German police accused of using spyware

    The hacker organization Chaos Computer Club (CCC) reverse engineered and analyzed the Bundestrojaner program , which is supposedly used by German police to spy on users.

    Binaries staatstrojaner
    Analysis of the program’s functionality (German) (PDF)

    Bundestrojaner (the “state trojan”) collects private information and has backdoor functionality, that is, it allows the loading and execution of arbitrary code on the user's computer. It is possible that similar tools are in the arsenal of law enforcement services and other countries.

    Spyware for secretly recording Internet telephony on users' personal PCs was legalized by a decision of the German Constitutional Court of February 27, 2008. At that time, the object of consideration was the Quellen-TKÜ program, which performed remote VoIP wiretapping. However, the Bundestrojaner functionality extends far beyond the remote recording of telephone conversations via VoIP, and therefore contradicts the decision of the Constitutional Court, according to the Chaos Computer Club. After analyzing the code, they are sure that the developers did not even try to comply with the restrictions that the Constitutional Court imposed on them.

    Bundestrojaner is able to remotely activate the microphone and camera on the user's computer, which allows the ability to listen to conversations in the room. It also sends screenshots of the screen, that is, it gives access to the user's private information. As already mentioned, the program includes backdoor functionality - that is, it can perform any functions: for example, through this channel you can download fake "evidence" to the victim’s computer, delete files, etc.

    Worse, representatives of the Chaos Computer Club note that due to significant flaws in the architecture and implementation of the program, managing infected PCs is actually available not only for police representatives, but also for an outsider. Screenshots and audio files sent from a PC are weakly encrypted, and control commands are not encrypted at all. As evidence, they wrote their own command program, which allows you to manage an infected PC and get data from it. Finally, even a low-skilled hacker is able to make a fake instance and send fake data to the police.



    The program was sent to CCC anonymously. Its authenticity has not been proved completely, because the command center could not be calculated, the commands are sent through anonymous proxies (among others, IP addresses 83.236.140.90 and 207.158.22.134 are used). Since the Chaos Computer Club sent a warning in advance to the German Ministry of the Interior, by now they already had enough time to cover up the tracks and refute the fact of using this program.

    According to representatives of the Chaos Computer Club, this example proves once again that state law enforcement agencies are prone to exceeding their own powers if they are not carefully monitored.

    In such a situation, it is not surprising that the popularity of the Pirate Party in Germany grew to a record 8%. Recall that one of the goals of this movement is to ensure complete information transparency regarding the activities of government agencies, including law enforcement agencies.

    PS The anti-virus company F-Secure decided to add the “state trojan” to the list of malware defined by the antivirus (Backdoor: W32 / R2D2.A).

    Also popular now: