Proposed German law a 'win-win' for black hats?
Experts critical of legislation that would ban hacker tools
IDG News Service - New legislation proposed by the German government aims to make computer hacking a punishable crime.
The draft law, announced Wednesday, defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data.
As part of the draft, groups that intentionally create, spread or purchase hacker tools designed for illegal purposes could be punished by law, the Federal Ministry of Justice said in a statement.
Other punishable cybercrimes include denial-of-service attacks and computer sabotage attack on individuals, which would extend the existing law that limited sabotage to businesses and public authorities. Offenders could face up to 10 years in prison for major offenses.
Although Germany already has a comprehensive penal law against attacks on IT systems, the proposed revision aims to close any remaining loopholes, the ministry said.
Some security experts warn, however, that "good" hackers, also known as "white hats" who work for security companies, could be restricted in their ability to help software makers and businesses as a result of the proposed law.
If hackers can't share their tools with the public, "white hats will not be able to get them and use them internally for testing or external security consultants won't be able to do security testing," a hacker, known by the pseudonym van Hauser, wrote in an e-mail. "It's a win-lose law in favor for the bad guys."
Van Hauser is president of The Hacker's Choice, a noncommercial group of security experts.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever. All Cybercrime and Hacking White Papers | Webcasts