The Inquirer-Home

German hackers uncover a government trojan

Designed to record Skype calls and more
Mon Oct 10 2011, 16:09

FAMOUS HACKING OUTFIT Chaos Computer Club (CCC) claims to have identified a computer trojan designed by the German government to intercept communications from several instant messaging applications.

In Germany, the use of computer malware to manipulate a citizen's computer is prohibited by a 2008 ruling of the Constitutional Court. However, under wiretapping laws authorities are allowed to use software in order to intercept Internet telephony.

The CCC claims the trojan it analyzed, which it has dubbed "Bundestrojaner" (the federal trojan), is software designed by the government to intercept VoIP calls. However, its functionality extends much beyond that.

"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs," the CCC warns.

Security researchers from antivirus vendor Sophos have confirmed that the trojan has the ability to monitor Skype, MSN Messenger and Yahoo Messenger communications, to log keystrokes in Firefox, Opera, Internet Explorer and Seamonkey, to take screenshots of the computer screen and to record Skype calls.

However, neither Sophos nor F-Secure, another antivirus company that analyzed the trojan, can confirm that it was created by the German government.

"We can't confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself," said F-Secure's chief research officer Mikko Hypponen.

Regardless of whether the trojan was created for lawful interception or not, both companies claim that their policy for it is the same - detect and remove. Sophos and F-Secure detect this trojan as "R2D2.A", a name derived from a string found in the malware's code.

However, an even more concerning issue is the fact that, according to the CCC, the trojan is full of vulnerabilities that could be exploited to take control of computers infected with it.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities," commented a CCC spokesperson. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'," they added. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Apple announces the iPhone 6, iPhone 6 Plus and Apple Watch

Which of Apple's new products will you be buying?