UK preps 'hacking tools' ban

Author: Gareth Halfacree
Published: 4th January 2008
Comments (26) Stumble
UK preps 'hacking tools' ban

The Crown Prosecution Service is keen to see the new guidelines enforced.

The UK government has announced a set of guidelines to be applied to the Computer Misuse Act (part of the Police and Justice Act 2006) which will, if enforced, make it illegal to possess or distribute “hacking tools.”

The ban comes along with an increase in the maximum prison sentence available for computer-related offences to ten years and also a re-wording which makes denial of service attacks clearly illegal.

Many in the IT industry are grumbling about the ban, which would cover network tools such as Nmap and Wireshark if misused. The government has so far failed to allay these fears, stating only that the authors of such tools will only be chased if “they intended it to be used to commit computer crime” - no mention of what happens if a dual-use security tool is misused in such a way.

The guidelines, published by the Crown Prosecution Service, do contain a get-out clause for commercial software: prosecutors are asked to take into account whether the software is “available on a wide scale commercial basis and sold through legitimate channels”, which sadly leaves open-source and freeware tools out in the cold.

It's security researchers who have the most to fear from this draconian modification to an already pretty tough law, as many of the tools used in such research would be covered under the ban. Penetration testing – hacking into a company network with permission in order to detect security holes – is a growing business, and it's the practitioners of this lucrative art who stand to lose the most should distribution of useful network utilities be stopped.

The amendments to the Computer Misuse Act are expected to come into force some time around April of this year.

Any sysadmins out there livid at the thought of losing their network toolkit in a single hit, or are you all breathing a sigh of relief at your friendly government doing its bit to protect you? Give us a shout over in the forums.
Quote DLoney 4th January 2008, 08:53
“If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy of which we know little.”
-James Madison

:|
Quote Jamie 4th January 2008, 09:17
This is really stupid! In no case should a type of software be illegal, the use of the software to do something illegal is what they should be cracking down on. There are so many legitimate uses for software such as MITM and network sniffing utilities.

Next they'll be trying to make bittorrent software illegal because it can be used to distribute pirated software/games/videos.
Quote n3mo 4th January 2008, 09:29
This is just stupid. Why don't make kitchen knives illegal? They can be used to kill someone. Heck, water should be illegal, too. Not to mention cars.

This is exactly what happens when decisions are made by people that don't have a clue about what they are talking about.
Quote naokaji 4th January 2008, 11:10
if water woudnt have existed hitler coudnt have survived...

its what people do that should decide if its something good or not... not what they had access to or what possibilities exist...
Quote cjoyce1980 4th January 2008, 11:34
I hope that this doesn't mean for IT security companies, my mate works for one and they use these tools all the time for ethical hacking to maintain system security for big names. If these people can't use these tools then i'm saying bye bye to online banking/shopping/etc....
Quote Glider 4th January 2008, 11:44
W T F . . .
Quote Shielder 4th January 2008, 11:54
Time to educate the PM methinks. Is there anyone (who knows exactly what this proposal will do to the security industry) who is willing to start a petition on the No.10 website? It may not achieve anything, but if we explain the benefit of this software in the petition, then someone may get a clue and stop this proposal being put forward.

I know nothing of this software, so I wouldn't be able to "educate" them effectively.

Andy
Quote specofdust 4th January 2008, 11:54
Good thing I already downloaded wireshark and all the portscanners a man could want xD

Also: sigh :(
Quote Delphium 4th January 2008, 12:07
Quote:
Originally Posted by Jamie
This is really stupid! In no case should a type of software be illegal, the use of the software to do something illegal is what they should be cracking down on. There are so many legitimate uses for software such as MITM and network sniffing utilities.

Next they'll be trying to make bittorrent software illegal because it can be used to distribute pirated software/games/videos.

My thoughts exactly, also is itunes next? As that can rip cd's to mp3 for your own use which the RIAA claims is illegal, and oh hang on windows media player also could do this too, so does that means windows would have to be banned too (which some of you may think "can only hope" hehe) ?! (slightly off topic, but same principle)

Without the use of some of these network packet sniffing tools id be at a loss, trying to find out which device is dropping packets left right and center, finding which machines are showing on the network, figuring out why the hell im not getting internet via my new wireless router at home when any networking from end to end works fine (passing though the internet router).
Then of cause the more imoprtant reason of being able to see where one has secuirty flaws and being able to fix/secure them!!

Some of us rely on these tools to do our jobs, pffft. Sounds like the whole Germany fiasco with regards to hacking tools all over again.
Quote Paradigm Shifter 4th January 2008, 12:36
I don't honestly know why everyone is so surprised; this "Labour" Government are absolutely brilliant at coming up with knee-jerk ill-thought-out legislation to patch a perceived hole their badly-informed advisers have recommended is forced through.
Quote DXR_13KE 4th January 2008, 13:12
i hope someone inserts some sense into their heads.... with a spiked club..... covered with a condom so it is safe penetration.....
Quote Pheonix91 4th January 2008, 13:48
Quote:
Originally Posted by DXR_13KE
i hope someone inserts some sense into their heads.... with a spiked club..... covered with a condom so it is safe penetration.....

Haha I concur, this is more proof that the UK is run by a bunch of idiots.
Quote naokaji 4th January 2008, 15:01
Quote:
Originally Posted by Paradigm Shifter
I don't honestly know why everyone is so surprised; this "Labour" Government are absolutely brilliant at coming up with knee-jerk ill-thought-out legislation to patch a perceived hole their badly-informed advisers have recommended is forced through.

they prolly got a randomizer running if they slap extra taxes on something or ban it....
Quote C-Sniper 4th January 2008, 15:34
i feel sorry for anyone who has/will have BackTrack Linux 3.
Quote airchie 4th January 2008, 16:58
What a joke.

"guns don't kill people, people kill people".

Same with these tools.
Of course they can be used for malicious acts, that's why network admins NEED to use them too in order to secure their networks from such attacks.
The malicious hackers are already breaking the law (intentionally) by gaining unauthorised entry to a network.
Does the govt really think that this extra legislation is going to make any difference at all (other than make network secuity much harder to accomplish)?
Quote Delphium 4th January 2008, 17:18
This kind of legislation is not going to effect the hackers in any way shape or form, they will continue to use these tools, if they dont care about breaking and entering into someones network or pc, then im fairly sure that could not give a rats about a bit of software, if sites stop hosting these files publicly, then there just end up on underground sites and being traded underground, and those law abiding sys admins will get struck hard as they can no longer do there job with ease, waiting for an attack to take place before they can fix it.

Surely prevention is better than cure .
Quote gnidnu 4th January 2008, 17:24
We already had the same discussion here in Germany. Unfortunately, the "anti-hacking" law was introduced. Now we face the problems that are yet just discussed here, especially as the law is not precise.
Quote tech3312 6th January 2008, 19:16
WHy not they ban soldering iron, and all those hobbyist uses those are called hacking tools cause they can make things to hack
Quote airchie 9th January 2008, 04:04
Quote:
Originally Posted by Delphium
then there just end up on underground sites and being traded underground
Worst part of this is, the very nature of the dark underside of the internet is asking for the files offered to be trojaned to buggery. So when the sys-admins do finally decide the law is just too stupid to adhere to and go hunting for the tools to allow them to do their jobs, they get stung by the very act of trying to find the apps that have been forced underground.

I see the same thing happening on a lot of the PCs I have to fix.
Average Joes/Janes have gotten peeved at the cost of CDs/DVDs, or given up trying to make them work right on their MP3 players/HDTVs and decided to go looking online to download them.
And there are the malicious peeps waiting with open arms with sites offering 'Free this and free that' which are all just virus and hijacking trojans.
Then bang, one seriously slow machine riddled with all the shite of the day. :(
Quote trati629 24th January 2008, 01:28
Petition for the rethink of teh ban on hacking tools.
http://petitions.pm.gov.uk/hackingtools/
Quote Freedom 24th January 2008, 03:04
Quote:
Originally Posted by airchie
What a joke.

"guns don't kill people, people kill people".

No guns don't kill people I do(sorry bit of happy Gilmore humor)
Quote RTT 24th January 2008, 09:24
How exactly do they plan to enforce this?
Quote Shielder 24th January 2008, 09:32
Signed.
Quote Glider 24th January 2008, 09:38
Quote:
Originally Posted by RTT
How exactly do they plan to enforce this?

Let Sony install a rootkit that dishes out following info
  • Installed software => To the government
  • How many times you type Allah or Islam => To the government
  • List of media files => To RIAA (or IFPI or the likes)
  • Your penis size => To the Viagra spambots.

... and the list is endless...


Seriously: They'll never know...
Quote specofdust 24th January 2008, 10:45
"We the undersigned petition the Prime Minister to Rethink the introduction of a set of guidelines to be applied to the Computer Misuse Act which will, if enforced, make it illegal to possess or distribute “hacking tools.”."

Great, written by someone who can't spell. That's sure to help the cause....

Very badly written too. A very brief explanation of the fact that there are legitimate uses for the tools and referring to them as "security tools" would be far more sensible. I hope another petition can be launched and this one withdrawn, but I doubt it now.
Quote JADS 24th January 2008, 11:53
Computers in general must be on the GOVERNMENT's hit list, not only can they be used for all sorts of illegal activities they can also be used to view and create content that casts the GOVERNMENT in a bad light. We can't be having that now can we?

Welcome to 1984!

I suggest a national break the law day where you take a selection of ludicrous laws and attempt to break as many of them as you can and publiscise it. Given that the gaols are now full you can't get sent to prison anymore ;)
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.