

Speaking out against government malware - vog
http://ccc.de/de/updates/2012/state-trojan-proposal

======
trotsky
Forget Disclosure — Hackers Should Keep Security Holes to Themselves

BY ANDREW AUERNHEIMER (weev)

[http://www.wired.com/opinion/2012/11/hacking-choice-and-
disc...](http://www.wired.com/opinion/2012/11/hacking-choice-and-disclosure/)

~~~
billysilly
What does that have to do with anything? Spam much?

~~~
trotsky
An editorial from a few days ago that implores security researchers to not
contribute zero days to governments that use them to invade our privacy has
nothing to do with "Speaking out against government malware"?

Maybe the part of the puzzle that you're missing is that 90% of the zero day
market is nation states buying.

------
acd
I think the bleep up is that law enforcement are there to protect and uphold
the law not breaking the law itself.

I.e. hackers are not allowed to hack other computers, but the government own
agencies suddenly are. Now you have a segregated law, it’s a different law for
the government agencies than its own citizens/hackers.

If we should have a fair society the same law should apply to all citizens, or
it’s no longer a law but special rights to privileged people in the society.

The big question is do we want a spy society were as soon as you have
different opinion than those of the government officals they can attack you
with small petty crimes they have observed you doing from your own private
sphere. I mean the general thing is that even government officials break the
same laws they not hunted, but if you do you will get attacked.

The big question is that of fairness which is what the law should be about or
they are no longer true but false.

------
TazeTSchnitzel
It's nothing new for the CCC.

Germany already has the _Bundestrojaner_ ("Federal Trojan")

~~~
schabernakk
the CCC published an in-depth analysis of the so called bundestrojaner in
which they for example proofed that many of the techniques jused are
unconstitutional (for example intercepting skype calls).

I dont know if there is an english version of the paper (short english summary
and link to the german paper here:
<http://ccc.de/en/updates/2011/staatstrojaner>) but it was a very amusing
read. Especially because it becomes clear very fast that from a technical
standpoint, the software is horrible. Unencrypted communication with the
remote, no auth or integrity checks and so on. Also, a lot of data is sent
over a proxy in the US.

The results were published in various newspapers, among them the Frankfurter
Allgemeine Zeitung (FAZ, a very big and well known newspaper) who printed one
page of the trojans source code. The headline was something like: "You cant
understand this language but this is what controls your everyday life".

Im very glad that we have an institution like the CCC here in germany. Its the
closest you can get to a computer/tech/hacker lobby which argues from a very
pragmatical point of view for example when it comes to things like voting
machines.

edit: if you want to see the pages from the FAZ with the code, you can find it
here (warning - big pdf):
[http://www.faz.net/dynamic/download/fas/FAS_09_10_2011_S41_S...](http://www.faz.net/dynamic/download/fas/FAS_09_10_2011_S41_S47_Staatstrojaner.pdf)

It's titled Anatomy of a digital vermin. The code is introduced with: "A text
we dont understand but it nevertheless rules our lifes"

