Analysis: Should the police hack your computer?
By Asavin Wattanajantra,
According to reports, the Home Office is believed to have adopted plans to allow UK police forces to hack into personal computers remotely and without a warrant.
The hacking is known as “remote searching” and will allow law enforcement officers to hack into hard drives many miles away, examining the PCs of unsuspecting users.
It is already being carried out. Indeed, the Association of Chief Police Officers said that UK police conducted nearly 200 remote hacking operations in 2007-2008.
However this volume of searches is likely to increase going forward if current plans are extended. Under the new EU rules, police will be able to use intrusive surveillance on private property without having to apply to a magistrate’s court for a warrant.
Libertarian campaigners and opposition MPs have been up in arms about the implications, referencing a ‘surveillance state’ and suggesting that such a move would be detrimental to privacy.
"These are very intrusive powers, as intrusive as someone busting down your door and coming into your home," Shami Chakrabati, director of rights group Liberty, told the Telegraph newspaper.
"The public will want this to be controlled by new legislation and judicial authorisation. Without those safeguards it's a devastating blow to any notion of personal privacy."
Such concerns are understandable, according to Sophos' security expert Graham Cluley.
“It’s quite alarming,” he said. “The police have basically been admitting that they have been hacking into people’s private homes. If that’s happening without proper checks, just as you would expect them to take place with physical searches, then I think that is quite a bad thing.”
Cluley said that he believed that the new EU rules could only work with extremely rigid and regimented guidelines about what particular circumstances did allow warrantless intrusion, as with telephone monitoring.
“The concern is that if people are given carte blanche to do this, and the police are policing themselves as to when this is appropriate, then that really sets a dangerous precedent.”
The hacking techniques that police will use are believed to be similar to some of the ways that cyber criminals have been using to steal credentials for a number of years.
This includes breaking into a suspect’s home and installing a key-logging device on their computer to collect details of their keystrokes.
Another option is sending malware, such as an attachment to a suspect’s computer. This could be in the form of a Trojan which could invisibly read whatever they do on their system. Hacking computers using wireless networking is also an option.
Cluley said that from the point of view of his own company, anti-virus vendor Sophos, any malware written by the police would be treated like that made by a criminal.
“If we see the police using spyware to spy on criminals, we’re going to do our best to detect it,” he said. “We don’t care whether it is the police who’ve written it, or whether it is a cyber criminal. Our job is to prevent infection on computers, and spying on them.”
He said that he fully understood why police would want to crack into a computer and get information like passwords needed to read encrypted messages which criminals were likely to be using.
“There are criminals who are taking huge advantage of the internet in keeping their activities secret from the police,” said Cluley.
However he reaffirmed his belief that it was wrong for a police officer to be allowed to hack left, right and centre, and that they would be able to police themselves.
His last warning was that if the police weren’t careful, criminals could determine that they had spyware installed and use it themselves.
Cluley said: “Effectively you could be putting a weapon in the hands of the criminals, who could then use it to spy on others with a little adaptation.”
So should anti-virus vendors be working with the police? In 2001 it was reported that the FBI had developed “Magic Lantern” software which was used to monitor computer use, similar to Trojan software.
It was alleged that the FBI approached various anti-virus vendors, asking them to turn a blind eye and not detect the Trojan.
Of Sophos’ position Cluley said: “We are happy to work with the police and have done on a number of occasions. But when it comes to turning a blind eye to their activities if they hack into computers, even with a judge’s permission, our software is hopefully going to detect it and stop it."
He added: “We’re not going to do anything to limit our ability to do that.”
In response to the media coverage and campaigners' outcry to the plans, a Home Office spokeswoman told IT PRO that it wasn't the case that new powers were being given to police by stealth, and that some of the the reports had proved slightly misleading.
She added that it still remains the case that anybody undertaking a search would be tightly regulated under the Regulation of Investigatory Powers Act (RIPA).
Related Tags
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: ![]()
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
Part two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.










RE:
'teh movin the drugz!!!wot newbs, lolz they have no idea we is watching!!11!! Police powaa gooooo!!!
By Ip_blasedef38d4c on Monday Jan 5
Nonsense from alarmist morons
What absolute nonsense. I can only assume that some senior officer has commented that the police "hacked" computers actually meaning that they used peer to peer software to see who was sharing child porn! Instances where UK police have actually properly "hacked" or "cracked" a remote system would be in the tens rather than hundreds in a year, if that, and would certainly not be commented on in public or even known about by most officers. So stop whining about civil liberties on topics you don't understand and rest assured the police do still require an intrusive surveillance warrant to really "hack" your computer.
By Marty_Fox on Wednesday Jan 7