A backdoor Trojan that is capable of monitoring online activity and recording Skype calls has been detected – and is allegedly being used by the German police force.
The courts in Germany have permitted the use of Bundestrojaner to record Skype calls if the police have the legal permission for wiretap.
The Chaos Computer Club (CCC) have been researching this and have stated that, “The malware can not only siphon away intimate data, but also offers a remote control or backdoor functionality for uploading and executing arbitrary programs.”
CCC also stated in their research, “The Trojan can, for example, receive uploads of arbitrary programs from the internet and execute them remotely. This means an upgrade path from Quellen-TKÜ to the full Bundestrojaner’s functionality is built in right from the start.”
CCC finished by saying that control of the PC is not only open to the agency or police force who put the trojan there, but due to poor design may allow others to take control of the machine too.
A spokesperson from CCC said, “We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities. The security level this Trojan leaves the infected systems in is comparable with it setting all passwords to ‘1234’.”
CCC said, “The clandestine infiltration of IT systems by government agencies must stop. At the same time we would like to call on all hackers and people interested in technology to further analyse the malware, so that at least some benefit can be reaped from this embarrassing eavesdropping attempt.
“Also, we will gladly continue to receive copies of other versions of government malware off your hands.”
Chief research officer at F-Secure, said: “We do not know who created this backdoor and what it was used for. We have no reason to suspect CCC’s findings, but we can’t confirm that this Trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.
Security company Sophos have also stated that their research shows the trojan can be used to eavesdrop on a number of common applications like Skype, Yahoo Messenger and MSN Messenger. It can also keylog from a number of common browsers such as IE and Firefox and can also take screenshots of the users’ screen.
F-Secure are detecting this backdoor as Backdoor:W32/R2D2.A. The name R2D2 comes from a string inside the Trojan ‘C3PO-r2d2-POE’
German officials have now admitted to using the the above mentioned Trojan to spy on citizens. Officials from Bavaria and other states have admitted to using the trojan, which may be in breach of German wiretapping law.
Bavarian Interior Minister Joachim Herrmann believed the police acted within the laws parameters but will investigate the matter of R2D2′s use.
German law permits the use of spy software by government officials in order to combat terrorists and criminals. Wiretapping is legal but courts need to give the approval for its use in all cases.