Litigation is a machine which you go into as a pig and come out as a sausage - Ambrose Bierce, allegedly
FAMOUS HACKING OUTFIT Chaos Computer Club (CCC) claims to have identified a computer trojan designed by the German government to intercept communications from several instant messaging applications.
In Germany, the use of computer malware to manipulate a citizen's computer is prohibited by a 2008 ruling of the Constitutional Court. However, under wiretapping laws authorities are allowed to use software in order to intercept Internet telephony.
The CCC claims the trojan it analyzed, which it has dubbed "Bundestrojaner" (the federal trojan), is software designed by the government to intercept VoIP calls. However, its functionality extends much beyond that.
"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs," the CCC warns.
Security researchers from antivirus vendor Sophos have confirmed that the trojan has the ability to monitor Skype, MSN Messenger and Yahoo Messenger communications, to log keystrokes in Firefox, Opera, Internet Explorer and Seamonkey, to take screenshots of the computer screen and to record Skype calls.
However, neither Sophos nor F-Secure, another antivirus company that analyzed the trojan, can confirm that it was created by the German government.
"We can't confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself," said F-Secure's chief research officer Mikko Hypponen.
Regardless of whether the trojan was created for lawful interception or not, both companies claim that their policy for it is the same - detect and remove. Sophos and F-Secure detect this trojan as "R2D2.A", a name derived from a string found in the malware's code.
However, an even more concerning issue is the fact that, according to the CCC, the trojan is full of vulnerabilities that could be exploited to take control of computers infected with it.
"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities," commented a CCC spokesperson. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'," they added. µ
Sign up for INQbot – a weekly roundup of the best from the INQ