September 26th, 2007
German security shop challenges anti-hacker laws
Fed up with the “ambiguity and confusion” surrounding Germany’s controversial anti-hacker laws, a private security research firm has put its hacking tools back online as part of a public test of the interpretation of the new law.
n.runs AG, a well-known penetration testing shop that counts Microsoft as a client, has repopulated its Security Tools page with two versions of BTCrack (a Bluetooth cracking and PIN recovery tool) and n.bug (a runtime library call trace program for Windows).
According to n.runs security engineer Thierry Zoller (left), the company is encouraging other German security firms and researchers to put their security tools and research back online. “The current confusion and uncertainty is affecting everyone around here… “Germany is most certainly not becoming a safer place because of these laws.”"
The law (see SecurityFocus background), which took effect Aug. 10, mandates fines or prison sentences for any person who violates 202a or 202b “by providing access to, selling, acquiring, leaving at the disposition of someone, distributing
or otherwise making accessible” passwords or access control information.
It also outlaws computer programs whose purpose is solely criminal.
[SEE: Exploits, security tools disappear as German anti-hacker law takes effect]
Last month, in response to the law taking effect, security pros in Germany removed exploits and hacking tools from the Internet. 
Stefan Esser (right), the PHP security guru behind the Month of PHP Bugs project, yanked all the proof-of-concept exploits from the project page because of uncertainty about the law and how it applies to the work of legitimate security researchers.
Phenoelit, another German site that distributes hacking tools, has posted a goodbye note that refers to the new law. Phenoelit’s tools and security material have been moved to a different server outside Germany. Kismac, a wireless network discovery and attack tool, has also disappeared.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
