Skip navigation.

Hacking Tools Illegal in Germany

Obviously most everyone thinks This is a bad idea.

But I wonder, last year we presented a talk at Defcon called "Hacking Malware" which talked about bypassing security features in malicious binaries. Would this be illegal in Germany? How do you do incident response / forensics and analysis under those types of laws?

Does this mean in Germany someone can hack into a computer and not worry about being analyzed because the tools to do so are illegal?

Any Germans in the audience have input to help clarify the situation?


the strange thing with it,

the strange thing with it, is that disassemblers and debuggers are still allowed here. so i can disassemble malwares and analyse what it does, but i think talking about its behaviour and techniques (e.g. conference) or even releasing PoC code like my BITS code or several other PoC stuff i have decompiled on my disc (c-code for private-key exporting, mail-account, messenger, protected password storage stealer etcetera) may harm the new law in germany. let's say, it's some kind of a "grayzone". The bad guys are already using it, but if some german analyst wants to enlighten safety-conscious people on what could happen, if they got hit by malwares, he's with one foot in the can. :( Using or writing real hacking tools like Nessus, Metasploit, Hydra, Amap, John, other exploits are fairly telltale illegal. Some people here in germany say, that we've reached the: Stasi v2.0

it's hard for security people here in germany now to make their job, without thinking that they're some kind of "outlaws".

i think we'll have to wait for the first precedent to realize the whole dimension of this new law.