According to EDRi-member Chaos Computer Club (CCC), the German government has been using a backdoor Trojan, a spyware that can retrieve private data, and also offers a remote control for uploading and executing other arbitrary programs.
CCC has reverse engineered and analysed the respective programme and has concluded that the Trojan can receive uploads of arbitrary programs from the Internet and execute them remotely and that the activation of the computer’s hardware, like the microphone or the camera, can be used for surveillance.
Moreover, with the help of an additional module, it can be used to remotely control infected PCs over the Internet, watching screenshots of the web browser on the infected PC, including private notices, emails or texts in web based cloud services. On its website, CCC group includes a screen shot to show the Trojan in action.
The use of spying software violates the country’s constitutional law as it contains functions beyond the interception of Internet-based communication. In 2008, Germany’s Federal Constitutional Court ruled that the secret infiltration of information technology systems was a grave infringement of civil rights and could only be justified in some criminal investigations, and so established strict legal limitations for such cases.
The CCC analysis reveals this is a case of “Bundestrojaner” (federal Trojan), the colloquial German term for a government malware concept concealed as “Quellen-TKÜ” (meaning “source wiretapping” or lawful interception of the source). But, according to the constitutional court, Quellen-TKÜ can only be used for wiretapping Internet telephony and has to be enforced through technical and legal means.
The analysis concludes that not only were no technical safeguards introduced by the Trojan’s developers to provide the use of the malware exclusively for wiretapping Internet telephony, but its design includes functionality to clandestinely add more components over the network from the start, creating a bridge-head to further infiltrate the computer.
“This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired. Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system,” stated a CCC speaker.
Markus Beyer, spokesperson for the Federal Interior Ministry said at a press conference on 8 October 2011 that the software was “freely available” and three years old, without however stating whether the software had been designed by or for the government.
Chief government spokesperson Steffen Seibert stated at the same press conference that the German government was taking allegations about illegal surveillance software used by investigative authorities “very seriously” and would examine the claims made by CCC.
“It would be a very grave incident and clearly against the law should the allegation be accurate,” said Wolfgang Bosbach, chairman of the German Parliament’s Internal Affairs Committee to Deutschlandfunk radio and, on 7 October 2011, the Free Democratic Party asked for an investigation and a ban on the use of the software until the allegations were cleared.
German government accused of spying on citizens with state-sponsored Trojan (8.10.2011) http://www.zdnet.com/blog/bott/german-government-accused-of-spying-on-citizens-with-state-sponsored-trojan/4044
Analysis of Government malware (only in German, 8.10.2011) http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
Chaos Computer Club analyzes government malware (8.10.2011) http://ccc.de/en/updates/2011/staatstrojaner
Possible Governmental Backdoor Found (“Case R2D2”) (8.10.2011) http://www.f-secure.com/weblog/archives/00002249.html
German Malware May Put PC’s Camera at Risk (10.10.2011) http://www.bloomberg.com/news/2011-10-10/german-trojan-spyware-may-violate-constitution.html