The Tech Herald

CCC announces discovery of governmental Trojan

by Steve Ragan - Oct 10 2011, 11:00

On Saturday, the CCC said they've discovered a backdoor used by the German government. Pitched as a tool for lawful interception, the German Malware does far more than monitor VoIP communications.

The Bundestrojaner ("Federal Trojan"), a tool used to monitor VoIP communications (think Skype) once German law enforcement has a court order, was reverse engineered by the CCC. Their findings leave a good deal to be said about privacy violations, assuming the government admits that the code is theirs.

According to the CCC, the code allows remote access in order to upload and execute arbitrary programs, something the police cannot do legally. If that wasn’t bad enough, “design and implementation flaws” within the code make the backdoor functionality available to anyone on the Internet. To prove this point, the CCC created their own control interface for the Malware.

The CCC noted in their report that the Trojan’s developers “never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court.”

“We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities,” commented a speaker of the CCC.

“The security level this Trojan leaves the infected systems in is comparable to it setting all passwords to '1234'.”

The security community has given the German code an easily remembered name, R2D2. The name comes from the transmission function discovered in the source code. When transmitting information, including keystrokes, recorded calls, and screenshots, the Malware calls on the C3PO-r2d2-POE function to offload data to servers hosted in the U.S.

This outsourced hosting creates another privacy issue, which is compounded by the fact that anyone can control the Malware and the crypto used to secure transmission is shoddy and weak.

Based on the CCC’s findings, the code records Skype transmissions (calls and chat), ICO, MSN Messenger, and Yahoo Messenger. This is in addition to keystroke captures from Internet Explorer, Firefox, Opera, and SeaMonkey.

The German government has yet to claim the code or make any statements. We’ll update this story if they do. In the meantime, F-Secure and Sophos have added detection signatures for the Malware to their protection databases.

More from the CCC is here.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

2015 Dodge Challenger Pictures and Specs

Great pictures and spec details of the 2015 Dodge Challenger Here are some incredible pictur...

Mercedes-Benz S63 AMG 4MATIC Coupe Pictures and Specs

Check out these awesome pictures of the new Mercedes-Benz S63 AMG 4MATIC Coupe, which was re...

2014 New York Auto Show Pictures – Day One

Here are a selection of the main cars unveiled on the first day of the 2014 New York Auto Sh...

2014 Rolls-Royce Ghost Series 2 Pictures

Rolls-Royce have released a string of pictures of the Rolls-Royce Series II, unveiled at the 2014 ...

Gymkhana star Ken Block and Neymar’s Footkhana Video Teaser

Rally legend Ken Block, star of the famous Gymkhana video series, is releasing a new video to celb...