UK Web Filtering Blocks Access To Website Of Europe's Largest And Oldest Hacking Community

from the always-broken...-always dept

The "Great Firewall of Britain" claims another victim. "Voluntary" (as in: under the threat of legislation) internet filtering by ISPs has blocked UK citizens from connecting to the website of one of the oldest computer hacking groups in existence.

Last Friday, Germany's Chaos Computer Club posted this statement.

A significant portion of British citizens are currently blocked from accessing the Chaos Computer Club's (CCC) website. On top of that, Vodafone customers are blocked from accessing the ticket sale to this year's Chaos Communication Congress (31C3).

The post goes on to note that while these filters are faulty and suffer from overbroad content flagging, they can be easily bypassed simply by using the site's IP address: 213.73.89.123. It also points out that this blockage could possibly be deliberate, rather than due to the inherent technical limitations of poorly-designed web filters.

However, it may very well be that the CCC is considered "extremist" judged by British standards of freedom of speech.

Could be. Governments tend to treat all hackers as criminals, no matter how much the standard definition deviates from government officials' misconceptions. The Chaos Computer Club, despite being Europe's largest hacker community, is not composed of criminals. But it has engaged in several acts that would make it less popular with various governments, including reverse engineering "lawful access" malware used by German law enforcement (which included installations on school computers), uncovering a government backdoor in Skype and filing a criminal complaint against the German government for its massive domestic surveillance programs.

As it stands now, it appears that only Three is currently blocking the main CCC website. The Open Rights Group's "Blocked" website indicates that Virgin Media and Vodafone had both blocked the site until recently, but appear to have removed CCC from their blacklists on Nov. 27th and Dec. 8th, respectively.

Blocking the CCC is just another demonstration of how internet filters don't work. The filter fails on multiple levels, going overboard with the blocking while simultaneously allowing users to bypass the system using nothing more than an IP address. The end result is the UK's passive-aggressive filter-by-proxy, one that hangs the threat of regulatory legislation over the heads of ISPs while signing off on "will this do?" filtering.

Filed Under: filters, hacking, porn filters, uk
Companies: chaos computer club

International Service Providers Sue GCHQ For Potentially Hacking Their Networks

from the could-get-interesting dept

A group of seven smaller international ISPs, many of which tend to be used by activists, are now suing GCHQ via the Investigatory Powers Tribunal, for hacking into their networks. The focus of the lawsuit is on the GCHQ's now infamous hacking of Belgian telco Belgacom, via a quantum insert, to get access to a variety of communications. While those revelations don't name any of the service providers filing suit, they note that "the type of surveillance being carried out allows them to challenge the practices in the IPT because they and their users are at threat of being targeted." The seven service providers are:

Riseup (US), GreenNet (UK), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (Korea), May First/People Link (US), and the Chaos Computer Club (Germany), along with Privacy International

There may be a big question as to whether or not any of those organizations really have standing if there's no evidence they were actually targeted by GCHQ, but I don't know enough about how the Investigatory Powers Tribunal works when it comes to the question of who has standing to judge at the outset. Either way, the service providers note that GCHQ's activities violate the European convention on human rights:

First, in the course of such an attack, network assets and computers belonging to the internet and communications service provider are altered without the provider’s consent. That is in itself unlawful under the Computer Misuse Act 1990 in the absence of some supervening authorisation. Depending on the nature and extent of the alterations, the attacks may also cause damage amounting to an unlawful interference with the internet and communications service provider’s property contrary to Article 1 of the First Protocol (“A1P1”) to the European Convention on Human Rights (“ECHR”).

Second, the surveillance of the internet and communications service provider’s employees is an obvious interference with the rights of those employees under Articles 8 and 10 ECHR, and by extension the provider’s own Article 10 rights. As Der Spiegel reported in relation to a separate attack on Mach, a data clearing company, a computer expert working for the company was heavily targeted: “A complex graph of his digital life depicts the man’s name in red crosshairs and lists his work computers and those he uses privately (‘suspected tablet PC’). His Skype username is listed, as are his Gmail account and his profile on a social networking site. […] In short, GCHQ knew everything about the man’s digital life.” It is not simply a question of GCHQ confining its interest to employees’ professional lives. They are interested in knowing everything about the staff and administrators of computer networks, so as to be better able to exploit the networks they are charged to protect.

Third, the exploitation of network infrastructure enables GCHQ to conduct mass and intrusive surveillance on the customers and users of the internet and communications service providers’ services in contravention of Articles 8 and 10 ECHR. Network exploitation of internet infrastructure enables GCHQ to undertake a range of highly invasive mass surveillance activities, including the application of packet capture (mass scanning of internet communications); the weakening of encryption capabilities; the observation and redirection of internet browsing activities; the censoring or modification of communications en route; and the creation of avenues for targeted infection of users’ devices. Not only does each of these actions involve serious interferences with Article 8 ECHR rights, by creating vulnerabilities and mistrust in internet infrastructure they also chill free expression in contravention of Article 10 ECHR.

Fourth, the use by GCHQ of internet and communications service providers’ infrastructure to spy on the providers’ users on such an enormous scale strikes at the heart of the relationship between those users and the provider itself. The fact that the internet and communications service providers are essentially deputised by GCHQ to engage in heavily intrusive surveillance of their own customers threatens to damage or destroy the goodwill in that relationship, itself an interference with the provider’s rights under A1P1.

Certainly a case worth watching if it can get past the standing issue.

Filed Under: gchq, hacking, security, surveillance, uk
Companies: chaos computer club, greenhost, greennet, investigatory powers tribunal, jinbonet, mango, may first, people link, riseup