01 February 2008 | 13,297 views

German Police Creating Law Enforcement Trojan

Prevent Network Security Leaks with Acunetix

After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…

Of course they define who the bad guys are, and according to law 202(c) it could be us..

This is very definitely questionable when it comes to ethics, it’s almost as bad as backdooring highly secure encrption alogrithsm just so the government has a universal key..so yes you say what happens when the bad guys get the key? Same things happen when the bad guys take over this ‘remote forensic software’ network..

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop “remote forensic software” – in other words, a law enforcement Trojan.

Leaked documents outline proposals by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions. A second leaked document from the Bavarian Ministry of Justice outlines costing and licensing proposals for the software. Both scanned documents (in German, natch) have found their way onto the net after being submitted to Wikileaks.

They are even looking at jacking Skype so they can monitor net based VoIP calls..and intercepting SSL communications, although that shouldn’t be too tricky.

Either way they are both very dodgy.

Proposals to give explicit permission for law enforcement officials to plant malware stem from a Federal Court ruling last year declaring clandestine searches of suspects’ computers to be inadmissible as evidence, pending a law regulating the practice. Germany’s Federal Court of Justice said the practice was not covered by existing surveillance legislation.

Joerg Ziercke, president of Germany’s Federal Police Office (BKA), expressed frustration about their inability to decipher the encryption used by Skype in order to tap into the VoIP calls of suspected terrorists. Digitask, if the leaked documents are to be believed, has stepped into the breach.

Ok so normal people can’t make security tools to test their networks….but the government can create malware to monitor private communications?

Yah that really makes sense.

Once again – this is ridiculous!

Source: The Register



Recent in Malware:
- ParanoiDF – PDF Analysis & Password Cracking Tool
- Windows Registry Infecting Malware Has NO Files
- FakeNet – Windows Network Simulation Tool For Malware Analysis

Related Posts:
- German Federal Trojan (0zapftis/Bundestrojaner) Eavesdrops On Skype, IE, Firefox, MSN Messenger & More
- New Trojan Targets World Cup Fans – Troj/Haxdoor-IN
- Police to Monitor Indian Cyber-Cafes

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,309 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,459 views
- US considers banning DRM rootkits – Sony BMG - 44,929 views

Low-cost VPS Hosting

33 Responses to “German Police Creating Law Enforcement Trojan”

  1. Nobody_Holme 1 February 2008 at 6:21 pm Permalink

    They cant be serious…
    If the UK follows suit, i’m emigrating…
    Also, skype need to sue the german government/ digitask under their own law for breaking their encryption, no?

    I can see some international shenanigans too, say when a foreign diplomat’s computer gets compromised by a german police program (whether or not the german police put it there).

  2. Mitchell Ashley 1 February 2008 at 9:18 pm Permalink

    Back before I became a full time blogger and product visionary, I was working in security and this kind of tactic really is the next evolutionary step. You have to be a hacker to beat the hackers and “getting there first” is huge, whoever can take over the machine faster really has the upper hand as they can use virtualization and other technologies to fool the next guy so you don’t want to be the next guy, you want to be the first guy. We’ll see a lot of security products doing these things over the next few years.

  3. Pantagruel 1 February 2008 at 10:18 pm Permalink

    I guess in germany they want to label every citizin a terrorist so they can be followed and pestered in every conceiveable way.
    The only thing you nowadays have to do is convince a bunch of burocrats that it’s safer for ‘the people’ to have no privacy because it will enhance law enforcers to root out bad people more easily. I think they indeed need it because so far they have been unable to catch any major terrorist or criminal (Osama B. L, Karacicz, Mladidcz).
    Henceforth who ever uses crypto software on German soil has to be a terrorist or criminal and will be easy to pick off. No wonder all the sane security specialists have moved to Switzerland.

  4. Dornez 1 February 2008 at 10:29 pm Permalink

    I heard about this a few days ago. The discussion then mostly revolved around non-government hackers getting access to the government-planted backdoors, with a little bit of diplomatic relations trouble tossed in. The thing I haven’t seen mentioned is the legality of not being infected, whether by using an incompatible OS or by using virtual machines or LiveCDs. The Knoppix team is probably going to have a sudden burst of downloads.

  5. goodpeople 2 February 2008 at 12:27 pm Permalink

    This is insane for a number of reasons. I’m typing too slow to point out all of them, but if they install software on your computer without your explicit permission, they are breaking the law. Period. And even gouvernments aren’t allowed to do so.
    Then they have this tiny little problem of stopping it the border. How do they plan to control it?

    I could go on like this. But let’s think of the big corporations.. Do you really think any corporation in Germany is going to be okay with the German gouvernment installing spyware on their machines?

    I think they are going to have alot of fun in Brussels and The Hague.

  6. mumble 2 February 2008 at 4:11 pm Permalink

    I’ve decided never to go to Germany. For this reason, I bet I can do a fair bit of business doing security testing, analysis, etc… for German companies. This could be good for business.

  7. Nobody_Holme 2 February 2008 at 4:29 pm Permalink

    @mumble:
    It’ll all have to be remote testing, mind.

    I’m tempted to go to germany with my PC, and deliberatly let them install that thing on it, just so i can complain to the embassy/mainstream press and cause an international incident.

    should be fairly easy to limit when dealing with non-proffesionals… make it traceroute the target before installing itself, check where the last few hits on the traceroute are. (yes, its flawed when you deal with anyone competent, but hey, the whole thing is, so who cares)

  8. Pantagruel 2 February 2008 at 6:06 pm Permalink

    @Mumble

    You might consider buying your own island, the majority of the so called ‘civilized’ countries (US,UK,Ger,NL,etc..) is implementing an ever increasing amount of surveilance methods (be it camera’s, check booths or software) to ensure the so called public safety and all in the name of stopping terrorist action. Big brother is being implemented throughout the world (3rd world countries might lacking funds or digital means but they resort to the ancient hatchet/machette methode to exert control.

  9. Vanessa Bajcic 5 February 2008 at 1:13 pm Permalink

    You write: “intercepting SSL communications [...] shouldn

  10. Darknet 5 February 2008 at 6:38 pm Permalink

    Well the most feasible attack against SSL is still MITM, but then a properly configured setup is not prone to it, plus educated users would stop them accepting false certificates.

    But it does happen!

    It’s true though, be first on the machine and it doesn’t really matter what protection they use, apart from on-screen keyboards :)

  11. Pantagruel 5 February 2008 at 10:49 pm Permalink

    Just a snippet to back up Vanessa’s and Darknet’s remarks.

    ..The concept of DigiTask intends to install a so called Skype-Capture-Unit on the PC of the surveilled person. This Capture-Unit allows recording of the Skype communication, such as Voice and Chat, as well as diverting the data to an anonymous Recording-Proxy. The Recording-Proxy (not part of this offer) forwards the data to the final Recording-Server. The data can then be accessed via mobile Evaluation Stations…

    So it boils down installing a trojan and than capturing the transmitted data via a MITM system.

    The best mo after some German governement official has had his/her dirty hands on you machine is a complete reinstall including a BIOS flash just to get rid of nasty stuff in the BIOS chip. Running your OS from an encrypted volume is also a nice option, making it harder for them to install the trojan in the first place.

  12. Pantagruel 5 February 2008 at 10:50 pm Permalink

    some more reading on the SSL-MITM subject

    portal.acm.org/citation.cfm?id=1249249.1250016&coll=GUIDE&dl=GUIDE

  13. Pantagruel 5 February 2008 at 11:04 pm Permalink

    MMM the prior mentioned one you have to buy, this one you can get for free.

    http://www.cs.umu.se/education/examina/Rapporter/MattiasEriksson.pdf

  14. eM3rC 7 February 2008 at 8:27 am Permalink

    I am in total agreement with everyone above. Acts like this should be an outrage. Aside from an invasion of privacy, it also gives hackers an easy way in. This is like Vista’s permanent backdoors yet one hundred times more insecure. All I can say is there is no way this should be passed.

    Thanks Pantagruel for the solution to the trojan :)

    Big Brother is coming…

  15. jehess1 8 February 2008 at 12:08 am Permalink

    Looks like Germany is well on it’s way to creating a sort of Patriot Act like we have in the US. They can pretty much charge you with anything they want to under it and there is not a whole lot you can do about it. Oh what is the world coming to…

  16. eM3rC 8 February 2008 at 3:30 am Permalink

    @jehess1

    Although it is similar to the patriot act this is taking it to the next level. Rather than being monitored for “being suspicious” everyone is under the watchful eye of the government.

    Big Brother is coming…

  17. Pantagruel 8 February 2008 at 12:16 pm Permalink

    Big brother was already there but has become a tad more confident and started showing his face. I opt for the room 101 trick and have this horrifying legislation disappear.

    As it turns out I’ll be heading for Germany this weekend, mm what to do with my laptop }: . I’ll keep you posted if I run into an overzealous
    law enforcer (guess not)

  18. eM3rC 9 February 2008 at 8:37 am Permalink

    I hope the UK doesn’t become a digital dictatorship. I like the freedom of the internet and the various hacks available out there (hacks mind you, not cracks). I second your room 101 trick.

    All I can say is backup all your questionable stuff on a removable hard drive/flash drive and either keep that at home or in another part of your baggage. You could also make another partition and hide that, although I am not sure how good the guards are at computer forensics or if they will confiscate the computer and send it to a lab.

    Good luck Pantagruel and give us an update about your trip to Germany.

  19. duper 10 February 2008 at 10:22 am Permalink

    Sounds like what happened when Nazi Germany took the guns away–only the police were allowed to have them. I wouldn’t trust the Gestapo with their own swinging dicks. History repeats itself!

  20. Pantagruel 10 February 2008 at 2:48 pm Permalink

    @duper

    I think one should not compare this legislation to the nazi past, this is unfair and prone to generating unwanted remarks/memories.

    Just for reference, in the whole of Europe the police force (apart from the army of course) is allowed to wear firearms in public. Any civilian can own a gun but for sports only (hunting is also considered a sport and linked to, amongst others, a permit. This works much better than the given right to own a fire arm like the USA has, especially in conjunction with some state laws permitting the shooting of robbers and a likes.

    The one thing you’re right about is indeed history repeating itself (perhaps in a slightly different manner).

    BTW did not run into any overzealous law enforces, as expected.

  21. eM3rC 10 February 2008 at 8:25 pm Permalink

    @duper

    I agree with the part “history repeats itself” but not much more than that. (see Pantagruel’s reply)

    I see what your saying about giving the government a weapon (in a figurative sentence) and not allowing the people to protect themselves with the same one. All I can say for now is anti-hacking software will be pretty much impossible to because if the software is not hand programmed by the user they could use something like a live linux distro which would load linux rather than the trojan infected windows.

    @Pantagruel

    In agreement with you and would like to point out that Germany at this point has not made any type of hostile relations or has not been taken over by a form of a dictatorship. If you compare the government with Nazi Germany and modern day Germany they are different in almost every aspect. What I am trying to get at is although this legislation is very radical, it is not as horrific as the holocaust.

  22. J. Lion 11 February 2008 at 10:44 pm Permalink

    It would be interesting to see how this plan works out.

    The only way for this to work is for all people to comply. It could be bad that they only monitor the good guys and not the bad guys.

  23. J. Lion 11 February 2008 at 10:52 pm Permalink

    BTW – who will watch over Big Brother?

  24. eM3rC 12 February 2008 at 2:21 am Permalink

    @J. Lion
    I dont think anyone will. It will be an electronic dictatorship.

  25. Pantagruel 12 February 2008 at 5:23 pm Permalink

    Quis custodiet ipsos custodes? (Juvenal btw) “Who shall watch the watchers themselves?

    I think there will be a big chance of the watcher being on the receiving end of a trojan themselves (an eye for an eye, a tooth for a tooth)

  26. J. Lion 12 February 2008 at 6:06 pm Permalink

    Then it will be a question of who will be snitch?

    Then again they’ll probably cover each other and make sure they get away with anything.

    With power … comes “responsibility” or was that corruption?

  27. eM3rC 13 February 2008 at 2:31 am Permalink

    @Pantagruel
    “An eye for an eye makes the whole world blind”

    @J. Lion
    All forms of power must have a head. Question is who will have that power and how much of it will they have.

    I think keeping large numbers of regulators will allow a more democratic and hopefully safer form of security.

  28. zupakomputer 13 February 2008 at 6:51 pm Permalink

    re: what was writ about travellers having the spyware installed on their machines – so all any crime syndicate needs to do to aquire the code / programs being used is to also travel there with a laptop or similar, and perhaps look vaguely suspicious, and then the govt. will obligingly install for them the next tool put to major use to hostiley crack / monitor SSL and Skype, and monitor all actions on a trojan infected (I suppose we’re meant to use the term ‘inoculated’ here) machine.

    How can such tools fail to be used by the very folks the govt. claims to be writing them to catch.

  29. Pantagruel 13 February 2008 at 10:41 pm Permalink

    Any sane computer criminal will now start looking for weak spots in the German trojan. He/She who finds the first exploit will 0wn a veruy large botnet ;)

  30. J. Lion 14 February 2008 at 1:10 am Permalink

    @Pantagruel
    Can you imagine if that botnet becomes for sale?

    @eM3rC
    “large numbers of regulators” as in too many heads can cripple the project as well.

  31. eM3rC 14 February 2008 at 3:35 am Permalink

    @Pantagruel
    I think will be the biggest botnet in the history of computer hacking. Imagine all the information that will be jeopardized… And I would be willing to bet a large sum of money someone is going to find a way to crack it and very quickly.

    @J. Lion
    I think a happy medium would be the best approach to watching the government. Maybe like an elite group of people (8+).

  32. Pantagruel 27 February 2008 at 4:03 pm Permalink

    A german court has ruled against the use of a ‘law enforcement trojan’ under normal circumstances.

    German federal judges have declared it illegal for government snoops to use virus software to gather data from an individual’s hard drive — except for in extreme cases such as a terrorist threat. The loophole could open the way for a national law.

    http://www.spiegel.de/international/germany/0,1518,538094,00.html

    The only thing they now have to do is drop some illegal stuff to provide evidence proving extreme threat(s)/

  33. fever 8 April 2008 at 8:00 pm Permalink

    just what the world needs, legal trojans. the germans should try to build an anti-trojan device instead.