Close

Results 1 to 4 of 4
Like Tree3Likes
  • 2 Post By MaXe
  • 1 Post By metasplotto

Thread: Update to existing EU cyber law makes it worse for the good guys

  1. #1
    MaXe's Avatar
    MaXe is offline Founder of InterN0T
    Join Date
    Jun 2008
    Location
    Australia
    Posts
    4,316
    Blog Entries
    38
    Rep Power
    10

    Update to existing EU cyber law makes it worse for the good guys

    Cyber attacks on IT systems would become a criminal offence punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee on Tuesday. Possessing or distributing hacking software and tools would also be an offence, and companies would be liable for cyber attacks committed for their benefit.

    The proposal, which would update existing EU legislation on cyber attacks, was approved with by 50 votes in favour, 1 against and 3 abstentions.

    "We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations. The financial damage caused for companies, private users and the public side amounts to several billions each year" said rapporteur Monika Hohlmeier (EPP, DE). "No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world" she added.

    The proposal would establish harmonised penal sanctions against perpetrators of cyber attacks against an information system - for instance a network, database or website. Illegal access, interference or interception of data should be treated as a criminal offence, MEPs say.

    The maximum penalty to be imposed by Member States for these offences would be at least two years' imprisonment, and at least five years where there are aggravating circumstances such as the use of a tool specifically designed to for large-scale (e.g. "botnet") attacks, or attacks cause considerable damage (e.g. by disrupting system service), financial costs or loss of financial data.

    IP spoofing
    Using another person's electronic identity (e.g. by "spoofing" their IP address), to commit an attack, and causing prejudice to the rightful identity owner would also be an aggravating circumstance - for which MEPs say Member States must set a maximum penalty of at least three years.

    MEPs also propose tougher penalties if the attack is committed by a criminal organisation and/or if it targets critical infrastructure such as the IT systems of power plants or transport networks.

    However, no criminal sanctions should apply to "minor cases", i.e. when the damage caused by the offence is insignificant.

    Cyber-attack tools
    The proposal also targets tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences.

    Liability of legal persons
    Legal persons would be liable for offences committed for their benefit (e.g. a company would be liable for hiring a hacker to get access to a competitor's database), whether deliberately or through a lack of supervision. They would also face penalties such as exclusion for entitlement to public benefits or judicial winding-up.

    To resist cross-border cyber-attacks, Member States need to ensure that their networks of national contact points are available round the clock, and can respond to urgent requests within a maximum of eight hours, says the text.

    Background
    Large-scale cyber-attacks took place in Estonia in 2007 and Lithuania in 2008. In March 2009, public and private sector IT systems in more than 103 countries were attacked using a "zombie" network of compromised, infected computers.


    Next steps

    The Rapporteur aims for a political agreement between Parliament and Council on this Directive by the summer.


    MaXe's Review:
    My personal view on this drafted law which has been approved, is that the chapter about Cyber-attack tools, is seriously (excuse my language), retarded.
    The proposal also targets tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences.
    This means, that ALL ethical hackers in (all) of EU that develops their own tools, are criminals. Even if they don't share them, and work with ethical hacking (i.e., penetration testing) daily, it's now illegal. Companies developing software to check your website for vulnerabilities, in order to tighten the security, are also criminal now. Finding bugs in software (or web apps) and then informing the developers responsibly, is illegal too.

    All the tools you have installed on your computer, are now illegal. Even if you don't use them, you're now a criminal according to the "system". If you download BackTrack, or is even a developer, you're now a criminal too. If you run a website that talks about hacking tools, you are in some way, a criminal too. I don't think the computer imbecile retards (excuse my language again), who made up this law, knows anything about computers, security, ethical hacking, penetration testing, etc.

    I don't think they know, that we NEED these tools, we need to develop better tools, in order to counter-attack the blackhats. The good blackhats will just add a few extra proxies or set up their own satellites, or use open WiFi AP's and be even more cautious, making it harder to catch the "bad guys", and well, the good guys, they can't legally do anything, because we now in EU, live in a sick system that's so scared of hacking, where ~99% are script kiddie attacks that could've been prevented by the good guys, if the companies affected hired them, and if they hired the right ethical hackers too. (Of course, 0days exists and these can't always be protected against.)

    I am amazed, shocked, and very angry too about this law. After all, the government has made the good guys criminals. What kind of sick world we do live in?


    I don't want to live on this planet anymore.


    ~ MaXe

    Update:
    After a danish news agency contacted them, they sent more information which fortunately doesn't criminalize whitehats:
    »Amendment 22: Member States shall take the necessary measures to ensure that the production, sale, procurement for use, import, distribution or otherwise making available of the following is punishable as a criminal offence when committed intentionally and without right for the clear purpose of committing any of the offences referred to in Articles 3 to 6:«
    »Compromise amendment 16: (7a) There should be no mandatory requirement to impose a penalty in cases deemed to be ‘minor’. A case may be considered as ‘minor’, for example, when the damage caused by the offence, and/or the risk it carries to public or private interests, such as to the integrity of an information system or computer data, or to a person's integrity, rights and other interests, is insignificant or is of such a nature that the imposition of a criminal penalty within the legal threshold or the imposition of criminal liability is not necessary. Such a case may occur when the access to an information system was without right, but the only purpose was to inform the operator of the information system about serious security gaps and no damage was caused.«

    Reference:
    Hacking IT systems to become a criminal offence
    Last edited by MaXe; 31st March 2012 at 14:49.
    s3my0n and metasplotto like this.


  2. #2
    Join Date
    Feb 2012
    Posts
    27
    Rep Power
    5

    Re: Update to existing EU cyber law makes it worse for the good guys

    I agree with you MaXe. It's retarded. As always is better blame the tool and not the use.
    MaXe likes this.

  3. #3
    Join Date
    Aug 2010
    Location
    /dev/sda1
    Posts
    146
    Rep Power
    9

    Re: Update to existing EU cyber law makes it worse for the good guys

    motherf*ckers... ...pretty much feel like setting someone on fire now... anyone got matches?
    i used to suffer from insanity, now i enjoy it...

  4. #4
    MaXe's Avatar
    MaXe is offline Founder of InterN0T
    Join Date
    Jun 2008
    Location
    Australia
    Posts
    4,316
    Blog Entries
    38
    Rep Power
    10

    Re: Update to existing EU cyber law makes it worse for the good guys

    Fortunately the resumé did not include the compromise amendments, which actually does not criminalize whitehats. The complete text of this law is not available yet, but will be soon. One of the compromise amendments has been added



Similar Threads

  1. What makes MAC so great?
    By securityxxxpert in forum Mac OS X
    Replies: 10
    Last Post: 16th March 2011, 20:48
  2. Cyber Security Challenge
    By TheXero in forum General Hacking Discussions
    Replies: 10
    Last Post: 8th October 2010, 15:45
  3. Verizon demos 1Gbps over existing fiber network
    By venomousweb in forum Security News and Feeds
    Replies: 0
    Last Post: 17th August 2010, 19:50
  4. Strange zoo parking attendent makes off with millions
    By DarkS Angel in forum The Offtopic Section
    Replies: 5
    Last Post: 14th October 2009, 13:30
  5. 10 Most Mysterious Cyber Crimes
    By Rorok in forum General Hacking Discussions
    Replies: 6
    Last Post: 24th October 2008, 14:20

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •