By John Blau
IDG News Service
August 13, 2007
Germany's new antihacker law could open the door to more cybercrime and
not less, security experts warn.
The law, which the German government approved in May and put into effect
on Saturday, aims to crack down on the sharp rise in attacks on
computers in the public and private sectors.
Although Germany already has approved numerous laws to curb attacks on
IT systems, the most recent one aims to close any remaining loopholes.
Punishable cybercrimes include DOS (denial-of-service) attacks and
computer sabotage attacks on individuals, which would extend the
existing law that limited sabotage to businesses and public authorities.
The new law defines hacking as penetrating a computer security system
and gaining access to secure data, without necessarily stealing data.
Offenders are defined as any individual or group that intentionally
creates, spreads or purchases hacker tools designed for illegal
purposes. They could face up to 10 years in prison for major offenses.
"Dual use is at the root of the problem with the new law," said Andy
Mller-Maguhn, a spokesman for the German hacker club Chaos Computer
Club. "You can develop tools, for instance, to test the security of a
network system but you can use the very same tools to hack a system. Our
concern is that if a person has to go to court for having a hacker tool
on his system, he will have to prove his good intentions."
The legal uncertainty created by the new law will make the work of
security experts in Germany more difficult, according to Mller-Maguhn.
"The law is counterproductive," said Marcus Rapp, product specialist at
the German subsidiary of Finnish security vendor F-Secure. "It will make
the security situation worse, not better."
Rapp is concerned about what he calls the law's "broad interpretation"
of hacking and the legal uncertainty it creates.
"We use hacker tools to test the security of computer systems; that's an
essential part of our business," he said. "Could our use of these tools
get us in trouble someday? That's what we don't know."
Russian rival Kaspersky Lab shares a similar opinion.
Hacker tools are "constantly" used by vendors of security software to
close security holes, wrote Andreas Lamm, managing director of Kaspersky
Labs in an e-mail. It's also "unrealistic" to believe, he added, that
the new law will eliminate the illegal use of these tools as clever
criminal hackers will continue to find ways to operate under the police
Several groups of computer experts that develop hacking tools to test
the security of computers and network systems have already pulled the
plug on their operations in Germany, either calling its quits for good
or relocating to countries without antihacking legislation.
Rapp referred to the situation as "not encouraging."
KisMAC , a self-described "good" hacker group that offers a tool to
detect security holes in wireless networks, stopped its work in Germany
and plans to resume in neighboring Netherlands.
Phenoelit , another hacker group, has ended its operations in Germany
and is also considering the Netherlands as a possible relocation site.
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!