Software allows German authorities to plant evidence on suspects computers

In 2008 Wikileaks published documents revealing that the German government had contracted local firm DigiTask to write a trojan. The trojan would allow the government to infect citizens' computers and monitor encrypted Skype video/audio by viewing the decrypted streams on the client's machine.  

A German court that year ruled that the use of government malware was legal, as long as surveillance was constrained to court-authorized digital wiretaps.  Subsequently Cryptome, another leaks site, published a leaked government presentation bragging of "forbidden functions", "remote forensics software", and the ability to update the trojan remotely to enhance its capabilities.

Afterwards all went quiet until this week when veteran hacker club Chaos Computer Club (CCC) announced they had obtained and decompiled the government trojan (locally referred to as "bundestrojaner") and had detailed its capabilities. Those capabilities -- perhaps illegally -- extended well beyond the limited spying authorized by the German court in 2008.

I. Government Admits Domestic Spying Capabilities Were Understated

There've been new developments since that publication.  At present, four of Germany's sixteen states -- Bavaria, Baden-Wurttemberg, Brandenburg, and Lower Saxony  -- have admitted to using the software published by the CCC.  And DigiTask admits that the software looks a lot like a program it sold to authorities in Germany, Austria, Switzerland, and the Netherlands in 2007.

Source Code -- German trojan
Source code of the trojan was printed in German newspapers, to the frustration of German authorities. [Source: Der Spiegel]

F-Secure, a Finland-based antivirus firm, has published another blog on the incident revealing government documents that indicate DigiTask was paid $2.9M USD for the malware in 2009.  F-Secure dubs the trojan "R2D2", based on an important internal string inside the program -- a title that pays homage to the famous Star Wars droid.

Claudia Roth, co-leader of the Green Party -- Germany's fifth largest political party and holder of approximately 11 percent of the seats in the nation's parliament -- remarks, "Clearly the limits set by the Federal Constitutional Court have been massively violated."

Justice Minister Sabine Leutheusser-Schnarrenberger and member of the small social-liberal Free Democratic Party has called for a government investigating of the domestic spying.

II. Malware Could be Used to Frame Political Enemies

The malware is highly controversial, because it offers full system access, which could be used to plant incriminating evidence on a target's computer.  Further, weak encryption makes the program reportedly very easy for third parties to exploit, endangering those being "investigated".

Planting Evidence
The trojan hands German authorities the keys to planting evidence, video surveillance of suspects, and more. [Source: DigiTask via Cryptome]

The CCC in its original press release blasted these capabilities writing, "This refutes the claim that an effective separation of just wiretapping Internet telephony and a full-blown Trojan is possible in practice – or even desired.  Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully."

BBC News was even less charitable.  Cutting to the chase on the matter in the minds of many Stephen Evans writes that the issue is sensitive for Germans "who, given the country's Nazi and Communist past, feel strongly about spying on citizens."

III. U.S. Government Uses Similar Tools

While DigiTask has confirmed that it has not sold the trojan malware to anyone outside of governments in Europe, MSNBC notes that, "U.S. officials have long flirted with the idea of spying on private computers in America to fight crime or terrorism.  A program developed by the FBI in 2001 called Magic Lantern had capabilities similar to R2D2, but was abandoned after a series of critical news stories."

More recently, the U.S. Federal Bureau of Investigation has employed a program titled "Computer and Internet Protocol Address Verifier"  to infect and monitor suspects' computers.  The method of distribution is unclear, as is whether it contains keyloggers, screen capture tools, or code to activate the user's webcam.

If there's one comfort, such government trojans are oft sloppily coded (or at least the German one was, according to the CCC) and are removable/blockable using anti-malware software.

Sources: BBC News, Spiegel, MSNBC

"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer
Related Articles
FBI Used Spyware to Catch Extortionist
April 21, 2009, 12:10 PM
German Policeware Plan Causes Outrage
September 5, 2007, 12:15 AM

Latest Blog Posts
Amazon Fire HD 8
Nenfort Golit - Jun 19, 2017, 6:00 AM
Something big at Apple
DailyTech Staff - Jun 9, 2017, 8:15 AM

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki