German government accused of spying on citizens with state-sponsored Trojan
Apparently, federal German police institutions have been pulling some seriously unconstitutional shenanigans, all the while being massively incompetent about the involved security details, too:
A well-established group of German hackers, the Chaos Computer Club, has accused the German government of releasing a backdoor Trojan into the wild. According to Mikko Hypponen of F-Secure, the announcement was made public on the group’s website in the form of a 20-page PDF (in German).
The accompanying English-language post claims the group reverse-engineered and analyzed the program, which it calls ‘a ‘lawful interception’ malware program used by German police forces’.
According to the report, the CCC wrote its own remote control program that wrested control of the Trojan, which consists of a Windows DLL and a kernel driver. That allowed the group to analyze the program’s behavior and determine that it goes well beyond the ability to ‘observe and intercept internet based telecommunication’ (in other words, wiretapping Internet-based telephony), which is allowed by German courts.
Here’s a partial list of what the CCC analysis uncovered:
The trojan can … receive uploads of arbitrary programs from the Internet and execute them remotely.
Activation of the computer’s hardware like microphone or camera can be used for room surveillance.
[T]he design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.
[With an additional module] it can be used to remotely control infected PCs over the internet [and] watch screenshots of the web browser on the infected PC – including private notices, emails or texts in web based cloud services.
In its own analysis, F-Secure confirmed the workings of the program:
The backdoor includes a keylogger that targets certain applications. These applications include Firefox, Skype, MSN Messenger, ICQ and others.
The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls.
In addition, the backdoor can be remotely updated. Servers that it connects to include 22.214.171.124 and 126.96.36.199.
If the CCC analysis turns out to be accurate, this will be a first, and a significant black eye for a government that has largely been in the forefront of safeguarding personal privacy of its citizens.
The German government has not yet responded.
See also Bob Sullivan: “Chaos Computer Club: German gov’t software can spy on citizens”, MSNBC’s Red Tape