Friday, October 14, 2011

Week 7 Post: German officials accused of hacking… by hackers.

A group of German hackers known as the ‘Chaos Computer Club’ (CCC) allege that they have uncovered a Trojan program designed for spying on Skype communications.  The allegations are leveled at German law enforcement officials, whom the group says used the Trojan for surveillance. 
The Trojan, the group learned after reverse-engineering and analyzing the ‘lawful interception’ malware program used by German police forces, has flaws which put the infected computer at risk to serious attacks by others.
The CCC wrote in a post on their Web site: "The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the Internet."
The group uncovered the Trojan while it was performing some consulting for German lawyer Patrick Schladt, who is defending a client facing charges of illegal export of pharmaceuticals.  Schladt had given his client’s laptop to the CCC to examine the machine using computer forensics.  The CCC used forensic software to restore the Trojan files, which had earlier been removed to cover the tracks of the program.
Mr. Schladt alleges the Trojan was installed on his client’s laptop by customs officials per the request of Bavarian state police when the client was returning to Germany after a trip in 2009.  Following his client being charged, prosecutors provided as evidence screenshots taken of the client’s Web browser.  Following that, Schladt contacted the CCC.

Snooping on suspected criminals is within the legal guidelines for German authorities, but they need court permission to do so and any spyware used for monitoring Voice over IP (VoIP) calls used by authorities cannot alter code on a suspect’s computer, nor can additional functionality be added to the software.
Mr. Schladt argues that the screenshots presented demonstrate that the software used to spy on his client’s laptop went “way too far for German logging” laws.  He brought his argument to a higher court and the judge agreed.  Mr. Schladt said: "The most important thing is that every screenshot that was made and every file out of that Trojan will not be in the case."

The malware in question, known as the “State Trojan” or “R2D2” has the capability to not only monitor Skype, but is also capable of monitoring MSN Messenger, and Yahoo Messenger communications.  Additionally, it is able to capture keystrokes in Internet Explorer, Firefox and other browsers, and it can capture screenshots. 

The malware violates German law because of its capability to receive uploads of programs from the Internet and is capable of executing them remotely.  According to the CCC “This means, an 'upgrade path' from lawful spyware to the full State Trojan's functionality is built-in right from the start. Activation of the computer's hardware like microphone or camera can be used for room surveillance, the government malware can, unchecked by a judge, load extensions by remote control, to use the Trojan for other functions, including but not limited to eavesdropping."

The State Trojan could theoretically be used to plant evidence on the infected machine.  It could also delete files, hence completely obstructing justice.  It also has serious security holes that would open the infected computer up to attacks made by others aside from the law enforcement agency that is controlling the software.

"The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the Trojan are even completely unencrypted," the CCC post says. "Neither the commands to the Trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies' IT infrastructure could be attacked through this channel."
The CCC says that it has contacted the German Ministry of the Interior about what it has uncovered. The group says that they (Ministry of Interior) have had enough time to activate the existing self destruct function of the trojan.”

At a news conference on the 10th of October, German federal government spokesman Steffen Siebert said that officials are looking into the matter.  “We are taking the allegations very seriously; we will need to check all systems thoroughly.”

WikiLeaks had released a confidential memo in 2008 that showed communications between German state law enforcement and a German software agency DigiTask, a company that makes software that is capable of monitoring Skype communication.

Seibert said that the software in question was 3 years old and had not been used by federal officials.
DigiTask lawyer Winfried Seibert said that the company had developed programs for authorities in Germany.
Regarding the use of the trojan, if it’s within German laws to spy on people’s computers in this fashion, then there’s nothing wrong with them using such methods.  The problem lies in the idea that they are creating security holes in the victim’s machines.    



           

References:
Mills, E. (2011).  Hackers say German officials used backdoor.  Retrieved 12 October, 2011 from Cnet Web site: http://news.cnet.com/8301-1009_3-20118194-83/hackers-say-german-officials-used-backdoor/

No comments:

Post a Comment