German Chaos Computer Club analyzes and releases government malware

And it's things like that that will make even more people vote the Pirate Party.<p>Luckily the German public is by and large opposed to surveillance. (for historical reasons)

Our take on this case: <a href="http://www.f-secure.com/weblog/archives/00002249.html" rel="nofollow">http://www.f-secure.com/weblog/archives/00002249.html</a><p>Also, we decided to detect it.

Quality analysis by the CCC. I'm glad we have such an organization in Germany.

I wonder how they were able to make sure that it's the german government behind this. I've read the whole analysis but nothing really hinted at it.<p>Binaries not signed + no knowledge of how the infection is done + server in the USA which they said they didn't penetrate to look what's behind it.<p>I'm not doubting them, it would just be very interesting.

So much win. I am really thankful that the CCC has such a strong standing in Germany. I am looking forward to the news tomorrow :)

The chancellor's press secretary denies that this malware is the <i>Bundestrojaner</i>, claiming that it has never been used by the BKA, the federal crime investigation department [1].<p>From the wording of the tweet I assume that instead some LKA (crime investigation departments on the state level) had been using the malware.<p>[1] <a href="http://twitter.com/#!/RegSprecher/status/123056930888491008" rel="nofollow">http://twitter.com/#!/RegSprecher/status/123056930888491008</a>

The press release and the analysis are unfortunately poorly written and make it appear as if a couple of overeager teenagers wrote this, although their conclusion is accurate given the information given in the analysis.<p>Releasing the binaries alone to back up such a statement might be good enough for the hacker community but if you want to persuade the public you need to be more professional in your choice of words.<p>Even though this is a great achievement and I hope that this will have significant impact.

German newspaper, clueless as ever, show a MacBook<p><a href="http://www.faz.net/polopoly_fs/1.1486520.1318104289!/image/3251345485.jpg_gen/derivatives/default/3251345485.jpg" rel="nofollow">http://www.faz.net/polopoly_fs/1.1486520.1318104289!/image/3...</a>

F-Secure will detect the malware according to their blog post: <a href="http://www.f-secure.com/weblog/archives/00002249.html" rel="nofollow">http://www.f-secure.com/weblog/archives/00002249.html</a>

The title is a bit misleading. It seems this is a not a governmental malware to install on each citizen's PC. It's more a software installed on request by a judge for specific criminal cases. Looking a bit in IDA, the software is quite versatile and don't use any obfuscation techniques regularly seen in other malware. I suppose this is more and more used by the police because of the use of encryption on consumer products like Skype and other communication tools.

This might be considered proof that the found program was indeed used by the LKA Bayern.<p><a href="http://ijure.org/wp/archives/727" rel="nofollow">http://ijure.org/wp/archives/727</a> (in german)

Probably a stupid question, but does this target Windows?

There is one more detail hinting that this could indeed be the "Bundestrojaner". faz[1] cites a leaked offer from a German company to the authorities that, according to faz, contains exactly the characteristics found by the CCC. Even renting an "intermediate" communications server in the USA is mentioned.<p>The especially striking thing about this trojan is the functionality to load additional modules and go far, far beyond simple wiring tapping of (otherwise encrypted) communications (at the source) - which was the only thing that was actually approved (and the reason for this software in the first place) and it was stated clearly that the software must NOT go beyond wire tapping and technical precautions have to be taken to prevent the software from doing anything else.<p>Furthermore CCC's analysis showed that the part of loading additional code was actually hidden, obfuscated and spread out amongst the machine code - whereas the rest of the code was very straight forward, no obfuscations. So clearly whoever developed that thing was very aware of how illegal and unlawful that functionality is.<p>[1] (in German) <a href="http://www.faz.net/aktuell/feuilleton/ein-amtlicher-trojaner-anatomie-eines-digitalen-ungeziefers-11486473.html" rel="nofollow">http://www.faz.net/aktuell/feuilleton/ein-amtlicher-trojaner...</a>

I think it's also possible that some of those safeguard provisions were left out of the software so that in case the malware was detected, it could have been attributed to standard hacker groups as opposed to German government organizations who play within a specific set of rules and regulations. Obviously, this plan failed and it has been identified as government-sponsored malware.

This is all a steaming pile of horseshit. It won't pass proper journalism.

Unfortunately, it is, it was and it will always be necessary to spy on people who are suspicious of committing a crime. Proper surveillance has saved uncountable lives.<p>Years ago, police was using cameras and directional microphones. But as technology evolves, the methods to prevent crime have to envolve as well. To not allow the police to use the same technology as the criminals would actually endanger stability of the society. If you don't agree, have a look at what happened and happens in Africa all the time as an extreme example to what happens it mankind lives without proper regulations.<p>The key point that needs to be discussed is not whether this kind of technology should be used, it's how and who is allowed to use it. Countries need a proper separation of powers. And the use of surveillance should only under any circumstances be approved by the independed jurisdiction.<p>Personally, if you can get one pedophile or terrorist I wouldn't care if the whole police of Germany would share my Jena Jameson collection.