German state admits to use of controversial spy software

Officials in the southern German state of Bavaria confirmed late Monday that their agencies have been using a controversial spyware program since 2009.

Bavarian Interior Minister Joachim Herrmann said in a statement that they had acted within the law, and he promised a review of the software’s use.

Computer security experts and German politicians say such software is likely in violation of the German constitution.

A hacker group accused the German government on Saturday of developing and using the software to spy on its own citizens.

Steffen Seibert, spokesman for Chancellor Angela Merkel, said the charges would be investigated.

“We are taking [the allegations] very seriously,” he said. “We will need to check all systems thoroughly.”

Germany’s Interior Ministry said Monday no such program was being used at a federal level. 

Federal Trojan

The Chaos Computer Club (CCC), a well-known German hacker group, on Saturday announced its analysis of the so-called “Bundestrojaner,” or “Federal Trojan,” had revealed that this “lawful interception” program goes far beyond what normally would be allowed under German law.

Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift:  The CCC was ‘quite sure’ its findings were correct, according to Kurz“The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,” wrote the organization in an English-language post on its website. “Significant design and implementation flaws make all of the functionality available to anyone on the Internet.”

The spyware could even be used to plant evidence on a computer. “Functions clearly intended for breaking the law were implemented in this malware,” the CCC asserted.

The CCC, which came across the software through an anonymous tip, alleges the Trojan was developed by German police forces for intercepting personal data from the computers, including that of private individuals.

Earlier Monday, Constanze Kurz of the CCC told German public radio that the group was “quite sure” the German government developed the malware.

“We have no doubt, otherwise we wouldn’t have gone public with it,” she said.

The CCC’s analysis showed that the Trojan can log keystrokes, take screenshots, record Skype conversations and even activate webcams or computer microphones to surveil private happenings inside a person’s home.

What’s worse, the CCC said, is that poor data encryption protocols in the Trojan could allow the software to be used by third parties.

Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift:  Hypponen’s security firm has ‘no reason’ to doubt the findings‘No reason to doubt CCC findings’

After the Bundestrojan’s source code was published, several Internet security companies confirmed the CCC’s conclusions.

“We have no reason to doubt CCC findings,” said Mikko Hypponen, chief research officer at F-Secure, an Internet security company in Helsinki.

“[The CCC] has a long history of trustworthy research,” Hypponen told Deutsche Welle, adding ”I think it’s more likely than unlikely” the German government developed the malware.

“There are some details in the code that make it stand out from criminal software,” Hypponen said.

Graham Cluley, senior technology consultant for Sophos, a British computer security firm which also analyzed the software, points out that the malware “appears to connect to an IP address which we believe to be based in Dusseldorf or Neuss.”

After the CCC’s announcement, F-Secure decided to add this particular Trojan to its lists of known malware. Hypponen says about half of the Internet security industry currently blocks the malware.


Constitutional concerns

Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift:  Germany’s justice minister said her ministry had not implemented the softwareThe German Constitutional Court in 2008 established barriers to implementing such software, requiring that interception of Internet-based phone calls only be done with a warrant and court order.

Due to its high level of functionality, implementing this particular software would likely violate the German constitution.

Sabine Leutheusser-Schnarrenberger, Germany’s justice minister, told the Frankfurter Allgemeine Zeitung that her ministry had not implemented such software, without explicitly confirming or denying her ministry’s involvement.

But she also said on German public radio that “there is likely a divergence, based on accusations of the CCC, between what investigative authorities do, and that which the German Constitutional Court has determined.”

Wolfgang Bosbach, the spokesman on interior affairs for Merkel’s Christian Democrat party, told German radio that if a government agency had implemented the software, it “would be a very serious occurrence,” clearly illegal and in violation of the court’s decision.

In its Web post, the CCC chided the German government for its alleged constitutional violations: “Law enforcement agencies will overstep their authority if not watched carefully,” the group wrote.

Given Germany’s history of far-right government and out-of-control police powers, the allegations have been seen as particularly serious.

Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift:  WikiLeaks published memos indicating government involvement in 2008 Lack of proof

However, it is nearly impossible to prove with complete certainty that the malware originated from, or was contracted by, the German government, without someone coming forward with an intimate knowledge of the application’s development.

Sophos’ analysis of the spyware’s code noted German comments in the binary code, including “0zapftis” – a wordplay on a phrase the mayor of Munich says when opening the first barrel of beer at Bavaria’s Oktoberfest.

But those comments could just as easily have been added by anyone, Sophos’ Cluley notes.

Cluley also points out that memos between the Bavarian Ministry of Justice and German technology company DigiTask published on WikiLeaks in 2008 described functionalities that “match the behavior of the [new] files that were found.”

DigiTask, which is based in Haiger, about 100 kilometers (62 miles) north of Frankfurt, declined to comment on any potential involvement in this issue.

Normally, individual computers become infected with malware when they download data through e-mail.

However, Hypponen said this type of spyware could potentially involve an Internet service provider, or even old-fashioned spy methods such as breaking into a person’s home and installing the software manually.

“Yes, it’s creepy, if it’s used against you by the government and you’re innocent,” said Hypponen. “But if it’s used against you and you’re a drug lord, that’s a good thing.”

Author: Sonya Angelica Diehn, Joanna Impey (dapd, dpa)
Editor: Martin Kuebler

Article source: http://www.dw-world.de/dw/article/0,,15449054,00.html?maca=en-rss-en-all-1573-rdf

View full post on National Cyber Security » Spyware/ Cyber Snooping

Leave a Reply