October 10, 2011
German Government Does Not Deny Spying On Computer Users
The German government is spying on computer users in its country with a trojan horse program without their consent, a German hacker group claims.
The Chaos Computer Club (CCC), claims on its website that it has obtained and analyzed software that is ostensibly a “lawful interception” program designed to legally listen in on internet-based phone calls as part of a legal wiretap. Its capabilities, the group says, go beyond legally acceptable bounds, MSNBC is reporting.
Covering its tracks, through rented servers located in the United States, the program logs keystrokes, activates webcams, monitors internet activities and sends data to government officials, the club alleges.
However, the CCC said, the spyware appeared to be of poor quality and dubious application. “We are extremely pleased that a competent programming expert couldn´t be found for this computer bug of morally questionable use,” the CCC said in statement and reprinted by thelocal.de.
Focusing on IT security issues, CCC expressed concern that the program did not provide even basic protection for the data it took from people´s computers, reports The Local, an English-language German news outlet.
No one from the German government has commented on the report, but antivirus companies are reacting to them. Security firm F-Secure will detect and disable the alleged government monitoring software if found on clients´ computers.
“Yes, it is possible the Trojan found by CCC is written by the German government. We just can´t confirm that,” said Mikko Hypponen, F-Secure´s chief technology officer, via Twitter and quoted by MSNBC. “We do not know who created this back door and what it was used for, (but) we have no reason to suspect CCC´s findings.”
CCC criticized security measures by programmers of the alleged spyware. Shoddy encryption allows a malicious third-party to possibly intercept the government communications, or take control of government-infected machines, it said.
“This complete control over the infected PC — owing to the poor craftsmanship that went into this trojan — is open not just to the agency that put it there, but to everyone,” the club said. “The security level this trojan leaves the infected systems in is comparable to it setting all passwords to ℠1234.´ “
“(This) puts the whole rationale for this method of investigation into question,” the club said.
Software companies offering antivirus programs have long said they would detect and disable any such government-monitoring software found on users´ machines. Still, the firm said it has not yet faced a direct confrontation with a government agency over the policy.
“We have never before analyzed a sample that has been suspected to be governmental back door,” it said Saturday. “We have also never been asked by any government to avoid detecting their back doors.”
The Chaos Computer Club used the announcement to make a plea for less electronic monitoring by government departments. “The (government) should put an end to the ever-growing expansion of computer spying that has been getting out of hand in recent years, and finally come up with an unambiguous definition for the digital privacy sphere and with a way to protect it effectively,” it said.
“Unfortunately, for too long the (government) has been guided by demands for technical surveillance, not by values like freedom or the question of how to protect our values in a digital world. It is now obvious that he is no longer able to oversee the technology, let alone control it.”
On the Net: