German Government accused of running spy trojan
Hacker group the Chaos Computer Club (CCC) has accused the German Government of using a Trojan to snoop on citizens’ computers.
The CCC, which calls itself the largest hacker group in Europe, made the claim after reverse engineering a “lawful interception malware program used by German police forces” that it claimed gives the authorities access to end-user computers.
“The malware can not only siphon away intimate data, but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,” the CCC said on its English-language site, adding that the design of the snooper also left computers vulnerable to attacks from third parties.
The discovery is likely to create a stir in Berlin because the level of probing, the CCC says, goes beyond what is allowed under German law on tapping, which was set up to control only VoIP calls.
The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls
“The CCC analysis reveals functionality that goes much further than to just observe and intercept internet-based telecommunication, and thus violates the terms set by the constitutional court,” the CCC said in its statement. “The trojan can, for example, receive uploads of arbitrary programs from the internet and execute them remotely.
“This means, an ‘upgrade path’ is built-in right from the start. Activation of the computer’s hardware like microphone or camera can be used for room surveillance.”
The CCC claims anyone infected with the spyware could easily be hacked by criminals unrelated to the German Government. “We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities”, the CCC said.
“The security level this trojan leaves the infected systems in is comparable to it setting all passwords to ‘1234’.”
No official response
The German Government has yet to acknowledge the claims, but security experts have examined the code and support the theory, even if they can’t confirm the malware’s origin.
“The malware in question is a Windows backdoor consisting of a DLL and a kernel driver,” said F-Secure chief research officer Mikko Hypponen in a company blog.
“The backdoor includes a keylogger that targets certain applications, including Firefox, Skype, MSN Messenger, ICQ and others. The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls.”