RE: [Full-Disclosure] JAP back doored

From: Drew Copley (dcopley_at_eeye.com)
Date: 08/21/03

  • Next message: Vincent Penquerc'h: "[Full-Disclosure] RE: JAP back doored" 
    To: <full-disclosure@lists.netsys.com>
Date: Thu, 21 Aug 2003 12:49:39 -0700

    > -----Original Message-----
    > From: Florian Weimer [mailto:fw@deneb.enyo.de]
    > Sent: Thursday, August 21, 2003 12:23 PM
    > To: Drew Copley
    > Cc: full-disclosure@lists.netsys.com
    > Subject: Re: [Full-Disclosure] JAP back doored
    >
    >
    > "Drew Copley" <dcopley@eeye.com> writes:
    >
    > > Why is the state of Germany trojanizing applications which
    > may be run
    > > by anyone on the planet?
    >
    > Why is the U.S. government interfering with the publication
    > of security advisories if the corresponding software is being
    > run throughout the world?

    I haven't had any problem issuing security advisories. What is this in
    reference to?

    Pointing the finger elsewhere does not excuse the fact that the German
    State has trojanized a popular application which was open to the world
    to download. And, indeed, the world did download.

    Here are some things I do not care if Germany does:

     - I don't care if they listen to their own wires
     - I don't care if they hack into their own criminals systems
     - I do not care if they use zero day to do this
     - I do not even care if they hack into criminals systems in other
    countries if they have some jurisdiction in this and are working with
    other authorities. For instance, if they were hacking into terrorist
    networks which spanned across the world and were sharing this
    information, I would not care.

    A German cop has no jurisdiction over me. He has no jurisdiction over
    anyone outside of Germany.

    This is the same for every country.

    >
    > The German government funds the AN.ON project, but allowed
    > for a great deal of independence. Naturally, this
    > independence does not extend to the law, thanks to separation
    > of powers. Now a judge has forced the operators to implement
    > a surveillance interface, which is possible because of a
    > design weakness. But that's just the beginning of the legal
    > process. The project has announced that it plans to fight,
    > but within the legal system.

    This does not absolve them, nothing you can say absolves them. I realize
    you have some patriotism here and are speaking from this... But, I also
    know you do not want the US government to backdoor US applications from
    US companies without telling you.

    I know this to be true.

    >
    > > How is it they believe they have a right to trojanize
    > someone outside
    > > of Germany?
    >
    > Nobody forces you to use the German service if you don't
    > trust the operators or (thanks to recent events) German law
    > enforcement.

    That is an empty argument not worth going into.

    >
    > > This is blatantly illegal in just about every country outside of
    > > Germany. Literally.
    >
    > No, it isn't. Most countries with communication
    > infrastructure have laws that regulate law enforcement
    > access. This is not a "stupid local law" issue.
    >

    This also is an empty argument.

    Basically, you are saying if it is discovered the NSA has a backdoor in
    Windows, that this is okay and no one has a right to complain, even if
    they are outside of the US.

    I doubt this would be your case in this situation.

    I am sure many could say, "Well, this situation is different".

    No, it is not. Let's be honest here.

    > Your country is eavesdropping foreign communication as well.

    My country has not installed a trojan on my system, to my own knowledge,
    all rumors and speculation aside.

    They have not hacked into my system.

    As to what wires they listen to, if they listen to their own, that is
    their business. We have encyption software. If they listen to other
    people's wires, that is outside of their domain, then yes, this should
    be illegal. But, is it proven? Does it remove the fact that there are a
    host of privacy and anonymity tools which we can use?

    But, Germany has decided that people don't have a right to use these
    tools. They have not tried to do even the honorable thing and break
    these things - which is illegal - but they have secretly trojanized the
    code.

    You want me to applaud this?

    Maybe your nation has just given my own nation some new ideas.

    Did you help stop this trend?

    >
    > > Or, do they believe they are superior to other countries,
    > and they may
    > > invade at will?
    >
    > Please check the facts. Germany doesn't an operate
    > eavesdropping base in the U.S., but the U.S. do in Germany.

    I won't even go into that. I do not know what they do there, but their
    rights have been worked out with the German government. If you have an
    issue with that, you need to take that up with their government.

    If my government allowed German police to trojanize an application I ran
    and my government covered this up... I would be furious at my government
    first, and at Germany second.

    But, none of this is dealing with the matter at hand. These arguments
    are all a distraction.

    I have not intended to offend your patriotic sensibilities. My apologies
    in this regard.

    My statements stand for whatever country might do such a thing, my own
    included.

    ...

    With some reflection, I realize this was done out of incompetence rather
    than out of understanding. I know this. I know it was ignorance, not
    maliciousness, which inspired this.

    That, is, I guess it is.

    It is true, someone that does wrong knowingly is much more guilty then
    someone that does wrong in ignorance. But, it is also true that they are
    both still guilty.

    I hope that you may bring yourself to condemn this action of your
    government. I hope that you may see it is not something to excuse. For
    by excusing this, surely, you excuse the same from countries you do not
    hold allegiance to.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Vincent Penquerc'h: "[Full-Disclosure] RE: JAP back doored"

    Relevant Pages

    • RE: [Full-Disclosure] JAP back doored
      ... we have jurisdiction over the world apparently. ... > Why is the U.S. government interfering with the publication ... Here are some things I do not care if Germany does: ... Most countries with communication ...
      (Full-Disclosure)
    • Germany seeks expansion of computer spying
      ... The War on Terrorism takes a new turn in the area of privacy as the ... scanning hard drives through the use of Trojan viruses to read the ... which has pledged to find and publicize the first government ... through the era of the Gestapo and communist rule in East Germany, ...
      (sci.military.naval)
    • Re: Dick Cheney, a tribute
      ... Five signers were captured as traitors by the British, ... But they signed the Declaration of Independence knowing ... Germany, again, are prime examples, with 10-12% unemployment rates. ... Moroccans, Algerians, and Turks that they let into their countries to do ...
      (rec.pyrotechnics)
    • Re: PHIL ALLISON: WW2 US - Australian relations. As off-topic asI can make it :-)
      ... and NZ had committed a big chunk of their resources to helping Britain ... The basic problem before WW2 was that certain countries were increasing ... matter of hoping a strong Germany would resist USSR's expansion (ironic ... When Japan attacked Pearl Harbour, America declared war on Japan only, ...
      (rec.audio.tubes)
    • Re: Germany seeks expansion of computer spying
      ... scanning hard drives through the use of Trojan viruses to read the ... which has pledged to find and publicize the first government ... Germany seeks expansion of computer spying ...
      (sci.military.naval)