German Anti-hacking Law causes Researchers to Shut their Sites

German security researchers were on the task of separating exploit codes from their experimental Websites during the first week of August 2007 in order to abide by a law in the country that regards distribution of software for the purpose of hacking into computers illegal.

The 202(c) German security law was implemented on August 12, 2007. While many experts complained that the content of the law was not very clear, a proper reading elicits that the possession, sale and distribution of dual-use security tools, which could be employed to initiate a crime, is illegal.

The law fails to explain clearly certain issues, as various interpretations are possible from it. While the government declares that it does not intend to penalize people like those hired for penetration testing, the law does not say this, said Stefan Esser, a professional on PHP security. Securityfocus published this in news on August 13, 2007.

Representatives of the security industry are worried that the law may reduce the nation's safety. They believe it would make it difficult for "good" hackers to continue their experiments and research. According to them, the use of popular tools like 'nmap' would become illegal in the eyes of the law. It could also make illegal the use of an open-source network software, and Nexus - the network vulnerability-scanning program.

Meanwhile, several researchers have removed their software programs from their Websites or shut down the sites completely. During the end week of July 2007, German research team Phonoelit closed down their Website but transferred its content to Holland. In early August 2007, Kismac, the maker of the wireless scanner, too shut down their site in Germany but said would reopen it later in Holland.

The objective of the lawmakers, who passed the law towards the end of May 2007, was to impair attacks on private sector and government computer systems. The punishment consists of fines and jail sentences of up to 10 years, reported IDG News Service.

The law was passed to fulfill Germany's obligations towards the Council of Europe's Convention on Cyber Crime, a treaty that the US Department of Justice aided in preparing.

Related article: Germany Restricts Anti-Hacking Legalization

» SPAMfighter News - 8/27/2007