04 October 2007 | 7,095 views

New German Hacking Law 202(c) – Sites Close & Possible Backfire

Prevent Network Security Leaks with Acunetix

This has been floating around for a while and you might have noticed a warning on some German based security sites that they’ve had to move their tools due to this new legislation known as 202(c) – a couple of examples are KisMAC and Phenoelit.

Basically the new law prohibits manufacturing, programming, installing, or spreading software that has the primary goal of circumventing security measures is, which means that some security scanning & hacking tools might become illegal.

Security researchers in Germany continued to pull down exploit code from their sites last week, scrambling to comply with a German law that makes illegal the distribution of software that could be used to break into computers.

The German law — referred to as 202(c) — went into effect on Sunday. Many experts have complained that the language of the law is very unclear, but a strict reading appears to make illegal the distribution, sale and possession of security tools which could be used to commit a crime.

In the latest move, PHP security professional Stefan Esser removed on Friday all exploit code from his Web site dedicated to the Month of PHP Bugs. While reasonable prosecutors would not likely pursue security researchers, the risk is too great, Esser stated.

Source: Security Focus

It’s a pretty worrying state of affairs. It means under strict enformencent the majority of Linux distributions are now illegal in Germany as they tend to include nmap by default!

I also believe it could back-fire causing more problems that solutions.

Germany’s new antihacker law could open the door to more cybercrime and not less, security experts warn.

The legal uncertainty created by the new law will make the work of security experts in Germany more difficult, according to Müller-Maguhn.

“The law is counterproductive,” said Marcus Rapp, product specialist at the German subsidiary of Finnish security vendor F-Secure. “It will make the security situation worse, not better.”

Rapp is concerned about what he calls the law’s “broad interpretation” of hacking and the legal uncertainty it creates.

Interesting stuff…and I really doubt they are going to reverse it.

Let’s just hope no other countries follow suit with such retarded laws.

Source: Infoworld

There’s also a very interesting article on the whole matter by Dark Reading here:

Hacking Germany’s New Computer Crime Law

You can read what Computer Chaos Club says about it (CCC) here [German].



Recent in General Hacking:
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool

Related Posts:
- German Police Creating Law Enforcement Trojan
- UK Government Set to Make ‘Hacking Tools’ Illegal
- UK Has The Worst Internet Security In Europe

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,137,869 views
- Hack Tools/Exploits - 581,776 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 414,474 views

Advertise on Darknet

13 Responses to “New German Hacking Law 202(c) – Sites Close & Possible Backfire”

  1. dre 25 October 2007 at 1:27 am Permalink

    i talked with jerome athias about these laws, and he says that france has similar laws in place right now. it appears the whole EU will likely implement something like this

  2. Sandeep Nain 25 October 2007 at 5:52 am Permalink

    Well it seems like a good news for hackers in the other parts of the world.. as in europe there won’t be many security professionals left to test or secure the applications i.e. good chances of finding vulunerabilities in applications developed in europe

  3. Sir Henry 14 December 2007 at 7:32 pm Permalink

    Does this not seem like anti-logic? This law simply puts a target on Germany as a playground for hackers. How can one combat a hacker without having the tools to understand said hacker?

  4. Maiku 2 February 2008 at 9:20 pm Permalink

    i live in germany! its true… its been all over the news!
    :( it really sucks but they wont reach anything with this! to many websites plus people will find ways to continue doing this…
    police should leave us alone!

  5. Pantagruel 3 February 2008 at 1:29 am Permalink

    Let

  6. goodpeople 3 February 2008 at 9:28 am Permalink

    One of my (dutch) students is from German descent. Although he lives in The Netherlands, he has lots of relatives and friends in Germany. I urge him to leave his laptop at home when he visits his family across the border.

  7. Nobody_Holme 4 February 2008 at 1:36 pm Permalink

    Thats a good point… they may not be legally able to arrest/prosecute on this law if you’re a foreign citizen, due to their own treaties…
    Hmm.

  8. Pantagruel 5 February 2008 at 1:08 am Permalink

    @Nobody_Holme

    Scream ‘terrorist’ and the majority of people will rather have one false positive behind lock and key instead of a false negative running about.
    It’s worrying me that, even among better educated people, the idea of trading in some privacy for potentially more security is gaining ground.
    Again educations seems to be key to demistifying the FUD that is being spread about to justify the reduction of privacy in general.

  9. Nobody_Holme 5 February 2008 at 1:17 pm Permalink

    Well, to be honest, i have no problem in losing privacy for security, as long as its implemented well. Like i’d have no problem with security cameras on every single inch outside my house, but theres no way thats financially viable.
    anywho. I meant Legally cant, not wont… just means they have to let you go, rather than prosecute.

  10. Pantagruel 7 February 2008 at 7:03 pm Permalink

    @Nobody_Holme

    It’s exactly this implementations that is bothering.
    With many of these privacy and surveillance related the bureaucrats seem to go for the ‘security by obscurity’ approach. In the Netherlands there is talk about a big electronic ‘patient’ database, this to reduce possible mix-ups when handing out drugs or performing therapy. They do discuss what is needed for the system to work, but are reluctant to disclose the actual protective measurements. I an kinda worried that is is just as crappy as our ‘transport card’ system (recently a tech student cloned a day pass, it is rumored the German CCC has data on cloning a full blown card.

  11. James C 10 March 2008 at 9:16 pm Permalink

    The problem here is Intelligence or lack there of.
    Intelligent people are to smart to think being a Politician is a good career those, and we

  12. Pantagruel 10 March 2008 at 10:18 pm Permalink

    @ James C

    So damn true , it’s quite said if you think of it and realise your country is being run by someone who is a high school drop out (and is complaing he should earn more becase it’s a responsible job).