Oh, lovely

THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state which drives “a coach and horses” through privacy laws.

The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room.

Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.

Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.

Can we leave yet?

22 comments on “Oh, lovely

  1. A real newbie comment: Don’t suppose one could do a return favour – anyone hacking in gets a nasty bug back?

  2. “Is there any way we can protect our pcs against this?”

    Of course. Make sure you have WPA encryption on your wifi router, not WEP. Make sure your OS is kept up-to-date. And use a Mac where possible.

    I don’t expect the police to have any better hacking abilities than the malware community, who make a lot of money from phishing, botnets, etc. They have a lot more incentive than an employee of plod or even a software vendor to the Home Office (not that this will restrain the vendors in offering magic solutions to the Home Office).

    The most effective technique, and one that is hard to resist, is where the police break in to your house and insert keyboard logger hardware into your machine. But I believe they still need a search warrant to do that.

  3. Use a router with a good hardware firewall, don’t use WiFi unless you’re confident as to the security aspects or having nothing you’d prefer to remain private on your PC, don’t share drives with sensitive information on them, wear two pairs of underpants at all times.

  4. “don’t use WiFi unless you’re confident as to the security aspects”

    I can recommend the new generation of power-line ethernet adapters. They plug into a mains socket, require no software, no Windows driver faff, and just work. Bit of a pain for laptops, but for desktops, printers, etc. they are great.

  5. All wifi is suspect! WEP can be cracked in minutes with suitable software (aircrack-ng). WPA has an exploitable flaw. WPA2 can be brute forced cracked in reasonable times using accelerated hardware (PC graphics cards turn out to be very good at the type of bulk calculation required) – google Elcomsoft.

    Powerline ethernet broadcasts your traffic over mains electricity cables and can be seen outside your premises.

    MS-Windows has more holes than a Swiss cheese. You’ve only got to look at the constant stream of patches from MS and virus scanner updates to see how bad.

    Mac & Linux are better but by no means perfect.

    EM radiation from screens and keyboards can be pick up by suitable receivers.

    “Is there any way we can protect our pcs against this?”

    You can make life harder for hackers (black or white) by using Mac/Linux, encrypted disks, VPNs and wired networks but the bottom line is you cannot stop anybody with sufficient motivation and resource.

  6. Keith, I’d say that if a bluehat (haha!) hacker can see what OS you’re using, you’ve already lost the battle.

  7. Pingback: Även polisen kommer att kunna hacka sig in i din PC genom IPRED lagen

  8. Disk encryption like PGP is only effective against “cold” attacks where someone takes your computer and tries to read its contents. Once you’ve powered up your PC and typed in the decrypt key to access your disk the malware also gets access.

    If you’re really paranoid, then use a Linux Live CD (e.g. Knoppix) and store your data on an encrypted USB drive mounted with “no execute” permission. Your online banking will then be completely safe from software keyloggers & trojans. All you then have to worry about are hardware keyloggers, traffic sniffing and the security of your banks systems…

    Oh b******r it, I think I’ll go back to slate & chalk.

  9. Ian B, If I remember correctly the annual hackers conference challenges all comers to hack (i.e compromise the security of) the major OS’s. Last year OSX took less than 30 seconds to fold, with XP and Vista close behind. Ubuntu was still standing strong when the conference finished. I can’t seem to find a reference to this on the webs, though I do remember reading about it at the time. If anyone else can find a link, I’d be grateful if you passed it on.

    If you want to keep the cops from looking at your HDD use Linux, OpenBSD, Solaris, or BeOS. Open Source is generally far more secure than proprietory, closed source operating systems, more often than not because its prgogrammed and maintained by very skilled and motivated people, some of whom will either have been, or are hackers themselves and so know all the tricks.

  10. Whilst I take all the above precautions anyway I have a question : IF they can read my disk, they can write to it. How are they going to explain the provenance of any data they find if they try to use it in evidence ? One assumes that this kind of covert hack will be used to evidence gather as a pre-cursor to getting a warrant to take the computer away for forensic examination (where there are very strict rules about maintaining the chain of evidence). Surely the act of reading my HD will make all of the above inadmissible ?

  11. Pingback: EU Authorise Police Hacking into your PC « Al Jahom’s Final Word

  12. When Ubuntu can outlast OpenVMS, then I will take notice.

    I hope that Apple supports Itanium in the future for their Mac Pros, then I might be able to load up OpenVMS for some utterly bullet-proof operations.

    Until then, I am downloading Ubuntu.

  13. Pingback: Official spyware? « DaTechguy’s Blog

  14. Come on: those of you who support the EU, what’s your response to this absurdity? You spend virtually this entire comment string detailing how to stop the sleuthing at your home computer. Aren’t you just the slightest bit concerned about your loss of liberties?

  15. Pingback: eurealist.co.uk » Blog Archive » Check your firewalls, people

  16. Pingback: The innocent won’t have anything to worry about – Counting Cats in Zanzibar

  17. @Linux crew

    Linux is still only as secure as the person who configures and uses it. If you don’t know what you are doing, are unfamiliar with security principles and are unwilling to learn then it can be as wide open as any other operating system. Same for all OS’s, Windows does have holes, and these are patched, OSX has holes and are also patched (although less regularly?), if the operator DOES know what they are doing then there isn’t a problem.

Leave a Reply

Name and email are required. Your email address will not be published.