“We got our hands on it and found it is doing much more than it is legally allowed to do.”– Frank Rieger, Chaos Computer Club
The German government allows cell phone conversations to be spied on, but hackers discovered that the software used actually violates the government’s own legal limits.
It’s called Bundestrojan. Germany’s Federal Constitutional Court said it was legal as long as it screened only internet telephone calls. But, Bavarian police, and several other German states, are logging keystrokes, activating cameras, monitoring internet users’ activities and sending data to government officials. All illegal.
Hackers also found out the United States is involved: “To avoid revealing the location of the command and control server, all data are redirected through a rented dedicated server in a data center in the U.S.”–Chaos Computer Club
A Finnish tech company, in Helsinki, also found that the Bundestrojan is intercepting data entered into web browser Firefox, as well as the instant messaging programs MSN and ICQ.
Antivirus vendor, Kaspersky Lab in Germany, investigated Bundestrojan’s capabilities: “Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows. Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.”– Tillmann Werner, Kaspersky Lab
Targeted applications includes Internet Explorer, Firefox and Opera, programs with VoIP and data encryption functionality, including ICQ, MSN Messenger, Yahoo Messenger, Skype, Low-Rate VoIP, CounterPath X-Lite and Paltalk.
German officials are calling for an investigation. Hackers say this is a result of society putting security ahead of freedom: “Unfortunately, for too long the (government) has been guided by demands for technical surveillance, not by values like freedom or the question of how to protect our values in a digital world.”–Chaos Computer Club