The German police may be using malware that breaks that country’s laws. According to the Chaos Computer Club (CCC), a respected source, the software has been found in the wild and submitted anonymously to their analysis team.
The team has dubbed the Trojan R2D2 but it also known as Bundestrojaner (state, or federal, Trojan) and 0zapftis.
The malware not only monitors personal data but can act as a backdoor to allow further monitoring software to be implanted in the computer. Independent tests by a Sophos security team confirms this. In the past, German courts have allowed the police to deploy a Trojan called Quellen-TKÜ, which has also been nicknamed Bundestrojaner, to record Skype conversations but only if wiretapping permission has been granted. It seems the new malware goes beyond this.
Graham Cluley, senior technology consultant at Sophos, writes that an initial analysis of the software shows that it is capable of monitoring Skype, MSN Messenger and Yahoo Messenger. It also logs key presses in Firefox, Opera, Internet Explorer and SeaMonkey browsers and can take JPEG screenshots of the user’s monitor screen and send all this information to a remote website at IP address 83.236.140.90, which appears to be based in Düsseldorf or Neuss in Germany.
If the link with the police force proves true, it could be a major bombshell in privacy-conscious Germany. The CCC analysis concludes that the Trojan’s developers have not placed controls in the malware to ensure only wiretapping of Internet telephony can be executed – contrary to German law. Furthermore, the ability to use it as a bridgehead for other software makes it totally illegal.
“This refutes the claim that an effective separation of just wiretapping Internet telephony and a full-blown Trojan is possible in practice – or even desired,” commented the CCC. “Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system.”
There is some doubt about the provenance of the software, as much of the “evidence” that it is state-owned is circumstantially based on comments within the code and the contact IP. Knowing the sensitivity of any kind of privacy invasion in Germany, an enemy state or organisation could have planted the malware to spread distrust.
The sample software was supplied by an anonymous source so without a government statement all CCC’s comments are based on an assumption. Cluley posted a later blog in which he said, “It’s not really possible to ‘prove’ who authored the malware, unless the German authorities confirm their involvement. However, it’s beginning to look as though it’s more likely that they were involved than not.”
What is of concern is, if one government’s law enforcement officers are using the software, that other governments may be in possession of the tool. And even if that is not the case, the tools may fall into malevolent hands.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…