Hava go at the following artical, how Y2K may put an end to government spy ideas.

Timothy J Wilbur

Secret plan for spies to bug PCs By DAN TEBBUTT 13jan99

PERSONAL computers would become police spy stations under secret proposals put to the Federal Government by a former deputy director of ASIO.

The Australian Federal Police, ASIO and the National Crime Authority would be empowered to alter software to turn PCs into covert listening devices, according to the 1996 report by one-time spy chief Gerald Walsh.

The report also recommends changes to the Commonwealth Crimes Act to allow police and government investigators to hack into computer systems for evidence.

While Mr Walsh called for public discussion of his proposals, the report was withdrawn by the Attorney-General's Department. But a copy of the 96-page document was obtained last week by Internet privacy campaigners Electronic Frontiers Australia and released to The Australian.

A spokesman for Attorney-General Daryl Williams confirmed last night that Mr Walsh's recommendations were under discussion but the report was "just one element" of policy being considered.

He would not say whether the controversial recommendations would be acted on through legislation.

Mr Walsh warns that widespread use of PC-based data scrambling is a big concern for law enforcement.

Criminals were already using computer encryption  programs that encode data so it cannot be intercepted  to prevent police from monitoring phone calls and e-mail.

Widespread encryption to scramble sensitive data would make crimes harder to prove in court, Mr Walsh warns.

"The principle of non self-incrimination may well represent the polite end of the possible range of responses," the report says.

Mr Walsh's plan would clear the way for police to eavesdrop on computer conversations at the source.

A "target computer may be converted into a listening device" that could seek out passwords and other private communications without the PC owner's knowledge.

EFA spokesman Greg Taylor said authorities might set up Trojan horse software that would record all PC activity, including passwords and e-mail, before encryption.

"If you have access to someone's PC and you change their software you can do anything you want," said Mr Taylor.

"If it's connected to a network such as the Internet the PC could transmit data to another site."

Australian Council for Civil Liberties president Terry O'Gorman said the proposals would be a worrying extension to police wiretap powers which were already over-used.

"We are concerned about the low level of protection in relation to current judicial warrants for telephone eavesdropping," Mr O'Gorman said.

Labor information technology spokeswoman Senator Kate Lundy said "the whole issue of encryption is being used as a lever to justify further invasions of privacy".

-- Timothy J Wilbur (timkaz@nor.com.au), January 12, 1999

Answers

Well, they can try. It won't be too long before Linux and other open- source software is up to consumer standards. It's pretty hard to put secret code into open-source software, with thousands of eyes scouring it for bugs and security holes. A combination of a secure operating system like Linux and automated security scanners can make hacking into a system a lot more difficult than the media makes it out to be. Open-BSD, a similar operating system widely recognized as the most secure system in the world, is even better. Personally, my ultimate plan will probably be to put an Open-BSD-based firewall between my regular machine and the big bad world and check every packet in and out. Not that I'm paranoid or have anything to hide, I just happen to believe in working for civil liberties by the most direct means possible...especially since the legislature isn't any help these days. In the event of a 10, of course, I suppose I won't worry about it too much...

-- Shimrod (shimrod@lycosmail.com), January 12, 1999.

Aw, heck, we beat you to it! The 'Clipper chip' was some bozo's idea of a good thing - a chip that would be mandatory on all new pcs and allow the government to snoop on what you do. Fortunately, it didn't make it off the drawing board.

You can't do much with existing software to make it do what is described, because the executable would have to be recompiled, and to do that you'd have to have access to the source code or the symbols or a good decompiler, then add your code and recompile it. That's kind of hard to do remotely. However, it's entirely possible to hack e-mail with a short encryption key; that's one reason why the US government is adamant about not letting the 128 bit stuff out of the country. Can't snoop on one's neighbors as easily if they have the longer encryption key.

You can already read somebody's e-mail by capturing packets on the network they're on if you have the equipment (I think Fluke Mfg. makes a network sniffer good enough to do this). The equipment's normally used to figure out network problems (like one segment of your network is way too slow; you can find out where all the traffic's coming from) but you can put it to other uses.

-- Karen Cook (browsercat@yerf.net), January 12, 1999.

I read something a few months ago about the gov. working on a "bug" that can be implanted on a PC to snoop on what the PC owner is actually typing, before it is incrypted. The bug is suposedly invisibly transmited through e-mail and embeds itself at primary system level (forget the term) thereby being undetectable. It reads, saves and transmit back "as you type" data, when the owner next logs online and uses email. The bug-program is smaller than your average bug. Spooky if true. Has anyone read that and could remember from what source?

-- Chris (catsy@pond.com), January 12, 1999.

Actually, Karen, viruses do it all the time.

Here's the URL for the company Chris is talking about:
http://www.thecodex.com/

This is why I want a really secure firewall.

-- Shimrod (shimrod@lycosmail.com), January 12, 1999.

That's it, Codex the bug was called. Thanks Shimrod.

Very spooky.

-- Chris (catsy@pond.com), January 12, 1999.

Correction, the bug is called DIRT, the company is Codex.

-- Chris (catsy@pond.com), January 12, 1999.

Or, even better than a firewall...Have two computers, your main machine plus a little one just for internetting, networked together. When you go on the net, you first break the connection to your main machine, and don't re-establish till you go offline. All passwords are typed into the main machine, encryption happens there and no plaintext appears on web machine. A hassle, true paranoia, but no hacker software is getting through that.

-- Shimrod (shimrod@lycosmail.com), January 19, 1999.