Australia's Spies Want To Put Members Of The Public At Risk By Using Them To Pass On Malware to Suspected Terrorists
from the not-thinking-it-through dept
Last year we wrote about the German police using malware to spy on members of the public. Now ASIO, Australia's national secret service, has come up with a new variant on the idea:
A spokesman for the Attorney-General's Department said it was proposing that ASIO be authorised to ''use a third party computer for the specific purpose of gaining access to a target computer''.
The problem seems to be that even suspected terrorists are getting the hang of this security stuff:
The department said technological advances had made it ''increasingly difficult'' for ASIO to execute search warrants directly on target computers, ''particularly where a person of interest is security conscious.''
So the idea seems to be to infect the computer of someone that the alleged terrorists know, and then use that trusted link to pass on malware:
Australians' personal computers might be used to send a malicious email with a virus attached, or to load ''malware'' onto a website frequently visited by the target.
That probably seemed like a really clever ruse to the people who thought it up, but it overlooks some basic flaws.
First, that once ASIO has taken control of an intermediary's computer it can do anything -- including poking around to see what's there. After all, if intermediaries are known to suspected terrorists, it's possible that they too might be terrorists.
The authorities are insisting that the warrant to break into somebody's computer would not authorize ASIO to obtain "intelligence material" from it. But you don't have to be clairvoyant to predict that at some point in the future, "exceptional" circumstances will be invoked to justify doing precisely that: once security services start down a slippery stop, they never seem to be able to stop.
Secondly, as the German experience shows, if a computer has been compromised by malware in this way, it's not just the government agencies that can take control: anyone who has obtained the malware and analyzed it will be able to look for ways to send their own instructions. That could leave innocent members of the public vulnerable to privacy breaches and economic losses that would be directly attributable to the spy agency's digital break-in.
Finally, this approach seems to overlook the fact that presumed terrorists are unlikely to be best pleased with any person that unwittingly sends them government malware. If they notice and really are ruthless terrorists, they might decide to take revenge on that person and his or her immediate circle of family and friends. Either the Australian spy agency hasn't really thought this through, or it is being extremely cavalier with the lives of the members of the public it is supposed to protect.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
spys is spys
Combatants out of "uniform" (spys) were automatically hung, for their actions endangered non-combatants (you and i).
As these simple rules are subsumed in never ending Hollywood propaganda making subterfuge fun, "war" is changed;
In the US Civil war, 750,000 combatants died and perhaps a thousand civilians (mostly in Kansas).
WWI nine combatants for every civilian death.
WWII one combatant for every ten civilian deaths (perhaps a million mostly women and children died on a Saturday morning 10 March 1945).
1965-1973 in SE Asia, we lost 59 thousand men, they lost 3-6 million with "strategic bombing".
My father had to remove his buttons and all Navy insignia in WWII when flying into or out of the Azores, Peru & Galapagos Is or Ireland.
Rules is rules.
[ link to this | view in chronology ]
Re: spys is spys - WWII
How accurate that is I don't know it could have been much worse than this.
[ link to this | view in chronology ]
Re: Re: spys is spys - WWII
why?
because we are the MOST CIVILIZEDEST nekkid apes EVAHHHHHH!
...just ask anyone in power, they'll tell you so !
art guerrilla
aka ann archy
eof
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Seeing as this is only a proposal by a spokesperson who is probably only gauging the public and business response (it was given to News Ltd remember) then until at such time it becomes more I wouldn't worry about it. Though my answer to the question is most likely no unless you had foreknowledge of the installation.
This situation will always be a problem for ASIO and the AFP (who are more likely to want this then ASIO). But it has major chilling effects on what constitutes a third party machine, who has vicarious liability, what checks are in place for abuse from all sides, and would there be 3rd, 4th party or more liability for someone innocently destroying the code.
Have a great weekend from here in stinking hot Sydney (42 where I am at moment) and I gotta drive home soon in Sydney traffic.. to where its currently 45. blah!
[ link to this | view in chronology ]
If not you can be sure real hackers will use that to their benefit.
[ link to this | view in chronology ]
This is ASIO we are talking about
I had a colleague who in his youth went for a job with them and the report of the interview included that dark glasses and trench coats were the order of the day. We didn't initially believe him till he swore an oath that it was so.
Should we be worried, probably and more for what other groups will do with the facilities than what ASIO will be able to do.
John,
If it is not officially marked by ASIO, how can you not remove it? Though I suppose, if this comes to pass, you could always ring ASIO to verify first and if they so that they are not monitoring the machine then you could just go ahead and remove it (get the confirmation as email, voice recording or letter first). I am sure that ASIO will set up a helpline for these matters as a service to the IT industry.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ah the wisdom. So if the terrorist uses Facebook then it's ok if 1 billion more are infected with the malware too right? Why don't they throw nukes all over the world? This would surely eliminate all terrorists.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Unless of course there's some sort of secret interpretation that allows them to use it on everybody, but we all know how unlikely that is to happen.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Let Them Do Their Job
[ link to this | view in chronology ]
Re: Let Them Do Their Job
Goverment agencies around the world have proven again and again that they will abuse any extra power they can get.
Second: if you dont like the reporting, why are you here?
For obedient government believers like you there are other desinformation channels, like fox news
[ link to this | view in chronology ]
Re: Let Them Do Their Job
[ link to this | view in chronology ]
Re: Let Them Do Their Job
[ link to this | view in chronology ]
Re: Let Them Do Their Job
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I imagine that adding this sort of thing to the law books would require some sort of ambiguity or possibly a section of the law that is kept secret, because they would not want to divulge any details of their methods. Hence, secret laws and tribunals - what a wonderful world in which to live. Just remember boys and girls, ignorance of the law is no excuse and you have nothing to fear if you have done nothing wrong. Don't worry, be happy.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Hitler would have said
Yea, sure.
[ link to this | view in chronology ]