The Cyber War (III): Complete Chaos

I have argued for years that governments, regulators and authorities have to start taking internet security seriously. But this was not what I had in mind; governments using malicious Trojans to gather information about suspicious persons, regulators hacking into social network to snoop on  people’s private life and authorities producing spam in attempts to catch illegal distribution of porn and drugs. You can’t fight crime with more crime. The only outcome of such a policy is complete chaos.

“Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully.”

Computer Chaos Club

This week the hacker group Computer Chaos Club (CCC) confirmed what many suspected: German law enforcement has secretly designed a malicious computer program – a so-called “Trojan Horse” – and have been using it for at least three years to spy on people suspected to be involved in criminal activity. The scandal is now adding more pressure on Chancellor Angela Merkel’s troubled government.  

The famous Chaos Computer Club (CCC) has announced the discovery of a backdoor Trojan horse capable of spying on online activity and recording Skype internet calls which, it says, is used by the German police force.

But there is more:

According to CCC, the Trojan they have uncovered that the malware is capable of a lot more than that.

For instance, it includes functionality to download updates from the internet, to run code remotely and even to allow remote access to the computer – something that specifically is a violation of German laws.

The security firm Sophos has analyzed the malware and confirms that it has the following functionality:

  • * The Trojan can eavesdrop on several communication applications – including Skype, MSN Messenger and Yahoo Messenger.
  • The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey.
  • The Trojan can take JPEG screenshots of what appears on users’ screens and record Skype audio calls.
  • The Trojan attempts to communicate with a remote website.

A CCC spokesperson expressed the group’s concern at the discovery:

“This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown Trojan is possible in practice – or even desired. Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system.”

Graham Cluley  at Sophos writes on the company’s web site:

“We have no way of knowing if the Trojan was written by the German state – and so far, the German authorities aren’t confirming any involvement.”

“The comments in the Trojan’s binary code could just as easily be planted by someone mischievously wanting the Trojan to be misidentified as the infamous the Bundestrojaner.”

“What we can say is that the phrase “0zapftis” has raised some eyebrows amongst the German speakers at SophosLabs. It’s a play on a Bavarian phrase “The barrel is open”, said by the mayor of Munich when he opens the first barrel of beer at the Oktoberfest.”

“But there certainly have been claims of German state-sponsored cyber-spying in the past. For instance, in 2008, there were claims that the BND – Germany’s foreign intelligence service – deployed spyware to monitor the Ministry of Commerce and Industry in Afghanistan.”

“In many ways, I’m reminded of the kerfuffle which occurred almost ten years ago when there were concerns that the FBI would ask anti-virus companies to deliberately not detect spyware that they had written – dubbed “Magic Lantern”.”

Sophos’s says their position now is the same as it was back then.

“We detect all the spyware that we know about – regardless of who its author may be,” Cluley writes.

Illegal Surveillance

The hackers at CCC implies that the malware was created for, and is being used by, German law enforcement authorities such as the BKA and LKA.

Furthermore, German lawyer Patrick Schladt claims that the Customs department was also involved in the planting of the malware.
The BKA (Bundeskriminalamt) is Germany’s federal crime investigation agency.

In addition, there are 16 LKAs (Landeskriminalamt) which act as state investigation bureaus.

The BKA has said that the files uncovered by the CCC, are not related to them.

However, that’s not to say that the BKA hasn’t used spyware in other cases – just that they are officially denying a connection to the malware in this case – of course.

Steffen Seibert, a spokesperson for the federal government, used Twitter to deny BKA involvement…

The LKA divisions, meanwhile, have not commented.

Under German law the police are allowed to use spyware to snoop on suspected criminals – but only under strict guidelines.

For instance, authorities have to seek legal approval for an equivalent to a phone wiretap to record Skype conversations before they are encrypted.

Germany’s Federal Constitutional Court has put in place strict legal guidelines which are supposed to limit what investigators’ spying software can do. For instance, although recording Skype conversations is permissible, the spyware must not alter any code on the suspect’s computer and safeguards must be put in place to prevent the Trojan being subverted to include additional functionality.
The Trojan appears to connect to an IP address,, which appears to be based in Düsseldorf or Neuss.

The funny thing is that the LKA Nordrhein-Westfalen is based in Dusseldorf.

Now, isn’t that a coincidence?

Moreover, in early 2008, WikiLeaks leaked a confidential memo between the LKA and a software firm called DigiTask:

(Read the report from WikiLeaks (in English), or view the German-language PDF.)

The details leaked by WikiLeaks appear to match the behavior of the R2D2 Trojan horse discovered by the Chaos Computer Club.

Of course, it is possible that DigiTask did not write the malware – but the functionality does match.

DigiTask has given presentations in the past where it has shown off its surveillance software for monitoring Skype conversations:

The malware targets Windows computers. Typically you might receive an email containing an attached file, or a link to the web which would then infect the computer.

Political Scandal

The story is now hitting the mainstream media with opponents of Angela Merkel’s coalition party using it for all it’s worth.

Der Spiegel writes:

“In the latest issue to divide the German government, spyware allegedly used by authorities has sparked an intense debate about computer surveillance in the country. With at least two states admitting to possessing the potentially unconstitutional program, police have demanded clearer guidelines.”

“Doubts about the constitutionality of surveillance software possibly used by state authorities, questions originally raised by a famous hacker organization, are mounting in Berlin. But amid the political finger pointing, it remains unclear just who will take responsibility.”

According to Der Spiegel, two German states (Bavaria and Baden-Württemberg) have admitted that they are in possession of the spy software, and three others also possibly involved.

German Interior Minister Hans-Peter Friedrich has urged the states to suspend all usage of the program.

The Interior Ministry denies that the spyware in question was used by the Federal Criminal Police Office (BKA), but has not ruled out the possibility that state investigators may have used it for surveillance.

In what appeared to be a bid to gain voter support by the ailing party, FDP leaders on Tuesday made a show of meeting with the Chaos Computer Club (CCC), the hacker group that announced over the weekend that it had obtained and analyzed the software.

Not only was the software full of defects, the group said, but it also possibly violates German law.

FDP General Secretary Christian Lindner is saying that the discovery of the questionable program had confirmed society’s fears that surveillance software could violate data protection laws.

The Trojan horse software was “comparable to a home search” after which “the front door is left open,” he says.

Justice Minister Sabine Leutheusser-Schnarrenberger, has also taken a hard line against the software, suggesting that no further surveillance be undertaken until circumstances can be clarified.

In an interview with SPIEGEL ONLINE on Wednesday she said that Interior Minister Friedrich should order an independent investigation.

“We have to show German citizens that this coalition takes the protection of their private sphere seriously,” she said, warning that the use of such spyware could lead to disastrous consequences.

The head of the Pirate Party, which campaigns for Internet freedom and civil rights, also slammed the spyware.

“There is no possible way to install a Trojan horse in a way that adheres to legal requirements,” Sebastian Nerz told news agency DAPD. The scandal shows the relevant authorities have “either a certain naivety or the intent to breach the constitution,” he said.

Wir sind nicht ausspioniert!

But Chancellor Merkel’s intelligence coordinator Günter Heiss assigned responsibility for potential illegal use of the software with individual government agencies.

“Every authority that uses the programs must customize the software for each individual use, so that it is permitted according to the Federal Constitutional Court,” he told daily Stuttgarter Zeitung. According to Heiss, state criminal investigators do not develop their own surveillance software, but purchase “multi-functional” templates from contractors. “Every spy program is tailored to the system the authorities want to penetrate,” he told the paper. “That means there is not a single Trojan horse that is always used, can do everything, and is thus unlawful.”

The confusion that has accompanied the issue may arise from inadequate legal structures, Bernhard Witthaut, head of Germany’s largest police union, points out.

“There must finally be clear, binding rules,” he told daily Passauer Neue Presse, a couple of days ago, calling on the Justice Ministry to “fill the legal gaps.”

He is obviously pointing in the right direction.

The Derivatives of Crime Fighting

Another absurd story surfaced recently involves the US Department of Homeland Security.

Some of you may remember the Steven Spielberg movie, #Minority Report” (2002).

Now – nine years later the US government agency – Department of Homeland Security is working on a crime predicting technology that is stunningly similar to the theme of theSpielberg movie.

The beginning stages of the new technology were recently tried out at an undisclosed location in the northeast US, according to The Modern Survival Blog.

The types of things that the technology can remotely monitor are:

  1. Your heartbeat rate
  2. Your fidgety actions
  3. Your eye movements
  4. Your blink rate
  5. Your body temperature
  6. Your breathing patterns

The technology acronym is FAST – “Future Attribute Screening Technology.”

“If you thought that TSA screenings were bad or encroaching on your liberties as a citizen, wait until you’re questioned in line because you fidgeted your feet more than ‘normal’, or you were singled out because your heart rate is a bit too fast. You will then have to explain to them that perhaps you are stressed out over some personal situation – maybe work or home… you will have to assure them that you are not a terrorist… and show them your ‘papers,” The Modern Survival Blog comments.

Adding: “The area becomes very gray when technology advancements are deployed for the common good, while at the same time eliminating more and more life-situations where one is really free or not being watched or tracked or monitored in some way.”

Amen to that!

Google Caught in the Spy Net

The most amusing story over the last weeks is, however, the episode were the worlds (almost) most used web browser Google Chrome was detected as malicious spyware by the Microsoft Security Essential software

For a moment I thought Microsoft finally had got their backbone back, but furious Google-people must have threatened to pull the nails of the Microsoft people’s fingers if they didn’t fix the issue.

So, they did.

It was first reported that the Microsoft Security software identified Google Chrome as a malware threat.

Moreover, even after Google was restored, the system kept deleting it again and again.

The Google’s team of developers was first out, releasing instructions of how to deal with the problem on the Internet. This move was made ahead of an automatic update last weekend.

According to local media statements, Microsoft explained the issue as a wrong detection for PWS:Win32/Zbot.

The software giant brought its apologies for any inconvenience to the Internet users. Afterwards, Microsoft Security Essentials was updated together with fix instructions.

(However, the company didn’t offer an official apology to Google after it turned out that the company’s browser was “mistaken” for a password stealing Trojan.)

Industry security experts believe that it was an embarrassing mistake from the Microsoft team of developers, who managed to “overlook” Chrome in its tests.

That is, however, a rather peculiar explanation – especially in light of the fact that Google Chrome is the number three (almost number two) most popular browser in world.

The experts also points out that it was a human error, and that the developers at Microsoft probably was just as upset about it as those at Google.

But the thing is; such problems don’t usually happen to the browsers, as they don’t normally end up in a database for false positive testing.

There’s another explanation that no one has mentioned, yet.

The Google Chrome browser with its non-optional toolbar do in fact behave like a malware in many ways; making silent installs, modifies files and collecting all kinds of information about its users.

And you cannot uninstall it without using special uninstalling tools/software.

To be continued…

Related by the EconoTwist’s:


Filed under Laws and Regulations, Philosophy, Technology

3 responses to “The Cyber War (III): Complete Chaos

  1. rim

    I believe you are right completely..

  2. Pingback: German hackers discover government spying | Shift Frequency

  3. Pingback: How to Secretly Spy on your Internet Competition