German Government's Malware Analyzed

First time accepted submitter lennier1 writes "The German hacker group CCC (Chaos Computer Club) has analyzed a piece of malware the German government uses in criminal investigations to spy on a suspect's computer. I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

Well

[esocid]

You want competant surveillance too? Sheesh, so demanding.
I'll go ahead and throw out the "if you've got nothing to hide" out there too, and see how this gets modded.

Surprise, surprise, surprise

[AliasMarlowe]

I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict

This must be some new meaning for the word "all" that I have not come across before. Because it implies that "all" means a vanishingly small fraction of the population.

Re:Surprise, surprise, surprise

[Shoe Puppet]

/etc/init.d/sarcasm start

Re:

[ae1294]

sudo /etc/init.d/sarcasm start

Re:

[cynyr]

lol, i love the ubuntu people, that don't know they can just log in as root to do a bunch of things and then log out...

sudo foo
sudo bar
sudo start foo
sudo start bar

su -
foo
bar
start foo
start bar
exit

Re:

[AliasMarlowe]

Actually, in Ubuntu that should be "sudo su" as the first command...

Re:

[allo]

no. its just "sudo -s". "sudo su" is for people who cannot read manpages.

Re:

[pizzap]

you may use sudo -i as well.

Re:

[broken_chaos]

You have to disallow sudo entirely (or to a carefully-patrolled whitelist of commands), not just "sudo su", "sudo -s" and "sudo -i". Otherwise you can do "sudo bash", "sudo busybox ash", "sudo passwd", "sudo writable-script.sh", "cd bash; ./configure; make; sudo ./bash", and all sorts of other little workarounds.

As far as security goes... I'd give this a shrug at best. At worst, you're in a situation where many people now need the actual root password and that makes logging and monitoring access a lot harde

Re:

[agw]

You're right.

You would not be able to whitelist any command that may execute a third command, change file bits, change (i.e. specify output files) any script or command that IS in the whitelist, etc.

It's only really useful if you attach a company policy to it saying "we use this to log the commands you run, if you misuse it, you're a bad boy and will be reported".

Re:

[cbiltcliffe]

At worst, you're in a situation where many people now need the actual root password and that makes logging and monitoring access a lot harder.

Or, you could just set up multiple root accounts; one for each admin. Then you can log each admin individually, and know who screwed up what when it hits the fan.

Re:

[LordLimecat]

No, sudo su is for people who have a random or unknown root password, but have full sudo capabilities.

Re:

[Smallpond]

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

Re:

[ScrewMaster]

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

I use Windows. I don't know how to be sarcastic.

Re:

[awehttam]

net start sarcasm

Re:

[ScrewMaster]

...then an upgrade to IE plus a reboot. followed by 42 system updates and then another reboot.

Apparently you've not spent any time on Windows 7 (don't know about Vista, never bothered with it) but 7 has improved the update process considerably over XP and earlier: no more use of Internet Explorer as the update vehicle (I'll cheerfully admit that that was not one of Microsoft's better ideas.) Doesn't need to reboot as often after an update either, so it's more competitive with your typical Linux distro in that regard.

As it happens, my entire household is Linux, and on the Ubuntu workstations and D

Re:

[ScrewMaster]

/etc/init.d/sarcasm start

Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.

I use Windows. I don't know.

FTFY

{sigh} the Slashdot hive-mind can be so literal sometimes.

Re:

[Wintervenom]

#!/bin/bash
if [[ -z $1 ]]; then
echo "Usage: ${0##*/} (stop|start|restart) [daemon]"
exit 1
fi
if [[ -z $2 ]]; then
d=sarcasm
else
d=$2
fi
case $(</proc/1/comm) in
systemd)
systemctl $1 $d.service
;;
upstart)
service $d $1
;;
rinit)
sv $1 $d
;;

I think there is something...

[Dark Lord of Ohio]

I think there is something we don't know about. If they really got "official" version, then I am expecting that many heads in German federal government will fall.

Re:

[plover]

I think you are overly optimistic about the ability of most governments to correct their own abuses of power. I doubt they'll fire anyone or even stop using the Trojan, they'll just have someone correct some of the deficiencies the CCC found.

At the most, they may take the Undersecretary for Purposes of Scapegoating out and publicly fire him. They might terminate the contract with the software company who developed it. But don't expect "many heads" to roll.

Re:

[Anonymous Coward]

Unfortunately crass incompetence and general disregard for laws only means the persons responsible will fall UP the promotion ladder. The more you fuck up, the higher you get. The ruling class cannot do wrong. "Du bist Deutschland!"

Re:

[Issarlk]

We are talking about beeping computer with blinking lights in front of strange guys with big glasses typing on keyboard as big 3D skulls rotate over a password form... in the imagination of anyone high enough to fire them. They'll probably shrug and just ask them to hire a goth girl to enhance the security of the encryption channel so that they don't get their computers fried in a deluge of sparks if the bad guys squeeze through the security holes".

Re:

[barv]

More likely than federal public servants being sacked for wrongdoing is a witch hunt to find out who leaked the binary. Oh and also an attempt will be made to hire a proper programmer in place of their script kiddy.

Re:

[V for Vendetta]

It wasn't "leaked". It was handed over to the CCC by a lawyer. He defended a guy in court which the malware was used against to collect evidence.

Re:

[ultranova]

I think there is something we don't know about. If they really got "official" version, then I am expecting that many heads in German federal government will fall.

Yeah. A country that was mentored by both Hitler and Stalin really has no excuse for incompetence in this area.

Re:

[t2t10]

I seriously doubt it. Since WWII, German governments have gotten away with a lot, including massive surveillance and widespread invasions of privacy. Germans just don't care.

But most importantly

[Dunbal]

Can this trojan upload child pornography (or any other incriminating files/images) to the suspects computer, to be collected as "evidence" at a later date? I suspect it can. And if this program can uninstall itself at a later date, then this is a perfect tool for "bring him in, boys". Oh George Orwell, how foresighted you were.

Re:But most importantly

[jeti]

Yes. It contains filedropper functionality. Like most malware, it can download and execute additional applications thereby extending its functionality and it can place documents on the infected PC.

Re:

[Opportunist]

Oh, don't worry, it won't be. How should it be used, it's never been there! Why do you think it was there? It never downloaded those child porn pics and deleted itself afterwards, and that search warrant was issued for completely different reasons other than a judge seeing the malware's screenshots. You're in for having child porn on your computer that we found in that search, who ever said anything about a government trojan?

Re:But most importantly

[Dunbal]

You really don't understand how corruption works, do you? It would not be a false conviction at all. It would be a very real conviction, documented, with a valid chain of evidence and everything. The reasons can be many - from the "guy they think is the criminal but can't actually arrest him for anything because he hasn't done anything they can prove" situation - like Al Capone; to the "rival gang member needs to be taken out quickly because gang A just paid me $100k to lock up the leader of gang B so I will just upload this stuff onto his computer and call in an "anonymous tip"" situation. It even includes the "pay me $100k or you get thrown in jail" situation where the corrupt law enforcement/government agent decides to put the squeeze on someone.

Maybe it's because I live in the third world and am used to dealing with corruption like this almost on a daily basis that I am so cynical. However if anyone (police or otherwise) can clandestinely install a program on your machine/cell phone/whatever and have it upload/execute programs, then all machines/cell phones/whatever can be compromised and such "evidence" shouldn't be admissible in court anymore.

Re:

[drinkypoo]

Corruption in the first world is written into law and disguised only with hypocrisy. For example you have to pay to get building codes, most of them can't just be looked up online. But if you don't do it to code they can make you rip it out. Mandatory filing fees even for abused parties, then you have to file another suit if you hope to recover that... we live in a theocracy where the state religion is worship of the state itself.

Re:

[AmiMoJo]

However if anyone (police or otherwise) can clandestinely install a program on your machine/cell phone/whatever and have it upload/execute programs, then all machines/cell phones/whatever can be compromised and such "evidence" shouldn't be admissible in court anymore.

The "trojan defence" has been used successfully in court to argue that the owner of the PC did not download illegal material. This just strengthens that defence.

Re:

[mpe]

Maybe it's because I live in the third world and am used to dealing with corruption like this almost on a daily basis that I am so cynical.

It's more that people in the "third world" tend to take a cynical view of public officials and politicians. Whereas many in the "developed" world tend to be very trusting of the same...

Re:But most importantly

[AliasMarlowe]

If an authority's intention is to falsely convict someone by planting material on a piece of equipment that they will seize, disassemble and connect to their own equipment during the course of that conviction, why on earth bother planting it remotely?

Because the raid, seizure, arrest, and indictment will be made by a completely different organization - the regular local police and local public prosecutor.

For the police and prosecutor to do their job effectively, they must fully believe in the validity of the evidence they have seized and the chain of custody of that evidence must be impeccable. They will emphatically believe in the culpability of the arrested criminal (sorry, "alleged" criminal until the court inevitably pronounces its verdict of guilt) on the basis of this incontestable evidence. They will be utterly in the dark about any surveillance/incrimination operation, and will vilify the accused with confidence, proud to be protecting their community from such evil malefactors.

Re:

[Issarlk]

I think in the USA they use special piece of hardware that gives read only access to HDs just to avoid being accused of planting evidence. Maybe it's the same in Germany, in which case planting remotelly is a cool feature.

Re:

[MichaelSmith]

There may be a difference between a tool which collects evidence for a trial and a tool which collects information for investigators. The latter tool could plant information to help drive an investigation by (say) falsifying communication between conspirators.

Re:

[fuzzyfuzzyfungus]

Hardware write-blockers are pretty much standard for any hands-on forensics not conducted by utter amateurs. The trouble is, of course, that you can only use those after you seize the hardware, and the feds want something they can use before they seize the hardware.

I don't know if analogous US malware tools(Magic Lantern, CIPAV, possibly others) have been studied in as much detail; and they may or may not be of higher quality; but anything that has to run on the live host system isn't going to be fundame

Re:

[izomiac]

Orwell was primarily an essayist, and virtually all of his works take a stance against totalitarianism. People aren't just talking about a single book, they're talking about the life's work of a well known author.

C3PO-r2d2-POE

[Anonymous Coward]

Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake.
So, this could be the trojan we're looking for.

Also, the code contains a function called "_0zapftis_le_execute()".
"O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.

Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf

Re:

[ScrewMaster]

Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake. So, this could be the trojan we're looking for.

Also, the code contains a function called "_0zapftis_le_execute()". "O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.

Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf [www.ccc.de]

What does the "POE" mean? Porn Over Ethernet?

Re:

[Anonymous Coward]

Correct. "O'zapft is" is Bavarian for "it's tapped".

Re:

[Anonymous Coward]

The *disassembly* produced by CCC contains those function names. The report mentions near the beginning that all the code is in a DLL without any exported symbols, so that name was picked by the people doing the disassembling; it's not from the original code.

Re:

[gstrickler]

They better be prepared for the cease and desist order from LucasFilm.

I'm outraged!

[Anonymous Coward]

How can the US government keep doing stuff like ... what, it isn't the US government? Then it must be for the good of the country since only the US does stuff like this with anything other than good intentions, carry on.

Re:

[ScrewMaster]

How can the US government keep doing stuff like ... what, it isn't the US government? Then it must be for the good of the country since only the US does stuff like this with anything other than good intentions, carry on.

No, we're just the only ones that every one likes to complain about, or maybe we just get caught more often. I don't know, but it's not like every government on Earth doesn't do things like this, to one degree or another.

Re:

[chrb]

Of course they do, and it has a name: Lawful interception. [wikipedia.org] Support for lawful interception is built in to telephone exchanges, network switches etc. When it's used to eavesdrop on terrorists and drug dealers, then people like it. When it's used to eavesdrop on everyone, then people dislike it. Somewhere inbetween there is a vast land where some approve, some disapprove, and many don't care.

[NB: The German constitutional court ruled that there is a sphere of privacy that is afforded total protection and can never be breached, no matter for what reason, for example keeping a diary or husband and wife talking in the bedroom.

That is very interesting: even during a criminal terrorism investigation, a suspect's personal notes and diary are lega

Re:

[t2t10]

Of course they do, and it has a name: Lawful interception

Lawful interception requires a court order in the US. In Germany, it's a judgment call by the police, controlled only by internal reviews.

That is very interesting: even during a criminal terrorism investigation, a suspect's personal notes and diary are legally protected.

That's protection against investigation by the police, enforced largely by internal reviews. It isn't protection against intelligence services or state security services, and even fo

Re:

[Opportunist]

The US are just bigger, that's why we hear a lot more about the US than any other country. And only 'cause it's hard to hear anything from Russia, and don't start me on China.

Government all over the planets managed to slip past the point where they're corrupt to the bone. I miss the Soviet Union. As long as it existed, our politicians at least had to pretend they're the good guys.

Strange

[Anonymous Coward]

i have read the report linked to in the article. This report is written in german. Nothing hints in the binary itself that this is the "real thing". The analyzed binary is a windows-DLL with out exported functions. The C&C server the trojan is 207.158.22.134, which is allocated to Web Intellects in Columbus, Ohio, USA. The connection to the german government is only hearsay for now, we have to believe in it.

Re:

[agw]

Looks like they got it from people who got their computers back after they were busted?

Forget Mafia Wars--play German Gov't Domination!

[Commontwist]

Yes, you too can foster Total Political Disintegration (Normal Mode), Totalitarian Rule (Easy Mode), New Nazi Order (Hard Mode), or Common Sense Government (Insane Mode) by pitting the various German political factions against one another via clever remote control of their computers at home and in the office!

Game Play includes: That's Not My Porn and Child Porn Prisoner internet insertion features, send copies of incriminating e-mails to political rivals and international newspapers, bonus mod features to h

I am German... and...

[Tanuki64]

I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

... nope, not at all surprised.

Re:

[lennier1]

Sarcasm apparently isn't your strong suit.

Re:

[Tanuki64]

Sarcasm? Where?

Re:

[Erikderzweite]

Well played...

CCC's public role in Germany

[BitterKraut]

The Chaos Computer Club is probably not adequately characterized as a 'hacker group'. It was founded in 1981 as a computer club and, while hacking has always been their most prominent activity, they have grown not only into a nation-wide association of about 3000 members, but into an influential civil rights organization as well. Their expertise in matters of IT security is frequently called upon by public media in Germany. The CCC is well respected even by many politicians and their expertise was cited more than once by former Ferderal Minister of the Interior Gerhart Baum during the trial that ended last year with the Verfassungsgericht (federal constitutional court)'s finding that the federal anti-terror law that obliged providers to retain all telecommunications data for six months was unconstitutional. The CCC organizes the annual Chaos Communication Congress that Slashdot readers might remember as being the event where some major hacks were presented to the public: http://it.slashdot.org/story/11/01/02/0231242/detailing-the-security-risks-in-pdf-standard [slashdot.org] http://games.slashdot.org/story/10/12/29/204253/Playstation-3-Code-Signing-Cracked-For-Good [slashdot.org] http://it.slashdot.org/story/09/12/28/1931256/gsm-decryption-published [slashdot.org] http://games.slashdot.org/story/05/12/16/2157217/hacking-the-xbox [slashdot.org] The CCC is also well know for Project Blinkenlights, which grew out of the CCC but is now an independent project.

So will AntiVirus software find it?

[PolygamousRanchKid]

Or is it illegal for an app to find viruses that are questionably legal because he government spreads them?

Re:

[allo]

f-secure at least will.

Re:

[Anonymous Coward]

f-secure at least will.

You're probably referring to their stated policy [f-secure.com]. However, according to CCC

All examined variants of the trojan were not recognized by any antivirus program at the time of creation of this report. ("Alle untersuchten Varianten des Trojaners wurden zum Zeitpunkt der Berichterstellung von keinem Antivirus-Programm als Schadsoftware erkannt.") -- report page 3 [www.ccc.de]

Also, f-secure have not promised to detect all government malware they are aware of:

We have to draw a line with every sample we get regarding whether to

Re:

[Goaway]

Which means that the phrase "This decision-making is influenced only by technical factors, and nothing else" is a lie, so why say it in the first place?

No, it means they hadn't seen this trojan before now, genius. Nobody but the creators and the CCC had, before today.

But...

[rrohbeck]

does it run on Linux?

Re:

[think_nix]

http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf [www.ccc.de] (german)

It appears to be a windows dll. For installing it they are presuming someone would need physical access, user installation per email attachment , or drive by download attacks.

Re:

[rrohbeck]

Meh. I feel neglected.

Pirate Party

[Vlad_the_Inhaler]

In other news, the Piratenpartei recently made it to the Berlin City legistature with 8% of the vote and and are currently running nationally with that level of support. If they maintain this, they will be the 4th-5th largest party in Germany.

FAIL

[MrL0G1C]

So, if you're a criminal in Germany, all you have to do is install this software on your computer and then you have plausible deniability because anybody could have uploaded anything to your PC. Your PC could no longer be used as evidence.

Fucked that one up didn't you Germany!!!

Re:

[dunkelfalke]

It doesn't work that way in Germany. As with the WLAN hotspot, the owner of the hotspot is responsible for all illegal activity on it, even if anybody could have used it.

Re:

[MrL0G1C]

I don't think you get it, if a criminal steals your car, ram-raids a shop and makes off with the contents, are you telling me that the car owner is responsible for the crimes committed????.. Or perhaps the gov't is responsible because it owns the roads?

Root-kit != WLAN hotspot.

Re:

[t2t10]

Generally, there's a strong presumption that if it was done with your car and you didn't report your car as stolen, you did it. It's the same with your computer.

Re:

[MrL0G1C]

Root-kit != WLAN hotspot.

why dont you get that?

Re:

[discord5]

Your initial car analogy is terribly flawed. Don't draw bad car-analogies to prove a point. (If your car is stolen and you fail to report it, you're in for a fun ride, mind you. And reporting it doesn't automatically remove you from the suspect list either.)

Root-kit != WLAN hotspot.

As for the root-kit, you are responsible for the security of your own machine. If you go to court "Oh lol, rootkit get out of jail free" most likely you'll be laughed out of court (straight into jail) unless you can prove it. I wouldn't be terrible surpr

Re:

[MrL0G1C]

I live in the UK and the burden of proof is on the prosecution, not the defendant.

How many people got hit by code red - are you seriously telling me in these days of regular exploits in Flash, PDFs, java, browsers, MS office etc that a person can be held at fault for getting rooted!!!!! The gov't gets rooted all the time, If Sony, govt etc can't secure their systems, then how can the technically clueless general public be expected to?

And once again, deliberately opening up your wireless for the public to sh

Re:

[discord5]

burden of proof is on the prosecution

They've just submitted your laptop as evidence. Let's for the sake of argument say there is 200GB of kiddy porn on it. They've got the burden of proof thing covered you know? Your laptop, your hard drive, thus your kiddy porn. They'll have an expert on the witness stand explaining how they used their fancy forensic toolkit to find it all. It is on your PC, therefor you must have downloaded all that.

You can now wave your arms around in court screaming "rootkit" until your throat is sore, but the burden of pr

Re:

[MrL0G1C]

"You can easily get convicted without a single shred of hard evidence, for any type of crime."

Not normally in the UK, the CPS (crown prosecution service) wouldn't bring the case to court without some evidence.

I vaguely recall someone in the UK had a case dropped due to the suspect having a trojan and rightly so, the prosecutions job is of course to prove guilt beyond reasonable doubt.

Re:

[ScrewMaster]

"I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

No not really...

Really, if the government (any government) is going to get into the malware game, they should hire people to create it for them who are at least as competent as the guys on the other side of the fence.

Re:Frosty Piss

[fuzzyfuzzyfungus]

The piece of incompetence that I find really striking is not so much the general shoddiness; but the fact that the malware is using a proxy setup in the US to avoid having its traffic traced back to the German police entity using it. Even if they know nothing about the tech side of things, surely exporting the evidence outside of the state, country, and EU, to some random datacenter in the US, would mean a hairy pile of privacy and chain-of-custody problems for the chaps in legal?

Re:

[Anonymous Coward]

nope, as german law doesnt exclude illegaly obtained evidence from use in court.

ive read enough dystopiae to see where this is goin...

Re:Frosty Piss

[IWannaBeAnAC]

nope, as german law doesnt exclude illegaly obtained evidence from use in court.

Right, but that is appropriate. The USA is the only country I know of that does exclude evidence like that. In most jurisdictions, the aim (idealized, not always realized) of a court case is to uncover the truth of what happened. If the law was broken in the process of obtaining evidence, by all means prosecute the people who broke the law, but to exclude that evidence is a weird thing to do. At least, 90% of the planet thinks so...

The situation in the US is based on a rather bizarre interpretation of the constitution set by the supreme court, actually not so long ago, starting from around 1920. The Fourth Amendment of the constitution is the one about "no unreasonable searches and seizures", and requiring "probable cause". But it doesn't specify what the penalty should be if those rights are violated. In much of the rest of the world, the equivalent violation (eg, of police or some other person obtaining evidence illegally) opens the offender for prosecution but whatever evidence is obtained can still be used. That was the case in the USA before the early 20th century. But several court cases in the 20's and 30's established the "fruit of the poisonous tree" doctrine, in which evidence which was obtained illegally is not admissible in court. This has resulted in many farcical court cases where the facts of the case are well established, but can't be presented in court because the evidence was obtained illegally (in some cases, due to some technical omission). It also results in lots of arguments where opposing lawyers have a big bun fight, and make lots of money, arguing at length over whether a particular fact is allowed to be presented to the court or not.

It has also resulted in the attitude that cops who break the law are already "punished" by being unable to present the evidence in court (and often therefore unable to convict a criminal), and that this is sufficient punishment for the cop. Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves, in the US they typically don't. This is an encouragement towards corrupt behavior.

Re:

[Kjella]

The USA is the only country I know of that does exclude evidence like that.

Norway would be the second country then. In fact, it's probably stronger than the US protection because an employer that made illegal recordings [privacynetwork.info] of his employers had the evidence rejected after filing charges for embezzlement. That one went to the supreme court, I couldn't find a similar case where the police used illegal methods because once that is known the charges would be dropped. Honestly I would be surprised if a modern rule of law didn't include something like that, otherwise there's a million looph

Re:

[tehcyder]

The USA is the only country I know of that does exclude evidence like that.

Norway would be the second country then. In fact, it's probably stronger than the US protection because an employer that made illegal recordings [privacynetwork.info] of his employers had the evidence rejected after filing charges for embezzlement.

I assume, in that case, that the employer went around one night to the embezzler's house with a couple of baseball-bat wielding friends and beat the crap out of him. There's such a thing as natural justice if the legal system fails too egregiously.

Re:

[sourcerror]

I think in Hungary it works similar to the US. Also, evidence can't be reused in a different trial.

Re:

[clickforfreepizza]

It has also resulted in the attitude that cops who break the law are already "punished" by being unable to present the evidence in court (and often therefore unable to convict a criminal), and that this is sufficient punishment for the cop.

Well, not so in Germany. Typically (at least according to popular lawblog.de) it's like this: Prosecutor gets judge to sign a search order which is blatantly illegal. Search victim goes to court; result: a letter to hang over the fireplace saying the search was illegal.

If the search victim is prosecuted, the court has to weigh what's more important: the injury of the illegal search or dealing with the crime. Hint: answer's always the same.

Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves, in the US they typically don't.

Unless it's something big like the recent blanket surveillance of a

Re:

[makomk]

In much of the rest of the world, the equivalent violation (eg, of police or some other person obtaining evidence illegally) opens the offender for prosecution but whatever evidence is obtained can still be used. That was the case in the USA before the early 20th century. But several court cases in the 20's and 30's established the "fruit of the poisonous tree" doctrine, in which evidence which was obtained illegally is not admissible in court.

This incentivises the police and prosecution services in other countries to ride roughshod all over the rules of evidence if the crime is serious and they think it'll net them a conviction. I mean, who really cares if a pedophile was convicted using illegally-collected evidence - he obviously doesn't deserve any rights, and neither the press nor the courts are likely to see anything much wrong with this, if he even lives long enough in jail to be able to sue in the first place. Without the "fruit of the poi

Re:

[nabsltd]

Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves

What a quaint belief.

Cops in every jurisdiction don't even get their hand slapped unless they start doing things that are orders of magnitude beyond what would cause normal citizens to be thrown in jail for 10 years. Yes, there are a few examples made, but generally those are going to be people that the rest of the cops didn't like for some other reason.

Re:

[L4t3r4lu5]

Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves

Tell that to Jean Charles de Menezes. You'll probably need a medium, though.

EU data protection laws

[Alain Williams]

exporting the evidence outside of the state, country, and EU, to some random datacenter in the US, would mean a hairy pile of privacy and chain-of-custody problems for the chaps in legal?

Far more than that: it is exporting personal data outside of the country, this is against EU data protection laws. In particular the USA which has been found to NOT have a data protection standard that is good enough -- again a violation of EU data protection laws.

Re:

[ScrewMaster]

In particular the USA which has been found to NOT have a data protection standard that is good enough

We have one of those?

Re:

[ozmanjusri]

at least as competent as the guys on the other side of the fence.

The general public is not known for their competence in computer software development. The government would be better off employing criminal hackers.

Re:

[ScrewMaster]

at least as competent as the guys on the other side of the fence.

The general public is not known for their competence in computer software development. The government would be better off employing criminal hackers.

The problem there is ... they're criminals. You'd have to have any code they come up with vetted by someone competent enough, indeed tricky enough, to make sure there's nothing in there that could make the whole thing backfire (I mean, hell, if you were a blackhat of that magnitude ... wouldn't you try to put one over on the gendarmes? Just as a matter of principle?) And if you know someone you can trust who's good enough to spot any problems, you might as well just hire him (or her) in the first place.

I

Re:

[ScrewMaster]

"The government would be better off employing criminal hackers."

The leaders don't like the competition.

Ha ... isn't that the truth.

Re:

[Opportunist]

Knowing the German government, and how it works, I can tell you how this train wreck came into existence.

Some government employee drafted the requirements for the toy. Being a government employee, he doesn't know jack about security and got his job mostly due to connections and knowledge of people rather than the matter at hand. And as such, his draft was shabby and less than perfect.

The company executing the order did implement it with the minimal effort to meet the requirements, as is usual in such a scen

Re:

[ScrewMaster]

What's not in the specs does not get implemented.

Yeah, I think you hit the nail on the head. Nor should they be implemented: it's not the contractor's fault if the purchasing party has its head up its collective ass. Know what you're asking for when you put out a bid request: it's the only way you'll a. have any chance of getting what you want and b. be able to tell if you ultimately got what you paid for. Specs can be a pain in the neck, and many see them as a waste of time, but without a proper spec a development contract is a crapshoot.

Re:

[Opportunist]

And I don't even want to blame the guy responsible for the bidding conditions, because I'm in his shoes and I know how it works. You get an assignment to write the specs and they should be done by, well, yesterday. I mean, how long does it take to type those five pages?

What people fail to see is that the work isn't typing. It's pondering what to type and taking every aspect into account. Pretty much like programming, once the code gets written, 90% of the work has already been done. At least if the programm

Re:

[ScrewMaster]

I kind of disagree, in some way. As a government employee you have actually sufficient time to think it though. But the big obvious problem is that you normally don'T think of all the hooks and notches while you write the original spec. Then you go for a bid and Germany, (for government contracts) you need to take the cheapest bid, that fulfills some basic requirements. As it tuns out there is ALWAYS one bid that servilely undercuts the other bids and you know that this one is crap. Only problem is formally the bid is ok. There is a reason why the Netherlands always take the second best bid, that prevents price fixing.

Ideally, there should be some give-and-take. There's no way in hell that a spec author can account for everything, know everything, or be aware of special capabilities of a given supplier. Given some communication with contractors during the spec-writing phase a lot of important details can get nailed down, and the purchaser may often learn about options and methodologies of which he wasn't aware. I used to be a contractor, a long time ago: my specs precisely fit customer requirements because I worked them

Re:

[Opportunist]

And that's usually a big nono. You see, when you write the specs together with a potential contractor, a competitor could butt in and argue that that you played favorites and that contractor only won because he pretty much drafted the specs.

Actually, the sensible thing to do when you're writing specs for a field you lack the expert for is to hire such an expert. And that's actually the proscribed procedure in such a case for government contracts. Hire an expert in the field who will then draft the specs wit

Re:

[Opportunist]

Odd, when I was on the other end of the bargain (i.e. the "picker"), I had pretty much leeway to pick the right offer, as long as I could sensibly argue my choice.

Re:

[ae1294]

Sweet, thanks for clearing that up.

Slashdot asked me "personally" for my opinion... Gezz, don't mod me bro...

Re:

[freedumb2000]

In the german paper at least, it says that it is not currently detected.

Re:

[berniemne]

tgz is fine for me. Avast is not detecting it. I'm scared.

Re:

[Opportunist]

AV tools are only as good as the samples the company making them has. And since I'd guess the German government is no more trustworthy than any other malware spreader, I doubt they handed samples to the various AV makers.

Now that those samples are available, scan again in a few days to see which AV makers put their money where their mouth is, and which are bending over and beg for lube.

Re:

[clickforfreepizza]

http://www.f-secure.com/weblog/archives/00002249.html [f-secure.com]