×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

German Government's Malware Analyzed

timothy posted more than 2 years ago | from the unter-dem-mikroskop dept.

Government 162

First time accepted submitter lennier1 writes "The German hacker group CCC (Chaos Computer Club) has analyzed a piece of malware the German government uses in criminal investigations to spy on a suspect's computer. I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

162 comments

Frosty Piss (-1)

ae1294 (1547521) | more than 2 years ago | (#37649974)

"I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

No not really...

Re:Frosty Piss (0)

Anonymous Coward | more than 2 years ago | (#37650064)

Sweet, thanks for clearing that up.

Re:Frosty Piss (1)

ae1294 (1547521) | more than 2 years ago | (#37650084)

Sweet, thanks for clearing that up.

Slashdot asked me "personally" for my opinion... Gezz, don't mod me bro...

Re:Frosty Piss (1)

ScrewMaster (602015) | more than 2 years ago | (#37650314)

"I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

No not really...

Really, if the government (any government) is going to get into the malware game, they should hire people to create it for them who are at least as competent as the guys on the other side of the fence.

Re:Frosty Piss (5, Interesting)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37650446)

The piece of incompetence that I find really striking is not so much the general shoddiness; but the fact that the malware is using a proxy setup in the US to avoid having its traffic traced back to the German police entity using it. Even if they know nothing about the tech side of things, surely exporting the evidence outside of the state, country, and EU, to some random datacenter in the US, would mean a hairy pile of privacy and chain-of-custody problems for the chaps in legal?

Re:Frosty Piss (1)

Anonymous Coward | more than 2 years ago | (#37651138)

nope, as german law doesnt exclude illegaly obtained evidence from use in court.

ive read enough dystopiae to see where this is goin...

Re:Frosty Piss (5, Interesting)

IWannaBeAnAC (653701) | more than 2 years ago | (#37651680)

nope, as german law doesnt exclude illegaly obtained evidence from use in court.

Right, but that is appropriate. The USA is the only country I know of that does exclude evidence like that. In most jurisdictions, the aim (idealized, not always realized) of a court case is to uncover the truth of what happened. If the law was broken in the process of obtaining evidence, by all means prosecute the people who broke the law, but to exclude that evidence is a weird thing to do. At least, 90% of the planet thinks so...

The situation in the US is based on a rather bizarre interpretation of the constitution set by the supreme court, actually not so long ago, starting from around 1920. The Fourth Amendment of the constitution is the one about "no unreasonable searches and seizures", and requiring "probable cause". But it doesn't specify what the penalty should be if those rights are violated. In much of the rest of the world, the equivalent violation (eg, of police or some other person obtaining evidence illegally) opens the offender for prosecution but whatever evidence is obtained can still be used. That was the case in the USA before the early 20th century. But several court cases in the 20's and 30's established the "fruit of the poisonous tree" doctrine, in which evidence which was obtained illegally is not admissible in court. This has resulted in many farcical court cases where the facts of the case are well established, but can't be presented in court because the evidence was obtained illegally (in some cases, due to some technical omission). It also results in lots of arguments where opposing lawyers have a big bun fight, and make lots of money, arguing at length over whether a particular fact is allowed to be presented to the court or not.

It has also resulted in the attitude that cops who break the law are already "punished" by being unable to present the evidence in court (and often therefore unable to convict a criminal), and that this is sufficient punishment for the cop. Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves, in the US they typically don't. This is an encouragement towards corrupt behavior.

Re:Frosty Piss (2)

Kjella (173770) | more than 2 years ago | (#37651980)

The USA is the only country I know of that does exclude evidence like that.

Norway would be the second country then. In fact, it's probably stronger than the US protection because an employer that made illegal recordings [privacynetwork.info] of his employers had the evidence rejected after filing charges for embezzlement. That one went to the supreme court, I couldn't find a similar case where the police used illegal methods because once that is known the charges would be dropped. Honestly I would be surprised if a modern rule of law didn't include something like that, otherwise there's a million loophole where the police can protect each other or hired thugs to provide evidence without any clear trail.

Re:Frosty Piss (1)

ozmanjusri (601766) | more than 2 years ago | (#37651652)

at least as competent as the guys on the other side of the fence.

The general public is not known for their competence in computer software development. The government would be better off employing criminal hackers.

Re:Frosty Piss (1)

maxwell demon (590494) | more than 2 years ago | (#37652462)

"I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

No not really...

I'm sure everyone here is familiar with the concept of sarcasm.

Well (0)

esocid (946821) | more than 2 years ago | (#37649998)

You want competant surveillance too? Sheesh, so demanding.
I'll go ahead and throw out the "if you've got nothing to hide" out there too, and see how this gets modded.

Re:Well (0)

Anonymous Coward | more than 2 years ago | (#37651528)

I'd settle for competent spelling. /grandmanotsee

Surprise, surprise, surprise (1)

AliasMarlowe (1042386) | more than 2 years ago | (#37650022)

I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict

This must be some new meaning for the word "all" that I have not come across before. Because it implies that "all" means a vanishingly small fraction of the population.

Re:Surprise, surprise, surprise (4, Funny)

Shoe Puppet (1557239) | more than 2 years ago | (#37650038)

/etc/init.d/sarcasm start

Re:Surprise, surprise, surprise (0)

ae1294 (1547521) | more than 2 years ago | (#37650066)

sudo /etc/init.d/sarcasm start

Re:Surprise, surprise, surprise (1)

cynyr (703126) | more than 2 years ago | (#37650454)

lol, i love the ubuntu people, that don't know they can just log in as root to do a bunch of things and then log out...

sudo foo
sudo bar
sudo start foo
sudo start bar

su -
foo
bar
start foo
start bar
exit

Re:Surprise, surprise, surprise (1)

AliasMarlowe (1042386) | more than 2 years ago | (#37650504)

Actually, in Ubuntu that should be "sudo su" as the first command...

Re:Surprise, surprise, surprise (1)

allo (1728082) | more than 2 years ago | (#37650606)

no. its just "sudo -s". "sudo su" is for people who cannot read manpages.

Re:Surprise, surprise, surprise (1)

pizzap (1253052) | more than 2 years ago | (#37650702)

you may use sudo -i as well.

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650830)

You would be better with not allowing sudo su, sudo -s an sudo -i at all. Compromising your user password compromises the root account too.

Just memorize two passwords instead of one (user and root), it's safer. And use su when you really need root.

Re:Surprise, surprise, surprise (1)

broken_chaos (1188549) | more than 2 years ago | (#37651024)

You have to disallow sudo entirely (or to a carefully-patrolled whitelist of commands), not just "sudo su", "sudo -s" and "sudo -i". Otherwise you can do "sudo bash", "sudo busybox ash", "sudo passwd", "sudo writable-script.sh", "cd bash; ./configure; make; sudo ./bash", and all sorts of other little workarounds.

As far as security goes... I'd give this a shrug at best. At worst, you're in a situation where many people now need the actual root password and that makes logging and monitoring access a lot harder.

Re:Surprise, surprise, surprise (1)

agw (6387) | more than 2 years ago | (#37651080)

You're right.

You would not be able to whitelist any command that may execute a third command, change file bits, change (i.e. specify output files) any script or command that IS in the whitelist, etc.

It's only really useful if you attach a company policy to it saying "we use this to log the commands you run, if you misuse it, you're a bad boy and will be reported".

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650720)

Yet it takes just as many keystrokes.

Re:Surprise, surprise, surprise (1)

LordLimecat (1103839) | more than 2 years ago | (#37651904)

No, sudo su is for people who have a random or unknown root password, but have full sudo capabilities.

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650752)

"sudo -i" works just fine in ubuntu too.

Re:Surprise, surprise, surprise (1)

hb79 (917595) | more than 2 years ago | (#37651014)

> lol, i love the ubuntu people, that don't know they can just log in as root to do a bunch of things and then log out...

Well, it wasn't that many months ago we had a discussion here, where people were peeing all over the "old Unix beards" who would switch to root to get stuff done. If your wrong intention, distraction, or other mistake will lead you to fuck up, some "are you sure - type your password" message isn't going to make you think twice.

Re:Surprise, surprise, surprise (2)

Smallpond (221300) | more than 2 years ago | (#37650074)

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

Re:Surprise, surprise, surprise (2)

ScrewMaster (602015) | more than 2 years ago | (#37650262)

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

I use Windows. I don't know how to be sarcastic.

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650302)

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

I use Windows. I don't know.

FTFY

Re:Surprise, surprise, surprise (1)

ScrewMaster (602015) | more than 2 years ago | (#37651238)

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

I use Windows. I don't know.

FTFY

{sigh} the Slashdot hive-mind can be so literal sometimes.

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650410)

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

I use Windows. I don't know how to be sarcastic.

/etc/init.d/ignorance start

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650730)

Oh - so sorry..
Start>Run
net start sarcasm

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650978)

/etc/rc.d/sarcasm start

Re:Surprise, surprise, surprise (1)

awehttam (779031) | more than 2 years ago | (#37651728)

net start sarcasm

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37652104)

...then an upgrade to IE plus a reboot. followed by 42 system updates and then another reboot.

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37650286)

/etc/init.d/sarcasm start 2&1 | /dev/null

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37652718)

/etc/init.d/sarcasm start 2&1 | /dev/null

Is /dev/null a command on your system?

You mean "/etc/init.d/sarcasm start 2>&1 >/dev/null"

Or just "/etc/init.d/sarcasm start &>/dev/null"

Re:Surprise, surprise, surprise (0)

Anonymous Coward | more than 2 years ago | (#37652400)

launchctl start org.slashdot.sarcasm

Re:Surprise, surprise, surprise (1)

Wintervenom (1468867) | more than 2 years ago | (#37651232)

#!/bin/bash
if [[ -z $1 ]]; then
    echo "Usage:  ${0##*/} (stop|start|restart) [daemon]"
    exit 1
fi
if [[ -z $2 ]]; then
    d=sarcasm
else
    d=$2
fi
case $(</proc/1/comm) in
    systemd)
        systemctl $1 $d.service
        ;;
    upstart)
        service $d $1
        ;;
    rinit)
        sv $1 $d
        ;;
    init)
        for s in {rc,init}{.d,}; do
            [[ -f /etc/$s/$d ]] && /etc/$s/$d $1
        done
        ;;
    *)

        if [[ $1 == @(stop|restart) ]]; then
            killall $d
            for i in {0..5}; do
                pidof $d &>/dev/null || break
            done
            [[ $? -eq 0 ]] && killall -9 $d
        fi
        if [[ $1 == @(start|restart) ]]; then
            pidof $d &>/dev/null || $d -D
        fi
        ;;
esac
if [[ $? -ne 0 ]]; then
    echo "FATAL:  Could not $1 $d service."
    exit 1
fi

I think there is something... (1)

Dark Lord of Ohio (2459854) | more than 2 years ago | (#37650024)

I think there is something we don't know about. If they really got "official" version, then I am expecting that many heads in German federal government will fall.

Re:I think there is something... (2)

plover (150551) | more than 2 years ago | (#37650068)

I think you are overly optimistic about the ability of most governments to correct their own abuses of power. I doubt they'll fire anyone or even stop using the Trojan, they'll just have someone correct some of the deficiencies the CCC found.

At the most, they may take the Undersecretary for Purposes of Scapegoating out and publicly fire him. They might terminate the contract with the software company who developed it. But don't expect "many heads" to roll.

Re:I think there is something... (1)

Anonymous Coward | more than 2 years ago | (#37650080)

Unfortunately crass incompetence and general disregard for laws only means the persons responsible will fall UP the promotion ladder. The more you fuck up, the higher you get. The ruling class cannot do wrong. "Du bist Deutschland!"

Re:I think there is something... (1)

Issarlk (1429361) | more than 2 years ago | (#37650246)

We are talking about beeping computer with blinking lights in front of strange guys with big glasses typing on keyboard as big 3D skulls rotate over a password form... in the imagination of anyone high enough to fire them. They'll probably shrug and just ask them to hire a goth girl to enhance the security of the encryption channel so that they don't get their computers fried in a deluge of sparks if the bad guys squeeze through the security holes".

Re:I think there is something... (1)

barv (1382797) | more than 2 years ago | (#37650354)

More likely than federal public servants being sacked for wrongdoing is a witch hunt to find out who leaked the binary. Oh and also an attempt will be made to hire a proper programmer in place of their script kiddy.

Re:I think there is something... (0)

Anonymous Coward | more than 2 years ago | (#37652382)

to find out who leaked the binary

I hope you understand that in order for it to DO anything, you kind of have to... put it on people's computers.

Re:I think there is something... (0)

Anonymous Coward | more than 2 years ago | (#37650430)

Heads in the German government rarely fall over wrongdoing. Usually, people just shift blame and weasel out of it.

"At least it's not as bad as in America" is a common political excuse, and it is all done for the purpose of protecting German democracy.

Re:I think there is something... (0)

Anonymous Coward | more than 2 years ago | (#37650790)

No they won't. Only a few nerds will understand what the CCC is talking about. These people are so glaring whitehat that they run to the media before even demonstrating that an exploit is possible. They would have had the chance to spoof the trojan and thus make all evidence the trojan has already collected invalid in court. Instead they chose premature publicity, which will have exactly zero consequences, except that now they have alerted the other side, given them precious advice for free, and destroyed their own chance at proving that what they analyzed is indeed a government-issued trojan.

Re:I think there is something... (0)

ultranova (717540) | more than 2 years ago | (#37651776)

I think there is something we don't know about. If they really got "official" version, then I am expecting that many heads in German federal government will fall.

Yeah. A country that was mentored by both Hitler and Stalin really has no excuse for incompetence in this area.

extracted binaries (0)

Anonymous Coward | more than 2 years ago | (#37650052)

I was going to scan the binaries with some anti-virus programs to see if their signatures were detected, but the downloaded tgz file comes up with errors when attempting to extract. Anyone else running into that problem?

Re:extracted binaries (0)

Anonymous Coward | more than 2 years ago | (#37650124)

works perfectly fine for me

But most importantly (4, Insightful)

Dunbal (464142) | more than 2 years ago | (#37650076)

Can this trojan upload child pornography (or any other incriminating files/images) to the suspects computer, to be collected as "evidence" at a later date? I suspect it can. And if this program can uninstall itself at a later date, then this is a perfect tool for "bring him in, boys". Oh George Orwell, how foresighted you were.

Re:But most importantly (0)

Anonymous Coward | more than 2 years ago | (#37650104)

If an authority's intention is to falsely convict someone by planting material on a piece of equipment that they will seize, disassemble and connect to their own equipment during the course of that conviction, why on earth bother planting it remotely?

Re:But most importantly (5, Insightful)

Dunbal (464142) | more than 2 years ago | (#37650200)

You really don't understand how corruption works, do you? It would not be a false conviction at all. It would be a very real conviction, documented, with a valid chain of evidence and everything. The reasons can be many - from the "guy they think is the criminal but can't actually arrest him for anything because he hasn't done anything they can prove" situation - like Al Capone; to the "rival gang member needs to be taken out quickly because gang A just paid me $100k to lock up the leader of gang B so I will just upload this stuff onto his computer and call in an "anonymous tip"" situation. It even includes the "pay me $100k or you get thrown in jail" situation where the corrupt law enforcement/government agent decides to put the squeeze on someone.

Maybe it's because I live in the third world and am used to dealing with corruption like this almost on a daily basis that I am so cynical. However if anyone (police or otherwise) can clandestinely install a program on your machine/cell phone/whatever and have it upload/execute programs, then all machines/cell phones/whatever can be compromised and such "evidence" shouldn't be admissible in court anymore.

Re:But most importantly (5, Insightful)

AliasMarlowe (1042386) | more than 2 years ago | (#37650268)

If an authority's intention is to falsely convict someone by planting material on a piece of equipment that they will seize, disassemble and connect to their own equipment during the course of that conviction, why on earth bother planting it remotely?

Because the raid, seizure, arrest, and indictment will be made by a completely different organization - the regular local police and local public prosecutor.

For the police and prosecutor to do their job effectively, they must fully believe in the validity of the evidence they have seized and the chain of custody of that evidence must be impeccable. They will emphatically believe in the culpability of the arrested criminal (sorry, "alleged" criminal until the court inevitably pronounces its verdict of guilt) on the basis of this incontestable evidence. They will be utterly in the dark about any surveillance/incrimination operation, and will vilify the accused with confidence, proud to be protecting their community from such evil malefactors.

Re:But most importantly (1)

Issarlk (1429361) | more than 2 years ago | (#37650282)

I think in the USA they use special piece of hardware that gives read only access to HDs just to avoid being accused of planting evidence. Maybe it's the same in Germany, in which case planting remotelly is a cool feature.

Re:But most importantly (1)

MichaelSmith (789609) | more than 2 years ago | (#37650382)

There may be a difference between a tool which collects evidence for a trial and a tool which collects information for investigators. The latter tool could plant information to help drive an investigation by (say) falsifying communication between conspirators.

Re:But most importantly (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37650530)

Hardware write-blockers are pretty much standard for any hands-on forensics not conducted by utter amateurs. The trouble is, of course, that you can only use those after you seize the hardware, and the feds want something they can use before they seize the hardware.

I don't know if analogous US malware tools(Magic Lantern, CIPAV, possibly others) have been studied in as much detail; and they may or may not be of higher quality; but anything that has to run on the live host system isn't going to be fundamentally less capable of modifying that system.

The problem is that, once you've had malware on the system, all the write-blocker can do is assure you that nothing was tampered with during the forensic investigation, which provides no protection against tampering by the malware, and likely makes anything planted by it appear to be much higher quality evidence...

Re:But most importantly (0)

Anonymous Coward | more than 2 years ago | (#37650292)

the procedures at the data collection are tight (using a harware device locker, then using disk-images)
putting the file in a running enviroment is easyer and makes more cence(to make it look like the vikem put them there)
alos the defence could ask for a re-invesigation of the "evedence"
 
b.t.w. yes it can upload files where the german law forbids this

Re:But most importantly (4, Informative)

jeti (105266) | more than 2 years ago | (#37650362)

Yes. It contains filedropper functionality. Like most malware, it can download and execute additional applications thereby extending its functionality and it can place documents on the infected PC.

Re:But most importantly (0)

Anonymous Coward | more than 2 years ago | (#37651032)

Then it should not be able to be used in any court of law anywhere in the entire world as chain of custody is completly out the window.

Re:But most importantly (0)

Anonymous Coward | more than 2 years ago | (#37650506)

I love how 1984 is the only book about a dystopian future.

Re:But most importantly (2)

izomiac (815208) | more than 2 years ago | (#37650996)

Orwell was primarily an essayist, and virtually all of his works take a stance against totalitarianism. People aren't just talking about a single book, they're talking about the life's work of a well known author.

Re:But most importantly (0)

Anonymous Coward | more than 2 years ago | (#37651042)

That's because most Slashdoters think A Brave New World is a great plan for the future, or that Atlas Shrugged is a handbook on how to run the world.

Re:But most importantly (0)

Anonymous Coward | more than 2 years ago | (#37652486)

Your tax Marks at work... Achtung! The existence of such malware just nullified the sentences of all people in German prisons in there for the possession of kiddie porn. And generally anybody convicted of having something on their computer they shouldn't have. They are now all free men since the government obviously planted the evidence. Nice going meine Herren!

Hi (-1)

Anonymous Coward | more than 2 years ago | (#37650178)

Want to play free poker? Login to
http://poker-gratuito.blogspot.com/ and find out how to do
free!

C3PO-r2d2-POE (1)

Anonymous Coward | more than 2 years ago | (#37650214)

Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake.
So, this could be the trojan we're looking for.

Also, the code contains a function called "_0zapftis_le_execute()".
"O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.

Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf

Re:C3PO-r2d2-POE (1)

ScrewMaster (602015) | more than 2 years ago | (#37650320)

Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake. So, this could be the trojan we're looking for.

Also, the code contains a function called "_0zapftis_le_execute()". "O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.

Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf [www.ccc.de]

What does the "POE" mean? Porn Over Ethernet?

Re:C3PO-r2d2-POE (1)

Anonymous Coward | more than 2 years ago | (#37650360)

Correct. "O'zapft is" is Bavarian for "it's tapped".

Re:C3PO-r2d2-POE (1)

Anonymous Coward | more than 2 years ago | (#37650988)

The *disassembly* produced by CCC contains those function names. The report mentions near the beginning that all the code is in a DLL without any exported symbols, so that name was picked by the people doing the disassembling; it's not from the original code.

I'm outraged! (1)

Anonymous Coward | more than 2 years ago | (#37650216)

How can the US government keep doing stuff like ... what, it isn't the US government? Then it must be for the good of the country since only the US does stuff like this with anything other than good intentions, carry on.

Re:I'm outraged! (1)

ScrewMaster (602015) | more than 2 years ago | (#37650322)

How can the US government keep doing stuff like ... what, it isn't the US government? Then it must be for the good of the country since only the US does stuff like this with anything other than good intentions, carry on.

No, we're just the only ones that every one likes to complain about, or maybe we just get caught more often. I don't know, but it's not like every government on Earth doesn't do things like this, to one degree or another.

Re:I'm outraged! (1)

chrb (1083577) | more than 2 years ago | (#37650640)

Of course they do, and it has a name: Lawful interception. [wikipedia.org] Support for lawful interception is built in to telephone exchanges, network switches etc. When it's used to eavesdrop on terrorists and drug dealers, then people like it. When it's used to eavesdrop on everyone, then people dislike it. Somewhere inbetween there is a vast land where some approve, some disapprove, and many don't care.

[NB: The German constitutional court ruled that there is a sphere of privacy that is afforded total protection and can never be breached, no matter for what reason, for example keeping a diary or husband and wife talking in the bedroom.

That is very interesting: even during a criminal terrorism investigation, a suspect's personal notes and diary are legally protected. I doubt very many other nations have such strong privacy laws. CCC is arguing that because these notes are often held on a personal computer, then the personal computer comes within the "sphere of privacy". Obviously you can see why the police would disagree, as this would outlaw the monitoring of personal PCs for evidence.

Re:I'm outraged! (0)

Anonymous Coward | more than 2 years ago | (#37652744)

If the privacy protection makes you think "what a great country", you should note that Germany does not subscribe to the "fruit from a forbidden tree" concept, so even though intercepting truly private information is illegal, illegally obtained information can and will be used in court, if it helps the prosecution's case. The officers who broke the law to get the information usually receive a slap on the wrist, if anything at all.

Strange (1)

Anonymous Coward | more than 2 years ago | (#37650258)

i have read the report linked to in the article. This report is written in german. Nothing hints in the binary itself that this is the "real thing". The analyzed binary is a windows-DLL with out exported functions. The C&C server the trojan is 207.158.22.134, which is allocated to Web Intellects in Columbus, Ohio, USA. The connection to the german government is only hearsay for now, we have to believe in it.

Re:Strange (1)

agw (6387) | more than 2 years ago | (#37650956)

Looks like they got it from people who got their computers back after they were busted?

Forget Mafia Wars--play German Gov't Domination! (1)

Commontwist (2452418) | more than 2 years ago | (#37650288)

Yes, you too can foster Total Political Disintegration (Normal Mode), Totalitarian Rule (Easy Mode), New Nazi Order (Hard Mode), or Common Sense Government (Insane Mode) by pitting the various German political factions against one another via clever remote control of their computers at home and in the office!

Game Play includes: That's Not My Porn and Child Porn Prisoner internet insertion features, send copies of incriminating e-mails to political rivals and international newspapers, bonus mod features to hack China for bonus points or massive DOS attacks on known enemies of Anonymous (pick a target, any target), and many, many other features that have to be seen to believe. (Especially when taking remote control of laptop cameras to take pictures of Government at home and posting the more interesting captions all over the Internet.)

The German Government, working to make life more difficult for citizens and officials alike. You flew it, you blew it, you rue it. (This software law, that is.)

I am German... and... (1)

Tanuki64 (989726) | more than 2 years ago | (#37650584)

I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

... nope, not at all surprised.

CCC's public role in Germany (5, Informative)

BitterKraut (820348) | more than 2 years ago | (#37650592)

The Chaos Computer Club is probably not adequately characterized as a 'hacker group'. It was founded in 1981 as a computer club and, while hacking has always been their most prominent activity, they have grown not only into a nation-wide association of about 3000 members, but into an influential civil rights organization as well. Their expertise in matters of IT security is frequently called upon by public media in Germany. The CCC is well respected even by many politicians and their expertise was cited more than once by former Ferderal Minister of the Interior Gerhart Baum during the trial that ended last year with the Verfassungsgericht (federal constitutional court)'s finding that the federal anti-terror law that obliged providers to retain all telecommunications data for six months was unconstitutional. The CCC organizes the annual Chaos Communication Congress that Slashdot readers might remember as being the event where some major hacks were presented to the public: http://it.slashdot.org/story/11/01/02/0231242/detailing-the-security-risks-in-pdf-standard [slashdot.org] http://games.slashdot.org/story/10/12/29/204253/Playstation-3-Code-Signing-Cracked-For-Good [slashdot.org] http://it.slashdot.org/story/09/12/28/1931256/gsm-decryption-published [slashdot.org] http://games.slashdot.org/story/05/12/16/2157217/hacking-the-xbox [slashdot.org] The CCC is also well know for Project Blinkenlights, which grew out of the CCC but is now an independent project.

So will AntiVirus software find it? (1)

PolygamousRanchKid (1290638) | more than 2 years ago | (#37650610)

Or is it illegal for an app to find viruses that are questionably legal because he government spreads them?

Re:So will AntiVirus software find it? (1)

allo (1728082) | more than 2 years ago | (#37650618)

f-secure at least will.

Re:So will AntiVirus software find it? (1)

Anonymous Coward | more than 2 years ago | (#37650710)

f-secure at least will.

You're probably referring to their stated policy [f-secure.com]. However, according to CCC

All examined variants of the trojan were not recognized by any antivirus program at the time of creation of this report. ("Alle untersuchten Varianten des Trojaners wurden zum Zeitpunkt der Berichterstellung von keinem Antivirus-Programm als Schadsoftware erkannt.") -- report page 3 [www.ccc.de]

Also, f-secure have not promised to detect all government malware they are aware of:

We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.

So if there is an EU law or regulation (such as an international treaty) that forbids interfering with an EU government's attempt at spying on their citizens, they will honor it. Not all regulations are public, so there is no way to tell if there is such a regulation or not.

Re:So will AntiVirus software find it? (0)

Anonymous Coward | more than 2 years ago | (#37650888)

Which means that the phrase "This decision-making is influenced only by technical factors, and nothing else" is a lie, so why say it in the first place?

Not to mention that with the whole phrase, f-secure basically says, "We side with malware authors when we see fit to do so." Hooray for trustworthy AntiVirus software!

Re:So will AntiVirus software find it? (1)

Goaway (82658) | more than 2 years ago | (#37651634)

Which means that the phrase "This decision-making is influenced only by technical factors, and nothing else" is a lie, so why say it in the first place?

No, it means they hadn't seen this trojan before now, genius. Nobody but the creators and the CCC had, before today.

Re:So will AntiVirus software find it? (0)

Anonymous Coward | more than 2 years ago | (#37651820)

They will block this one.
http://www.f-secure.com/weblog/archives/00002249.html

WebIntellects (0)

Anonymous Coward | more than 2 years ago | (#37650894)

The Command and Control Server (C+C server) hardcoded into the present trojans is on IP 207.158.22.134. This IP is assigned to commercial webhost Web Intellects in Columbus, Ohio, USA. (translated from CCC report [www.ccc.de] p. 4)

Why don't we all ask WebIntellects [webintellects.com] what they're doing there?

No Supprise Here ... Move Along (0)

Anonymous Coward | more than 2 years ago | (#37651514)

That the Nazi Government of Fuehrer Angela Merkel is caught engaging in such Federal buffoonery is of no supprise.

The best thing to happen to the peoples of Deutshland is the nuclear bombing of the Chancellory by US Commander Jack Ripper.

Vell ... meet again ... Don't know vere ... Don't know ven. But I know ... zat ve vill meet again ... zome zunney day ....

++

But... (2)

rrohbeck (944847) | more than 2 years ago | (#37651540)

does it run on Linux?

Re:But... (0)

Anonymous Coward | more than 2 years ago | (#37652340)

Nope. It's Linux support is severely lacking. The CCC should ask the STASI to license it under the GPL.

Re:But... (0)

Anonymous Coward | more than 2 years ago | (#37652596)

"Nope. It's Linux support is severely lacking. "

It mimics your grammar skills.

Pirate Party (2)

Vlad_the_Inhaler (32958) | more than 2 years ago | (#37652516)

In other news, the Piratenpartei recently made it to the Berlin City legistature with 8% of the vote and and are currently running nationally with that level of support. If they maintain this, they will be the 4th-5th largest party in Germany.

FAIL (1)

anne on E. mouse cow (867445) | more than 2 years ago | (#37652752)

So, if you're a criminal in Germany, all you have to do is install this software on your computer and then you have plausible deniability because anybody could have uploaded anything to your PC. Your PC could no longer be used as evidence.

Fucked that one up didn't you Germany!!!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...