German Government accused of running spy trojan

By Stewart Mitchell on Oct 12, 2011 6:53 AM
Filed under Security

Hacker group claims German Government used Trojan to snoop on citizens' computers.

The CCC, which calls itself the largest hacker group in Europe, made the claim after reverse engineering a "lawful interception malware program used by German police forces” that it claimed gives the authorities access to end-user computers.

“The malware can not only siphon away intimate data, but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,” the CCC said on its English-language site, adding that the design of the snooper also left computers vulnerable to attacks from third parties.

The discovery is likely to create a stir in Berlin because the level of probing, the CCC says, goes beyond what is allowed under German law on tapping, which was set up to control only VoIP calls.

“The CCC analysis reveals functionality that goes much further than to just observe and intercept internet-based telecommunication, and thus violates the terms set by the constitutional court,” the CCC said in its statement. “The trojan can, for example, receive uploads of arbitrary programs from the internet and execute them remotely.

“This means, an 'upgrade path' is built-in right from the start. Activation of the computer's hardware like microphone or camera can be used for room surveillance.”

The CCC claims anyone infected with the spyware could easily be hacked by criminals unrelated to the German Government. "We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", the CCC said.

"The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'.”

No official response

The German Government has yet to acknowledge the claims, but security experts have examined the code and support the theory, even if they can't confirm the malware's origin.

“The malware in question is a Windows backdoor consisting of a DLL and a kernel driver,” said F-Secure chief research officer Mikko Hypponen in a company blog.

“The backdoor includes a keylogger that targets certain applications, including Firefox, Skype, MSN Messenger, ICQ and others. The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls.”

This article originally appeared at pcpro.co.uk

 
Follow us on Facebook and Twitter
 

Copyright © PC Pro, Dennis Publishing

German Government accused of running spy trojan
 
 
 
 
 
Top Stories
 
Telco rapped for unsolicited phone calls
Breached Do Not Call rules.
 
NTT Data grabs slice of $150m SAP project
Dollars flow from major Transport for NSW programme.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which mobile device couldn't you live without?


Latest Comments
CRN Magazine

Issue: 328 | June 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.