The largest European hacker club, “Chaos Computer Club” (CCC), has reverse engineered and analyzed a “lawful interception” malware program used by German police forces. It has been found in the wild and submitted to the CCC anonymously. The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.

The CCC analysis reveals functionality in the “Bundestrojaner light” (Bundestrojaner meaning “federal trojan” and is the colloquial German term for the original government malware concept) concealed as “Quellen-TKÜ” that go much further than to just observe and intercept internet based telecommunication, and thus violates the terms set by the constitutional court. The trojan can, for example, receive uploads of arbitrary programs from the Internet and execute them remotely. This means, an “upgrade path” from Quellen-TKÜ to the full Bundestrojaner’s functionality is built-in right from the start. Activation of the computer’s hardware like microphone or camera can be used for room surveillance.

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC – owing to the poor craftsmanship that went into this trojan –  is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified “evidence” against the PC’s owner, or to delete files, which puts the whole rationale for this method of investigation into question.

How long until American police start using crap like this?

  1. ghost-of-algren reblogged this from fearandwar and added:
    Very soon, unless the next supreme court justice is appointed by a Democrat.
  2. fearandwar posted this