QOTD - Honan on criminals using new technologies

Brian Honan, a member of the SANS NewsBites advisory board and a leading information security professional in Ireland, recently commented on reports that Italian criminals are turning to VoIP to avoid wiretaps.
New technologies will always be exploited by criminals for their own means. Law enforcement needs to accept that fact and develop strategies to deal with the problem.
He went on to provide recent examples of law enforcement reportedly taking the matter into their own hands, adopting a stance which reminds me of the saying: "if you can't beat them [hackers & criminals], join them [hackers & criminals]".
German police have been reported to be developing a Trojan aimed at eavesdropping on Skype http://www.theregister.co.uk/2008/01/29/skype_trojan/, while the NSA is reported to be offering large sums of money to anyone who can develop a reliable means of eavesdropping on Skype calls and messaging http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage
Src: SANS NewsBites Vol 11 Num 13


Brian Honan said...


Thanks for using my quote.

To be honest I have no issue with law enforcement using trojans etc. against criminals and terrorists. After all it is the modern day equivalent of placing a bug in their car, home or office.

My main concern is how will these trojans be controlled? Will the AV companies detect them? If not does this mean that either the AV companies have been given sample code from Law enforcement to exclude from their scanning or is the code so stealthy it cannot be detected? Either way the issue is what happens when, note not if, the code falls into the criminals' hands. They now have their own trojan to use against innocent victims that will go undetected by traditional defences.

Of course there is the other school of thought that all this is a ruse to lure criminals into a false sense of security that Skype is secure, but that law enforcement can already eavesdrop on the conversations.

What a wicked web we weave 8-)

DrInfoSec said...

I share Brian's concerns about allowing AV companies conveniently ignoring Law Enforcement versions of what would normally be considered malware. In the wrong hands, this can make for quite a messy global legal situation.