German Trojaner Federal

The German Chaos Computer Club (CCC) published a detailed 20-page analysis of the functionality of Backdoor:W32/R2D2.A, the trojan spying software used by by German police forces. The spyware goes much further than to just observe and intercept internet based telecommunication, and thus violates the terms set by the constitutional court. The trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court.

Functionality of Backdoor:W32/R2D2.A (not supported by law):

  • Watch screenshots on the infected PC – including private notices, emails or texts.
  • Keylogger functionality.
  • Search the files of the infected computer.
  • Place new files on the infected computer.
  • Microphone and camera of the infected computer can be used for room surveillance.
  • Load new modules and add more features.

The spyware Backdoor:W32/R2D2.A contains strong security bugs:

  • The commands send from the control server are not encrypted.
  • The self-delete function does not work properly.
  • One of two control servers (IP addresses: 83.236.140.90 and 207.158.22.134) is located outside of Germany in USA.
Deploying the Federal Trojan

Within the scope of criminal prosecution the so-called bavarian trojan has been deployed at least 5 times. Thereby, 29,589, 13,558, 12,174 and 11,745 screenshots got transmitted (see: Telepolis (german only)). Thus, using the trojan is already known partly its "extended" functionality as well. The surprise and the common dismay shown by all parties is therefore hardly believable. Such kind of a software ist not developed and deployed by a handful of programmers without political rear cover.

During criminal prosecutions the installation of the trojan was apparently done locally in almost all cases. Three times the confusion of a house search got used to infect the computers and one computer got contaminated during luggage control on an airport. A remote installation is probably possible as well but not documented on record yet.

Regarding the figures concerning deployment in the intelligence area the federal government remains silent. But one has to act on the assumption that the trojan got already deployed sevral thounsand times. Up till September 2009 the Federal Intelligence Service (BND) had already deployed a still underdeveloped remote control sfoftware and keylogger in 2,500 cases (source: Spiegel 11/2009). The deployment has probably increased with the new feature-rich software.

Update: The Federal Criminal Police Office (BKA) is disapproving the accusations. The software analyzed by the CCC is not deployed by the BKA, said a spokesmen of the Federal Ministry of the Interior. Maybe the software is the bavarian trojan which was offered by the DigiTask company to the State Investigation Bureau in Bavaria (LKA). The german pirate party got documents regarding this offer which are available on WikiLeaks.

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. Habnix says:

    Es wäre naiv zu glauben das sich die Regierung selbst ein Bein stellt,auch wenn sie eindeutig der Täter sein könnte oder ist. Sie wird es beim nächsten mal besser machen lassen. Jede Regierung in der Welt ist der Kriminellste Teil eines Landes oder Staates,sonst wäre es ja kein Land oder Staat.

  2. Darrence says:

    Ah, i see. Well that's not too trkicy at all!"


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.