Police to be given new PC hacking powers
Scott Bicheno - 5 Jan 09, 1:57pm
Boost for Big Brother
Company Info
Talk
Share
The Sunday Times has reported that the government plans to make it possible for police or intelligence officers to remotely access the hard drives of private PCs, without a warrant, whenever they deem it necessary.
The euphemism for this Orwellian intrusion is "remote searching" and will presumably spawn a new government department called The Ministry of Privacy Protection, or something like that.
All that's needed to justify such a search is the belief on the part of a senior officer that it's necessary to prevent or detect a crime that would warrant (no pun intended) a jail sentence of over three years.
For some reason, civil liberties groups weren't too keen on the idea. "These are very intrusive powers - as intrusive as someone busting down your door and coming into your home," said Shami Chakrabarti, director of Liberty.
This is the second time the current administration has made clear its intentions to police individual use of IT in the past week. A call for restrictions on content ‘allowed' on the net by culture secretary Andy Burnham was met with derision in the HEXUS.community.
HEXUS related reading
HEXUS.channel - news :: Royal Mail touts first ‘intelligent’ stampHEXUS.channel - news :: Advert regulator gets run of the web
HEXUS.channel - news :: Gartner reduces forecast for PC market
HEXUS.channel - news :: File sharing law specialist referred to disciplinary tribunal
HEXUS.channel - news :: Shoppers drive online sales to 3 year best
HEXUS.channel - news :: India pushes for Google, Skype and RIM data access
HEXUS.channel - news :: BT snags ABC TV on demand service
HEXUS.channel - news :: Ofcom instigates pay TV probe
HEXUS.channel - news :: ITV to launch HD channels on Sky
HEXUS.net - news :: Russian collector shows-off over 1,000 CPUs
All General Business related content on HEXUS
HEXUS.community :: your right2reply
but hacking a computer with a hardware and good software firewall isn't an easy task
wanna bet? maybe for you and me.. but if you're mi5, it'll not be hard for you to get that console access from the router/switch. and if they really want, they'd just use the ISP to monitor promiscuously.. or use a promiscuous network monitoring tool to grab wifi signals out of the air & log the packets as they're received.
thre's many options they could use, from inductive couplers to laser/doppler systems. of course with fiber optic then inductive couplers etc will not work, but they could breakbox the fiber, or they'd reroute to 1 of their servers.Quote
if powers were put into place properly to allow the montering of suspects in certain things such as pedophiles then it would scare the hell out of these perverts and May help reduce this problem.
But the point is that they DO have those powers now. If they can convince a judge that they have reasonable grounds for suspicion they can get a warrant to inspect the computer.Quote
wanna bet? maybe for you and me.. but if you're mi5, it'll not be hard for you to get that console access from the router/switch. and if they really want, they'd just use the ISP to monitor promiscuously.. or use a promiscuous network monitoring tool to grab wifi signals out of the air & log the packets as they're received.
thre's many options they could use, from inductive couplers to laser/doppler systems. of course with fiber optic then inductive couplers etc will not work, but they could breakbox the fiber, or they'd reroute to 1 of their servers.
But that assumes the use of wifi. Picking data packets out of the air won't enable police or intelligence services to search a hard drive, merely to monitor wifi traffic. Anyone hiding anything the police are likely to be interested in, if they've got any sense, aren't accessing it via wifi.
And if all this is about were monitoring internet access and emails, etc, they could do that without searching your hard drive. None of the methods suggested there would let the police search my hard drive, including laser/doppler monitoring. It might let them pick up screen activity, but there's restrictions on how effective that'll be, too, depending on environmental conditions. Networking monitoring would let them monitor network traffic, but they'd have to get the monitoring tool onto my equipment first, which either means a physical breach to do it, or getting past both hardware and software firewalls. Monitoring at the ISP won't tell them what's on my hard drive.
Which brings us back to Tidus' point .... they've got to get past firewalls and getting past a good hardwire firewall to get onto the network, then past software firewalls to get at individual drives isn't a trivial exercise if decent firewalls are used ..... and, of course, set up properly.
And, of course, there's no guarantee that the material they want is on a PC that's turned on when they try to hack in. There's not even any guarantee that the target machine is connected to the network at all. It could be standalone. If it is, ONLY a physical search is going to produce the evidence they seek.
So look at Mayhem's situation again. He, quite understandably, wants evidence to be found so the perpetrator can be banged up, and he wants these searches available because it gives the best chance of getting evidence before the suspect destroys it. But does it give the best chance? Think about that a minute. Suppose I've got that evidence on one of my machines, and that machine is turned off or disconnected from the network. Now suppose I've not only got firewalls running, but a honeytrap of some sort. When those police or intelligence service hackers hack in to my network, and bearing in mind that the material they want is not available 'cos the PC is off, if they do ANYTHING that triggers my a report from my honeytrap, all they will have succeeded in doing is alerting me to the intrusion. So what's my reaction? I delete exactly the material they're looking for and, if I'm paranoid enough, destroy the hard drive (or whatever the material is on) physically. So they've not only got to be good enough to get past my firewalls, but they've also got to be good enough to detect and evade any tripwires I've set .... and to do it without knowing what they;re facing or even if they exist. Good luck with that!
If the police do this type of search and try it on a clued up individual, they're more likely to give away their interest and lose the chance of getting the material via a physical search.
Mayhem, allowing this type of search may result in exactly what you'd seek to avoid - giving the guilty party a chance to destroy evidence. Surely a better bet is to do nothing that might alert the target, until he hears his door being kicked in, and which point, it's almost certainly too late for him to do anything.
Of course, all this requires people to be reasonably technically savvy, but it doesn't take much to make it very hard indeed for a remote search to succeed, and it relies on the public not being aware that such a search can take place. As soon as they are aware, they'll take counter-measures. I certainly will, and I *don't* have anything the police will be legitimately interested in. I just find such activities obnoxious and intrusive, and feel it should be absolutely beyond legal activity unless they have sufficient evidence to satisfy the criteria for needing a warrant, and clearly, this measure is targeted at situations where they don't have grounds for a warrant, or they wouldn't be doing it because they wouldn't need to.
Fingerprints were a wonderful tool, until criminals realised how dangerous they were. So they started wearing gloves. CCTV cameras are great ..... unless the offender knows they;re there and acts accordingly. Facial recognition tools are useful .... unless they offender is wearing a deep hood or a hat that obscures their face. DNA is great, until people start to take precautions like wearing gloves. CSI's ability to identify the exact item of clothing a single fibre came from, unless the offender is smart enough to have dumped or burned the clothes he was wearing, or even smarter and has planted a nice, miscellaneous collection of red herring fibres ....oh, and yes, maybe a misdirecting DNA sample too.
So just how useful will these remote hard drive searches really be? Answer .... as soon as people realise they've been happening, even innocent people will start taking counter-measures to keep snoopers (official or otherwise) out, and the job of the police in catching people like Mayhem wants caught will become even harder than it is now. You raise a hurdle, and people find ways of either getting over it, or round it. One way would be to keep any incriminating evidence on a memory stick, and not use it on a net-facing computer at all. Good luck remote hacking that, even with lasers and/or doppler.Quote
Another epic win post from Saracen!
I'm grateful for the summary - as is often the case with Saracen's posts: tl;dr.
:laugh:Quote
I don't want them lookin' at me pr0n, neither....Quote
Reply