[LINK] 'Staatstrojaner'

[Roger Clarke]

Chaos Computer Club analyzes government malware
2011-10-08 19:00:00, admin
http://www.ccc.de/en/updates/2011/staatstrojaner

The largest European hacker club, "Chaos Computer Club" (CCC), has 
reverse engineered and analyzed a "lawful interception" malware 
program used by German police forces. It has been found in the wild 
and submitted to the CCC anonymously. The malware can not only siphon 
away intimate data but also offers a remote control or backdoor 
functionality for uploading and executing arbitrary other programs. 
Significant design and implementation flaws make all of the 
functionality available to anyone on the internet.  ...


[There are many media reports floating around.  This one's fairly readable.]

Chaos Computer Club: German gov't software can spy on citizens
By Bob Sullivan
http://redtape.msnbc.msn.com/_news/2011/10/08/8228095-chaos-computer-club-german-govt-software-can-spy-on-citizens

...

German courts have long allowed use of a backdoor program known as 
"Bundestrojan" - "federal Trojan," in English - which permits 
government investigators to listen in on Skype-based phone calls as 
part of a legal wiretap order.  Skype and other kinds of Internet 
phone calls that can be encrypted are particularly troubling for law 
enforcement, because they can be used by suspects to evade wiretaps.

After a court battle in 2008, Bundestrojan was ruled legal as long as 
it screened only very specific communications - essentially, Internet 
telephone calls.

But the Chaos Computer Club announced Saturday that it had obtained a 
copy of what it believed was a copy Bundestrojan, and that the 
program has capabilities that go far beyond legal wiretapping. In 
addition to keylogging and screen shots, the software is also capable 
of remote control and upgrade.


"This refutes the claim that an effective separation of just 
wiretapping internet telephony and a full-blown Trojan is possible in 
practice - or even desired.... The Trojan's developers never even 
tried to put in technical safeguards to make sure the malware can 
exclusively be used for wiretapping internet telephony, as set forth 
by the constitution court," said the club on its site. "Our analysis 
revealed once again that law enforcement agencies will overstep their 
authority if not watched carefully. In this case, functions clearly 
intended for breaking the law were implemented in this malware: they 
were meant for uploading and executing arbitrary code on the targeted 
system."

The club also criticized security measures put in place by 
programmers of the alleged Trojan. Poor encryption implementation 
means a malicious third-party could intercept the government 
communications, or take control of government-infected machines, it 
said.

...


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University