Monday, January 5, 2009

Encouraging the UK police to hack a little more often

Apparently the UK Home Office is going to be encouraging the British bobby to do a little more hacking against those big bad cybercriminals out there - according to the BBC news.
In a statement regarding the agreement, the Council stated that "the new strategy encourages [the police and the private sector] to…resort to remote searches."

British law already allows police to remotely access computers under the Regulation of Investigatory Powers Act 2000, which allows surveillance to "prevent or detect serious crime".
I'm not sure exactly what the Council thinks the "private sector" encompasses, but wouldn't it be rather jolly if that included commercial penetration testing teams? (obviously not including commercial criminal hacking-as-a-service providers) I'd love to take a legal crack at the multitude of known criminal sites out there, and so would just about every professional pentester I know.

With the prospect of hacker-bobby knocking on your virtual door, you just know that someone'll complain about the breach of privacy etc. Oh well, it'll be interesting to see if the police take up the hacking challenge. If not, I'm sure these no shortage of willing volunteers.

One other quick note about the BBS news article. I'm not sure who Professor Peter Sommer is, but I'm not sure about the following statement...
Most anti-virus programs and firewalls will detect surveillance attempts because they are designed to stop the remote access software or Trojan-type viruses that hackers - even police hackers - usually use, he explained.
As far as I'm aware most of the professional malware out there in use today by the real criminals is a generation or two more advanced that the anti-virus solutions in popular use. And, strangely enough, that very-same malware the criminals are using can be purchased by anyone willing to fork over a few hundred dollars to a hacking-as-a-service provider in Russia, Korea, Turkey, Brazil, etc. so I don't think that's an inhibitor.

Here's a proposition to the police officers that are worried about being detected by anti-virus - buy the same software the organized criminal teams are using.

No comments:

Post a Comment