×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Coder of Swiss Wiretapping Trojan Speaks Out

Soulskill posted more than 4 years ago | from the is-swiss-software-full-of-security-holes dept.

Security 114

Lars Sobiraj writes "Ruben Unteregger has worked for a long time as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would invade PCs of private users, and allow the wiretapping of VoIP calls — in particular, calls made through Skype. In the German-speaking areas of the country, the Trojans were called 'Bundestrojaner' because the Swiss government was involved with their development and use. Unfortunately, Unteregger has to remain silent about the customers of the company. Last night, he published the source code of his Skype-Trojan under the GPL."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

114 comments

GPL ? (1, Insightful)

Pieroxy (222434) | more than 4 years ago | (#29201731)

GPL really is a stupid option in my opinion. Most certainly the guy doesn't even own the source code since he did it under contract from an employer, so he cannot really "release" what is not his...

Maybe I'm wrong and he owns the source code though. But it will give some more ammo to the FUD that carries some big corporations that GPL is bad.

Surprised (1)

davidwr (791652) | more than 4 years ago | (#29201815)

When the American/British/other-similar-country version of something similar comes out it will be on Wikileaks, without attribution.

Re:GPL ? (5, Informative)

wild_quinine (998562) | more than 4 years ago | (#29202323)

Most certainly the guy doesn't even own the source code since he did it under contract from an employer, so he cannot really "release" what is not his... Maybe I'm wrong and he owns the source code though.

From the article:
"There won't be problems about copyright, because ERA IT Solutions let me keep it... About the details, why I keep the copyright on this, I can't offer a statement. As already mentioned I agreed to absolute silence. You can speculate now or ask the sources directly. "

Re:GPL ? (4, Interesting)

chrb (1083577) | more than 4 years ago | (#29203393)

About the details, why I keep the copyright on this, I can't offer a statement.

My guess would be liability. If Skype want to sue the "owner" of the trojan, the company is safe. If a "victim" of the trojan wants to sue the "owner", the company is safe. In any court case, the company can turn around and say "Ah, but we just provide advice and consultancy services. The creator and owner of the trojan code is Ruben Unteregger, and he is a completely different legal entity."

Re:GPL ? (4, Funny)

oldhack (1037484) | more than 4 years ago | (#29203877)

Title reads: "Coder of Swiss Wiretapping Trojan Speaks Out"

Summary reads: "Unfortunately, Unteregger has to remain silent about the customers of the company."

The parent quotes the guy: "About the details, why I keep the copyright, I can't offer a statement. As already mentioned I agreed to absolute silence."

That's why I am not commenting on this story.

Re:GPL ? (2, Informative)

syphax (189065) | more than 4 years ago | (#29202419)

From TFA:

Rubin Unteregger: Yes, thatÂs the plan. The source code of this wiretapping trojan will be published in the upcoming days. There won't be problems about copyright, because ERA IT Solutions let me keep it.

Re:GPL ? (0)

Anonymous Coward | more than 4 years ago | (#29202745)

i can't believe this is moderated insightful, he says in the intervew that he has full copyright of the sourcecode

Re:GPL ? (0)

Anonymous Coward | more than 4 years ago | (#29203419)

I can believe it. Obviously the commenter and the mod never read the entire article, but then again, neither did I.

-- gid

Re:GPL ? (1)

Runaway1956 (1322357) | more than 4 years ago | (#29203237)

I seem to hear an assumption that the laws governing his contracts are compatible with United States corporate views concerning contracts. Maybe this code really IS his, by law?

Re:GPL ? (2, Insightful)

element-o.p. (939033) | more than 4 years ago | (#29204409)

GPL really is a stupid option in my opinion...it will give some more ammo to the FUD that carries some big corporations that GPL is bad.

Assuming the source code is his to give away (certainly not a given!), I have to disagree.

1) GPL is perfect for this, since it essentially says, look -- take this code and modify it, redistribute it, analyze it, re-publish it...do what you want with it, as long as you allow this same freedom to anyone else who gets the software. This is the whole reason the GPL exists in the first place! In this case, this is good because it allows others to take the code apart, figure out what makes it tick and come up with A/V signatures to detect it without worrying about whether or not you are violating a licensing agreement by trying to analyze and reverse engineer the code. It does also allow black hats to rewrite and enhance it for illicit use, but that's one of the problems with freedom -- you can always abuse freedom, if you choose. And for whatever it's worth, I don't think the black hats were going to be too concerned about license restrictions, anyway...

2) Saying that GPL is bad because software that may possibly be used for ill intent is licensed under the GPL is a logical fallacy. Would anyone in their right mind say that, because someone somewhere has used a car to commit a crime (drunk driving? getaway car in a robbery? ran over someone who pissed them off?) that therefore all cars are inherently evil? Of course not, so why would you say that about software?

3) Okay, maybe that's not what you meant by your "more ammo to FUD" argument. Maybe instead you meant that it allows big corporations to worry that their developers might give away their software products by licensing them under the GPL. How is that any different than any other commercially developed GPL'd product (MySQL, RHEL, etc.)? Or, from another angle, how is that any different than any other big company worrying that their developers might give their intellectual property to a competitor, or publish it on-line somewhere? It is *possible* for this to happen whether it's GPL'd, released under other FOSS licenses or simply posted on-line without any kind of license at all.

Of course, if he doesn't really own the rights to the source code, then all bets are off.

Re:GPL ? (1)

element-o.p. (939033) | more than 4 years ago | (#29204491)

I guess I should RTFA -- there are posts below mine that show that he does, in fact, own the copyright to the software. In which case, if the company hires someone to write software and the author of that software then posts it under the GPL (or other FOSS license), then how does that possibly add ammo to the FUD argument about the GPL?

Re:GPL ? (1)

improfane (855034) | more than 4 years ago | (#29204593)

Logical fallacy? It COULD be used for good but think: Wiretapping is invasive by design, you're trying to tap into listening to a communication you probably do not have the invitation to. The few legitimate and reasonable purposes for wiretapping software I can think of are:

  • personal recordings of calls
  • legal enforcement/national security (haha)
  • monitor your children

Do you think that most users of this will be doing these things?

A hammer may be used for murder but you generally use it for hammering nails. Think about the intent not the potential usage! That's why what you say is not a logical fallacy. Do you not think that a car is regarded a transport vehicle first and criminal intent second?

Re:GPL ? (1)

element-o.p. (939033) | more than 4 years ago | (#29205227)

You missed my point. I'm not arguing whether or not this particular piece of software is good or evil; I'm arguing whether or not someone releasing under the GPL a piece of software that is most likely to be used for ill intent makes the GPL itself good or evil.

The argument I am trying to counter goes like this:
1) This software is evil.
2) This software was released under the GPL.
3) Therefore, the GPL is evil.

This is the argument I was attacking, and it is indeed a logical fallacy. The GPL does not take on the characteristics of the software released under it; software released under the GPL takes on the characteristics of the GPL, and those characteristics apply equally to malware and to beneficial software.

In my argument, the GPL, not the software, is like the car. Both the GPL and a car can be used either for legitimate purposes (i.e., Linux/GPL and transportation/car) or illegitimately (i.e., malware/GPL and murder/car).

Incidentally, I hereby release this argument under the GPL so that anyone wishing to use it to counter FUD from big corporations trying to make the association from malware to GPL may be free to do so :)

Yeah! (1)

improfane (855034) | more than 4 years ago | (#29205405)

I would have modded you up in your original post but chose to reply because of another reply in the thread I think. I actually agree but was trying to strengthen your analogy.

Re:Yeah! (1)

element-o.p. (939033) | more than 4 years ago | (#29205643)

It never hurts to flesh out and clarify an argument. That's one of the reasons I love /. -- I get critical analysis of my thinking, which I greatly enjoy (well,usually :). "Steel sharpens steel," and all that. Thanks for showing me where I can do better!

I should have said (1)

improfane (855034) | more than 4 years ago | (#29205761)

I should have said I was commenting on wiretapping itself, not GPL. GPL's intended purpose is to help people and for freedom like a car is for transport. :-) This is why I like Slashdot, there are many level headed people!

Re:GPL ? (1)

CrimsonAvenger (580665) | more than 4 years ago | (#29204667)

2)Would anyone in their right mind say that, because someone somewhere has used a car to commit a crime (drunk driving? getaway car in a robbery? ran over someone who pissed them off?) that therefore all cars are inherently evil? Of course not, so why would you say that about software?

Of course, people say that about guns all the time. So I'm assuming that the same sort of people would say the same sort of thing about a Trojan...

Re:GPL ? (1)

element-o.p. (939033) | more than 4 years ago | (#29205557)

Yeah, I didn't really want to go there. Although I think the principle is as true for guns and software as it is for cars, a lot of people feel that guns are only used for killing, therefore they are inherently evil[1]. Consequently, if I had used guns rather cars in my analogy, I would have potentially harmed my argument.

[1] I believe that this conclusion is false, too. A gun is designed to kill, but I disagree that this is always evil. I would not hesitate for a single second to kill someone who intended to harm my family, nor do I think that using a gun to kill a moose or deer, etc. for food to feed my family is evil. However, there are people who believe that killing is never, ever justified, so I didn't intend to go there in my original argument.

Re:GPL ? (1)

KC7JHO (919247) | more than 4 years ago | (#29206049)

A gun is designed to kill,

Actually, it can be said that a gun is designed to push a piece of material in a (mostly) straight line at a very high speed. While this could just as easily be target practice, competition shooting, etc. the intent to use it to kill (a person, animal, etc.) is solely at the discretion of the shooter.

The same applies to this software, it is designed to record the Skype conversation. This could be used to archive several machines / users to a central server (yes some source code would need changed, but it is now under GPL and this can be done) for "Training/Quality Assurance" purposes.

Note: I am not disagreeing with your intent, just clarifying it a bit.

Re:GPL ? (1)

element-o.p. (939033) | more than 4 years ago | (#29208761)

Point taken.

CrimsonAvenger also raised a similar objection, pointing out that guns are used far more often for target practice than for killing, which might also be true (historically, including hunting for food? Maybe; I don't know for sure). It's certainly true for me, at least. I own several guns but I have never shot a single living thing with any of them (although I have shot a grouse -- once -- with a bow, but that's slightly off-topic).

Re:GPL ? (1)

CrimsonAvenger (580665) | more than 4 years ago | (#29206531)

A gun is designed to kill,

While this is certainly true, I should point out that more guns in the USA are used for target shooting than for killing.

Yeah, I didn't really want to go there.

Understand completely. I was just pointing out that there exist a large group of people who believe that tools can be evil. And those people would be delighted by the chance to name yet another tool to be evil incarnate.

IMO, men can be evil, and can use tools to commit evil acts. But the tools, in and of themselves, are never more than tools, and no more evil than a rock is evil.

Yes, a gun is a tool. So is a rock, for that matter....

Only a matter of time (2, Interesting)

eviloverlordx (99809) | more than 4 years ago | (#29201743)

I don't think that a reasonably informed person could expect that this sort of thing could be kept bottled up for very long.

Re:Only a matter of time (1, Troll)

Anonymous Cowar (1608865) | more than 4 years ago | (#29201883)

This is government we're talking about. "Reasonably Informed" and "Politician"/"Government Bureaucrat" are mutually exclusive. Anywho, if the swiss politicians are anything like we have stateside, the trojan that they voted for doesn't need to stay secret forever, just until after the next election. That's the problem with politics, very few successful politicians thing or act long term because thinking long term means making painful decisions that will most likely get them voted out of office for the next feel-good guy. So you have all of these feel-good guys with 2,4, or 6 year attention spans and as long as the world doesn't end in that time period, they're pleased as punch.

The guys who voted on this or approved it will probably say "That was last term/fiscal year, this is this term/fiscal year! Lets go have a beer!" and be done with it, as if they are magically not guilty of voting this monster into existence.

Re:Only a matter of time (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#29202261)

It's not at all clear to me that the plan really required keeping it bottled up. You don't really need secrecy if you have power(though secrecy is undoubtedly gravy if you can get it).

There are precious few, if any, countries where authorities have had much trouble passing laws giving themselves broad "security" powers. With those in place, they don't really need to keep things under wraps, what are you going to do about it?

NOO! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29201781)

TED KENNEDY IS DEAD!

Re:NOO! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29202013)

who killed walt disney.... with a wrench?

Re:NOO! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29202115)

Good riddance

Re:NOO! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29202985)

Truly an American icon.

YES!! (-1, Offtopic)

Runaway1956 (1322357) | more than 4 years ago | (#29203387)

If a murderous bastard who will off his inconvenient pregnant girl friend can be considered an "American icon", then yes.

How about some honest headlines? "Chappaquiddick Ted finally meets his fate!" "Mary Jo Kopechne's beau rejoins her at last!"

Everyone who ever voted for the pig should be ashamed of themselves.

Re:YES!! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29203787)

Go fuck yourself. You are a shame to the whole human race.

Government Support Malware... Great... (3, Interesting)

LitelySalted (1348425) | more than 4 years ago | (#29201783)

Government supported malware...

I guess he's trying to vindicate himself by publishing the source code, but the reality is that there is a risk some idiot out there is going to misuse this information.

Seriously, do we want open source malware?

Re:Government Support Malware... Great... (5, Insightful)

Kokuyo (549451) | more than 4 years ago | (#29201877)

but the reality is that there is a risk some idiot out there is going to misuse this information.

SOME idiot? I'm most worried about the government itself, thank you.

Re:Government Support Malware... Great... (0)

Anonymous Coward | more than 4 years ago | (#29202403)

Politicians are ensured to do something stupid if corporations make it worth their while.

Re:Government Support Malware... Great... (1)

Archangel Michael (180766) | more than 4 years ago | (#29202591)

You are the government (at least you're supposed to be) here in the US, so if you're afraid of the government, you're afraid of yourself. How is that for recursive fear? :-D

 

Re:Government Support Malware... Great... (0)

Anonymous Coward | more than 4 years ago | (#29202963)

Don't worry. It's just as afraid of you as you are of it!

Re:Government Support Malware... Great... (3, Insightful)

hitnrunrambler (1401521) | more than 4 years ago | (#29203693)

You are the government (at least you're supposed to be) here in the US, so if you're afraid of the government, you're afraid of yourself. How is that for recursive fear? :-D

Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.

Cool... having a sig that highlights why you should be "afraid of yourself" while commenting on the recursive nature of such fear turns it from being a simple recursion into a complex fractal pattern.

Re:Government Support Malware... Great... (0)

Anonymous Coward | more than 4 years ago | (#29204301)

You must be new here

Re:Government Support Malware... Great... (1)

element-o.p. (939033) | more than 4 years ago | (#29204557)

Your signature, in light of your post, is rather interesting. And I won't even go into the differences between a pure democracy and a representative democracy right now.

Re:Government Support Malware... Great... (0)

Anonymous Coward | more than 4 years ago | (#29202889)

.. which is, traditionally, mainly a COLLECTION of idiots..

Re:Government Support Malware... Great... (3, Funny)

WindowlessView (703773) | more than 4 years ago | (#29203619)

I'm most worried about the government itself, thank you.

Well thankfully this was the Swiss government. The US would never use some of the billions poured into the new "Cyberwar" to do exactly the same thing. We have laws and high government officials always get brought to justice over things like this...

Re:Government Support Malware... Great... (1)

Kokuyo (549451) | more than 4 years ago | (#29208339)

Albeit late, thanks to Inglorious Basterds, I'd like to mention that I AM Swiss, you insensitive clod! ;)

Re:Government Support Malware... Great... (1)

Dr_Ken (1163339) | more than 4 years ago | (#29201935)

He might be feeling guilt about what he did and is trying to absolve himself. And I agree releasing open source mal ware code isn't especially helpful either.

Re:Government Support Malware... Great... (2, Insightful)

gnick (1211984) | more than 4 years ago | (#29202357)

...releasing open source mal ware code isn't especially helpful either.

Open sourcing it is fine (assuming he's allowed to do so - I know I'd be in trouble if I open sourced the code I'm paid to write) - Even then there's the Wikileaks option if GPL (or whatever) isn't practical. But, both as a courtesy, an aggressive encouragement to improve, and an effort to minimize damage, it should be politely delivered to Skype first. Skype should also be made aware of your intentions, in say 3-6 months, of sharing it with the world.

Re:Government Support Malware... Great... (4, Insightful)

AndrewNeo (979708) | more than 4 years ago | (#29201969)

Yes, we do, for the same reason we want other software to be open source.. security. If we can see into a program's source, we can identify potential security issues. By releasing the trojan's source code, Skype can fix their software.

Re:Government Support Malware... Great... (3, Informative)

AlXtreme (223728) | more than 4 years ago | (#29202157)

By releasing the trojan's source code, Skype can fix their software.

I don't think this will help Skype a lot, at best they could attempt to stop this particular trojan.

We're talking about a trojan that has complete access to the local machine. At some point in the software Skype has to decrypt the audio transmission and send the data via the OS's audio API, and that is where this trojan will intercept the data. Skype now knows how the trojan intercepts the data, and at best they could frustrate it in a new version (which would work until the trojan is updated).

The big question is if Skype is still secure without having to gain access to the local machine (ie. can law enforcement decrypt Skype traffic).

Re:Government Support Malware... Great... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29202755)

The big question is if Skype was ever secure. They've sure got something they're trying to hide, with all the anti-debugging measures they've built in to their software.

Horse already bolted (1)

improfane (855034) | more than 4 years ago | (#29204709)

We're talking about a trojan that has complete access to the local machine.

If the machine is compromised, nothing you do really matters. It's closing the barn doors after the horse has bolted; fixing this is silly. It's just like this 'exploit' [msdn.com].

You could just record whatever comes from stereo mix? Why bother decrypting anything?

Re:Government Support Malware... Great... (1)

mxs (42717) | more than 4 years ago | (#29205491)

And the big answer is "if you assume it is, you are an idiot". Use something you can audit.

Re:Government Support Malware... Great... (1)

LitelySalted (1348425) | more than 4 years ago | (#29202329)

I think you're missing the point. Releasing the source code for a piece of software can have more impact than analyzing how to defeat it.

In this particular case, releasing methods for breaching firewalls and infecting computers can create problems for a MYRIAD of software developers. Not to mention that it might help people trying to develop their own hazardous software.

I think the community all to often associates "Open Source" with all that is good and shiny without fully analyzing the repercussions of publishing the code. Think about it, if Windows, for some unknown reason, suddenly decided to go Open Source, there would be ABSOLUTE MAYHEM. Caps for emphasis.

Re:Government Support Malware... Great... (1)

Runaway1956 (1322357) | more than 4 years ago | (#29203497)

I see two possibilities. Skype is using buggy code which is easily exploitable, in which case, everyone should know it. The only reasonable response is to abandon Skype.

OR, Skype has now learned of a flaw in otherwise reliable software, in which case they patch it, and go on.

If the Linux and the Unix kernels have survived all these years with the code readily accessible by anyone who wants it, I see no reason to protect Skype from an open sourced exploit. Skype would be better off if they open sourced their own code.

Re:Government Support Malware... Great... (1)

itzfritz (822208) | more than 4 years ago | (#29205507)

It's not exploiting a bug in Skype's software; it just inserts a hook into Windows' audio api and records whatever runs through it when Skype is running.

Re:Government Support Malware... Great... (1)

gad_zuki! (70830) | more than 4 years ago | (#29202553)

I doubt skype can do anything. This trojan runs locally with admin rights. Somewhere in there skype needs to put the encryption key in memory. The trojan probably just grabs it and then decrypts the VOIP packets. The solution here is to not run trojans.

Re:Government Support Malware... Great... (1)

EdIII (1114411) | more than 4 years ago | (#29203575)

The solution here is to not run trojans.

I think the solution is not the run Skype. Skype is shit, but it would probably be better to use a standalone piece of hardware to run it. I use hardware SIP phones to make all my phone calls with their packets being encrypted between them and the IP-PBX. A machine gets infected with a trojan the worst it can do is possibly capture those encrypted packets. There is no access to the encryption key anywhere in that particular machine.

Ideally, Skype should not be any different.

Re:Government Support Malware... Great... (1)

TooMuchToDo (882796) | more than 4 years ago | (#29204661)

Can you provide info on what hardware IP phones you use? We have a bunch of Cisco IP phones, and I'm in the process of deploying another 100 or so. I would very much like to do encryption of both the SIP and the voice data stream at the phone's level.

Re:Government Support Malware... Great... (1)

EdIII (1114411) | more than 4 years ago | (#29207581)

I don't know what phones you are using, but Cisco more than likely supports SRTP on the model you are using. They helped create it in the first place. I am using Aastra 9480i's and 9143i's. They support SRTP. You must enable it in your configuration files (defaults to off) and can specify a preferred state (will downgrade to RTP) or an only state in which non-SRTP capable calls will fail.

As for IP-PBX, I mostly use Asterisk. You can add SRTP support to Asterisk and there are resources on the web that help you do that. FreeSwitch supports SRTP as well. Most solutions for an IP-PBX probably support SRTP at this point too.

You just need to make sure in your conf files (on your IP-PBX) that you specify that it should be used, and then check for it in your dial plan. You can set it up where encryption is used when available, or force the issue and disallow SIP clients that are not capable of it.

Any other questions, just post them here. I'll do my best to answer it :)

Re:Government Support Malware... Great... (2, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#29202301)

I think we do. If the malware is a "feds only" tool, there will be pressure, overt or covert, on security vendors to make their products look the other way when it shows up. That would be bad.

If every tom, dick, harry, and script kiddie out there has a dozen variants, security vendors will have to treat it as a threat, and hopefully end up mitigating the effectiveness of the fed trojan.

Re:Government Support Malware... Great... (1)

TooMuchToDo (882796) | more than 4 years ago | (#29204689)

As someone who works with several ISP co-ops, I'd love to get a snort signature that I could provide to them and say "If this flies across the network, you should be notifying your user immediately", while also having snort jam it using RST packets.

Re:Government Support Malware... Great... (1)

tsm_sf (545316) | more than 4 years ago | (#29202819)

Seriously, do we want open source malware?

The 2nd amendment fans will clue up any minute here and fill you in.

Re:Government Support Malware... Great... (1)

gad_zuki! (70830) | more than 4 years ago | (#29202925)

>Government supported malware...

I dont see a problem with this as long as it requires a warrant, like how the US uses programs like CIPAV. [computerworld.com]

Re:Government Support Malware... Great... (0)

Anonymous Coward | more than 4 years ago | (#29203753)

The thing is that software of this kind does not only collect data, it can also PRODUCE data - i.e. FALSIFY it. There's no guarantee - none at all - that what is being reported by the law enforcement agencies as "criminal behaviour" was ever committed - you just have to trust the operator of the malware. Oh, and even IV there was criminal behaviour, who says who the computer USER was during these acts? No, covert intrusion of computer systems is NOT how I want my govt' to operate.

Re:Government Support Malware... Great... (1)

element-o.p. (939033) | more than 4 years ago | (#29204537)

Well...it makes it easier for the A/V companies to write a detection algorithm, since they don't have to reverse engineer the binary now.

Re:Government Support Malware... Great... (0)

Anonymous Coward | more than 4 years ago | (#29208159)

>do we want open source malware?

No, we just want people who refuse to write malware. For any reason.

Especially for money.

So morally, he's an assh*le because he DID write it, and for money.

Not Exactly Rocket Science (1)

cromar (1103585) | more than 4 years ago | (#29208227)

This isn't rocket science or brain surgery. A trojan that sniffs your internet connections' packets and allows interested parties to gain access to the packets sent/received by Skype or any other application could be written mostly with open source libraries already available. It would take some bit of know-how, but nothing extremely specialized. Heck, you could even just stream the user's microphone audio data out and bypass Skype entirely. You could connect directly to the user's web cam - I think there was a virus/trojan that did that already even :)

Re:Not Exactly Rocket Science (0)

Anonymous Coward | more than 4 years ago | (#29208627)

This isn't rocket science or brain surgery. A trojan that sniffs your internet connections' packets and allows interested parties to gain access to the packets sent/received by Skype or any other application could be written mostly with open source libraries already available. It would take some bit of know-how, but nothing extremely specialized. Heck, you could even just stream the user's microphone audio data out and bypass Skype entirely. You could connect directly to the user's web cam - I think there was a virus/trojan that did that already even :)

There are many which already do that.

Re:Government Support Malware... Great... (1)

Eil (82413) | more than 4 years ago | (#29208285)

but the reality is that there is a risk some idiot out there is going to misuse this information.

There are a lot of idiots out there. There is a lot of information out there. I dare you to try to keep them separate.

Seriously, do we want open source malware?

Well, why not?

1. Having the malware open source means that everyone can study it. Not just script kiddies but also security researchers, software developers, and students.

2. If the malware exposes any vulnerabilities, they can be fixed a lot more readily than if an expert white hat reverse engineer had to step through the compiled version in a debugger to find out what was going on.

3. Obscurity is not security. Someone, somewhere, would have also figured out how to make a Skype wiretapping trojan and use it for nefarious purposes, if they haven't already.

Not helpful? (2, Interesting)

weirdcrashingnoises (1151951) | more than 4 years ago | (#29202091)

Isn't the idea of full disclosure meant to help security by bringing to light flaws in ...whatever? thus forcing companies/governments to deal the the problem rather than simply ignore them. Altho in this case a government (Swiss) is playing on one side, and a company (Skype) is on the other.

Now, Would A Patriot Please Post (2, Funny)

Anonymous Coward | more than 4 years ago | (#29202139)

the N.S.A.'s [google.com] code for intercepting EVERYTHING .

Yours Seditiously,
Kilgore Trout

Re: Now, Would A Patriot Please Post (1)

muckracer (1204794) | more than 4 years ago | (#29202359)

dd if=/dev/all_major_inter_slash_national_pipes of=/dev/dcs_in_maryland | grep -f echelon_keywords.txt > mail -s FARKINGCOMMIES! analyst14398@nsa.gov

You're welcome! :-)

Re: Now, Would A Patriot Please Post (2, Informative)

TheRaven64 (641858) | more than 4 years ago | (#29203493)

I suspect you mean tee, not dd. The dd command won't output anything to the stdout so grep never receives any input.

Although, come to think of it, that would explain why the wiretapping program hasn't produced much by way of results...

Call me naive... (2, Insightful)

Zantac69 (1331461) | more than 4 years ago | (#29202163)

...but isnt this is a little irresponsible? Its not as irresponsible as handing a loaded Glock to a 17 year old that as raised on Half-Life, Doom, Quake, etc...but still. You are giving basically ready made code to cryp kiddies to cut, paste, and be stupid with. True black hats probably dont need it (or already had it), but that kind of makes it too easy for the wannabes. I can see why code would be released so that software makers can IMPROVE and and lock down their code to prevent snooping like this...but to just toss it out there so anyone can play with it. :shrug: Just does not seem right. (of course - the snooping to begin with was probably not "right" to begin with)

Re:Call me naive... (5, Informative)

jimicus (737525) | more than 4 years ago | (#29202449)

You're naive.

I'm not going to go searching on Google now but there are already loads of malware toolkits out there being used by script kiddies, some of which are rather easier to use than "First learn to code in C". This doesn't change anything.

Re:Call me naive... (1)

MikeBabcock (65886) | more than 4 years ago | (#29203499)

For example to supplement the parent, bo2k isn't exactly hard to find. They have a really huge website with a lot of details on how to use it.

Re:Call me naive... (3, Insightful)

mcgrew (92797) | more than 4 years ago | (#29203001)

It's odd that even though I'm 57 years old, I have a far higher opinion of youth than you seem to have. Also odd that you think Doom or Quake would turn teens into killers; what turns teens into killers is mental illness, bad upbringing, or high school bullies. And most of the teens who have these unfortunate circumstances kill themselves, not others.

Most kids I've known from the time I was a teen to now were good kids. Some teenagers I've known were more responsible than a lot of adults I've known. Some were even more responsible than their own parents.

Re:Call me naive... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29203599)

of course irresponsibly feeding your children a steady diet of violent entertainment might just qualify as a symptom of "bad upbringing". Results vary.

Re:Call me naive... (3, Insightful)

hitnrunrambler (1401521) | more than 4 years ago | (#29203531)

You're looking at if from a perspective that can be generalized "security through obscurity"; at it's core is a hope that limiting the general knowledge of a subject will prevent "bad people" from interfering. Again generalizing the motto could be "The less people know the more everyone is safe."

      The weakness of this in practical terms is that people discover things and motivated people can be very creative. If one person or team can accomplish something there is no reason to assume that they are the only ones who possibly could.

      Let's think of it in physical terms: To modify your analogy, this is like assuming "I haven't given {violence-prone-teen} a gun; therefore he can't possibly have a gun."

      Proper disclosure (which on the surface this seems to be) raises awareness of vulnerabilities and helps motivate those who work towards combating such vulnerabilities. It also means that if those responsible are unwilling/unable to fix the problem that the general public is now aware of a problem and may be able to modify their own vulnerability to it. (With these 2 goals in mind some people follow a firm 2 step process of disclosure; informing "the authorities" first to give them a headstart, then informing the general public.)

      Proper disclosure of where a violent teen "might" get a gun disperses the illusion that "I didn't give him a gun so he must be unarmed".

      The dilemma does exist that if a vulnerability is not secured after being disclosed then, yes you have essentially given junior directions to a Glock. But as another responder pointed out... this is hardly the only source for potentially malevolent software/code. If junior is determined to kill he will find a way.

      Where does your ethical duty fall when you have such knowledge?
That's for you to carefully consider and decide (which is the entire concept behind ethics anyway). But many people would advocate for knowledge, aware that knowledge does not automatically make us safe, but secure in their belief that ignorance never makes us safe... it just makes us feel safe.

Bundestrojaner = Federal Trojan (1, Informative)

Anonymous Coward | more than 4 years ago | (#29202463)

In case anyone was curious, "Bundestrojaner" means "Federal Trojan" (if I'm remembering right from my highschool German classes).

Re:Bundestrojaner = Federal Trojan (0)

Anonymous Coward | more than 4 years ago | (#29202863)

You remember correctly. It's a term that most likely originated in Germany where the federal police wants to/already does use trojans to remotely access computers.

Unfortunately it was done the easy way (1)

mrjb (547783) | more than 4 years ago | (#29203131)

Even though the source of the trojan is made GPL, we won't see Skype support in Pidgin anytime soon; rather than decoding the audio stream, the code intercepts the already-decoded audio. That is, the trojan author did not reverse- engineer any parts of the Skype protocol. Too bad- unfortunately this means I'll still need to be running multiple messenging clients. Fortunately my Skype contact list is rather short.

Why the heck (3, Interesting)

JustNiz (692889) | more than 4 years ago | (#29203453)

Why haven't the police already busted down the door of ERA IT Solutions and taken all their servers away? Why aren't there tons of class action lawsuits against ERA IT from people that got infected and spied on?

Re:Why the heck (1)

witherstaff (713820) | more than 4 years ago | (#29204273)

It could be that like the ACLU warantless wiretapping [slashdot.org]case that was thrown out by the supreme court, it would require people that could prove they were actually spied upon. Of course just knowing you were spied upon would be a state secret so it's a chicken/egg sort of thing. Not sure if the Swiss have such a screwy legal system as the US but it wouldn't surprise me if it's a government covering its own ass.

Let me provide some insight... (1)

denzacar (181829) | more than 4 years ago | (#29206365)

Why haven't the police already busted down the door of Heckler & Koch and taken all their machines away? Why aren't there tons of class action lawsuits against Heckler & Koch from people that got shot and killed?

Oh riiiight... They don't kill people. Their customers to kill people. Their major customers being governments.
They are just a private company, providing a service for a friendly foreign government.

Oh and...
http://en.wikipedia.org/wiki/Class_action_lawsuit#Switzerland [wikipedia.org]

Switzerland

Swiss law does not allow for any form of class action. When the government proposed a new federal code of civil procedure in 2006, replacing the cantonal codes of civil procedure, it rejected the introduction of class actions, arguing that:

        [It] is alien to European legal thought to allow somebody to exercise rights on the behalf of a large number of people if these do not participate as parties in the action. ... Moreover, the class action is controversial even in its country of origin, the U.S., because it can result in significant procedural problems. ... Finally, the class action can be openly or discretely abused. The sums sued for are usually enormous, so that the respondent can be forced to concede, if they do not want to face sudden huge indebtness and insolvency (so-called legal blackmail).

Re:Why the heck (0)

Anonymous Coward | more than 4 years ago | (#29207637)

Switzerland. No Class Action Law Suit...

Doesn't (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29203601)

Vista support DRM on the hardware level?? Could this not be used to encrypt any communications to and from your machine? Isn't it illegal in the US to try to decrypt such messages under the DCMA?

Re:Doesn't (2, Informative)

Stupendoussteve (891822) | more than 4 years ago | (#29204881)

Last I checked Switzerland was a nation independent of the United States and thus not subject to the DMCA and other such nonsense.

fuck 4 fagorz (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#29203937)

OR A PUBLIC CLUB,

WINDOWS ONLY? (1)

webweave (94683) | more than 4 years ago | (#29204995)

YES, Looks like it only works on windows, I wish these articles would start by listing what is vulnerable. Of course anyone who knows anything about security knows windows is totally broken as far a security goes and it is way too big of a target for future malware writers so best to just avoid it if you are building systems where privacy in important. I'd tell you what I do but I'm sworn to secrecy.

"Bundestrojaner" == german, not swiss (1)

kju (327) | more than 4 years ago | (#29205583)

"Bundestrojaner" is the nickname in germany for the trojan intended to do a "online (house) search" under german law. The article also mentions that. Quote: "You say that while you worked for ERA IT Solutions under consignment of the German Federal Police (Bundeskriminalamt/BKA) you were entrusted with the development of a trojan". Please note that the guy in question does not admit that he worked on the "Bundestrojaner", but mentions that the BKA employed own people to do that. The article reports that he programed a trojan for skype calls for the swiss government, but that one is not what is usually understood to be/should be the "Bundestrojaner".

Re:"Bundestrojaner" == german, not swiss (1)

Chrigi (1581379) | more than 4 years ago | (#29208919)

Exactly what I wanted to post just now. The Bundestrojaner has nothing to do with Switzerland! But still I'm a bit confused... I live in Switzerland and read the Newspapers and normally watch the News but that a Company developed a "Skype Trojan" for the government completely slipped through my fingers apparently O.o That sucks pretty hard! Not only do we have a stupid DNS Block for CP sites (at least Germany had a chance to fight against it -.-) but now this? In Soviet Switzerland...

Yes! 74 (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29205633)

PeoPle already; I'm TO THIS. FOR found out about the purposes *BSD is sling, return It to to get involved in this mistake or
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...