Belgium Outlaws Hacker Tools, Leaves Security Holes Open
By Dan Morrill
Article Date: 2008-10-27
When good laws go bad, Belgium opens the door to some seriously fun Google Hacking, by outlawing tools, but not addressing poor security measures in the first place.
Google hacking is a great way of testing to see if a company has properly secured their organization against hackers. Most information security departments routinely (and if they are not, please start doing so) Google hack themselves to make sure that nothing shows up in the Google search engine that should not be there. Johnny I hack stuff is also a well-known database of some of the more entertaining Google hacks out there.
What happens though when an otherwise good law that outlaws hacker tools, leaves behind a government infrastructure that is rife with security holes, but researchers cannot work with government or law enforcement to fix those holes? Het Laatste Nieuws is testing the theory by using Google to see what kinds of security flaws are available against Belgium government web sites, and they are finding many decent holes, just by using Google.
One of the major Flemish newspapers Het Laatste Nieuws, one million readers, has done some Google-researching against the site of the national police. They have found passwords for national police databases, names, and addresses of even more or less secret special brigades of the national police and how to make a police card. There is lots of such information on the Belgian internet and not only because they did not secure themselves against the total Google indexing (robot file and pass wording the access) but because information is put sometimes on the internet without any reflection. Source: Belsec. Grammar cleaned up in this quote.
The interesting part is that the Police are trying to suppress the information that is being found in Google. The drawback is that to use anything else in Belgium would be against the law, but this does not mean that hackers are not infiltrating and p0wning the sites on a regular basis. This is interesting all the way around because this was probably an unintended consequence to outlawing tools in a country. Hackers probably already own the systems, which will make government systems malware delivery systems, or worst yet, the information in those systems will be altered, or used as a springboard into other more sensitive systems on the internet.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.