job just fine with the powers they currently have.
Re: (Score:2)
http://en.wikipedia.org/wiki/Sydney_Hilton_bombing [wikipedia.org]
Our version of http://en.wikipedia.org/wiki/Operation_Gladio [wikipedia.org]
If you need hack my computer to stop terrorists (Score:5, Insightful)
im from ASIO (Score:2)
Being seen as a 'front' for an intelligence agency (Score:2)
Shouldn't our taxes at least buy us the due diligence of authorities to consider the most obvious and grave dangers before trying to get such plans implemented?
How far is too far? (Score:2)
Re: (Score:3)
Its partly because of our close relationship with the US. We have to keep track of terrorists living in Australia, and possibly migrating here.
Re: (Score:2)
I donâ(TM)t know about you, but I find it very curious that comedian George Carlin died of chest pains a few months after his new, scathing routine
or maybe the fact he was 80 years old, with a history of heart problems....
Re: (Score:2)
Re: (Score:2)
"I'd worry about a Tempest virus that polled a personal computer's CD-ROM drive to pulse the motor as a signalling method:
Why bother when it could use a small cellular modem?
Re: (Score:2)
Does this get the record for the longest TL;DR reply? It has to be in the running
Re: (Score:2)
Australian Secret Intelligence Service (ASIS) ~MI6/CIA - unknown policy/past. Policy papers hint of been very, very direct until early 1980's.
DSD Defence Signals Directorate ~GCHQ/NSA/CSE - keeps codes safe, taps all telcos in Asia.
The public face of the Australian spooks has been ASIO, a hunt for communists, keeping its ranks pure and records shared with state police on all local groups,