Forgot your password?
typodupeerror
Privacy Government Security Your Rights Online

German State Confesses To, Downplays Government Spyware 104

Posted by timothy
from the nussink-to-vorry-about dept.
First time accepted submitter clickforfreepizza writes with this news on the German 'state trojan' analyzed by the CCC: '[The] Bavarian Interior Minister [confirmed] that state officials had indeed used the software, but argued that the use had been conducted legally. [...] [A] lawyer said his client had had the software in question installed on his computer during a customs check. That software, which could be legally used for monitoring telecommunications, had been altered to allow it to grab screen shots.' The H's sister site heise.de reports this case involves nothing like terrorism, but legal substances which 'may become' illegal when exported. (German original) The Bavarian press release (German original) also says the code analyzed by the CCC might be an earlier test version."
This discussion has been archived. No new comments can be posted.

German State Confesses To, Downplays Government Spyware

Comments Filter:
  • by elrous0 (869638) * on Tuesday October 11, 2011 @10:19AM (#37678962)

    I just can't believe that *Germans* would engage in such heavy-handed government repression.

    • In his best Sgt Schultz voice "I see nothing"

    • by dkleinsc (563838) on Tuesday October 11, 2011 @10:44AM (#37679274) Homepage

      Heaven: Where the chefs are French, the police British, the carmakers German, and the lovers Italian, all organized by the Swiss.

      Hell: Where the chefs are British, the police German, the carmakers French, the lovers Swiss, all organized by the Italians.

      • Surely the Heaven lovers are the french and the chefs are italian, not the other way round..?
        • Seeing the French invented the culinary rules, no. The chefs in heaven are French. I mean come on - the Italians won't even put a bit of cheese in with the seafood.

          Disclaimer: I actually like Italian cuisine much more than French. I also am not really a fan of many things French, but cooking is one of the things I can't fault them for.
      • Re: (Score:3, Insightful)

        by daem0n1x (748565)

        Hell: Where the chefs are British, the police German, the carmakers French, the lovers Swiss, all organized by the Italians.

        And the accountants are Greek.

      • I heard another one like this:

        Heaven is a British home, a Chinese chef, an American salary and a Japanese wife.

        Hell is a Japanese home, a British chef, a Chinese salary and an American wife.

        • That idea of heaven sounds like purgatory to me, not exactly heaven. Whilst Chinese food is nice, and Japanese women sure know how to treat a man, British homes are awful and American salaries, compared to say, a Norwegian salary (or even a British one) are not very good.

          I would change it to: Heaven is an American home (nice and big, generally well built), A Chinese/French/Italian chef, a Norwegian salary, and a Japanese wife.
          Hell is a British home (I know, I have lived in a few, and compared to Norweg
    • by daem0n1x (748565)
      It's nice to see a discussion that's practically Godwyned even before the first post was written.
    • by Synerg1y (2169962)

      I've always had this theory...

      What if the hard drive is removed prior to passing through the checkpoint. Or rather shipped separately, so I'd be passing through with a non-functioning laptop. Never tried it, I don't bring a laptop on vacation, f that, but what about for people who travel international? I don't think a hard drive would get searched in baggage in it's off state.

      • Likely successful and even simpler, get a second hard drive. Pack one in your checked baggage (most people check at least one bag flying internationally I think) inside an anti-static bag with your "real" OS and data, put a second cheap one into the laptop with a basic Windows (or Linux to save even more money) install and maybe a game or some non-sensitive work stuff to keep you occupied on the flight. Like you say, I doubt they'd make you install and check a second drive, especially if it were sealed up

        • by Synerg1y (2169962)

          Right, that would definitely work, my goal would be to prevent the intrusive government from installing anything on my computer and not wasting any time. I would be a little paranoid of that second hard drive within the scope of this article, since the government probably has rootkit grade stuff. But now that I think of, add have a system imagine from ghost or something and flash back to that every flight on your 2nd hard drive and that would kill the root kits. I'm thinking more along the lines of peopl

  • It actually hasn't been altered but retains its initial functionality even though a prominent decision by Germany's constitutional court requires the abilities to be limited to tapping into digital phone calls.
    They simply didn't castrate the program, violating that court order in the process.

    • by Millennium (2451) on Tuesday October 11, 2011 @10:34AM (#37679154) Homepage

      There are some government powers for which safeguards against abuse simply are not sufficient. The power itself must be taken away, because the eventual abuse cannot be worth any beneficial uses it might have.

      • by Dunbal (464142) *
        But think of all the children! etc
      • by timbo234 (833667)

        Indeed, and of all the political parties trying to use this mess to their advantage at the moment the only ones who grasp this point are the Pirate Party.

        ""Es gibt keinerlei Möglichkeit, einen Trojaner zu installieren, der den rechtlichen Erfordernissen entspricht." Ein Richter könne nie nachweisen, ob Beweismittel auf Computern eines Überwachten nachträglich verändert wurden."

        In English:
        "There is no possible way to install a trojan that satisfies the legal requirements*. A judge ca

    • by Hatta (162192)

      Pray they do not alter it any further.

  • One simple question. (Score:4, Interesting)

    by Robert Zenz (1680268) on Tuesday October 11, 2011 @10:32AM (#37679118) Homepage
    And I have still this one simple question: How are the infecting the systems and is it cross-platform?
    • Arrr...that's technically two questions, I know.
    • by jeti (105266) on Tuesday October 11, 2011 @10:43AM (#37679262) Homepage

      The lawyer of one person who had this spyware on his laptop claims that it was installed by customs officers at the Munich airport. Apparently there have also been cases where the police secretly broke into the apartment of a suspect (and claims the break in was covered by a simple search warrant).

      The version analyzed by the CCC only works on Windows (32 bit). It is unclear whether additional versions exist.

    • by moonbender (547943) <moonbenderNO@SPAMgmail.com> on Tuesday October 11, 2011 @10:54AM (#37679380)

      Someone else mentioned installing it at the border -- yet another reason for completely wiping the system before and after a border check. There are two known cases where this happened. In another case, they broke into someone's home and installed the software on two computers. None of these cases involved terrorism, or child abuse, for that matter.

      Source (German, obviously): http://taz.de/Staatstrojaner-gegen-Drogendealer/!79701/ [taz.de]

    • by Anonymous Coward

      F-Secure has the installer: http://www.f-secure.com/weblog/archives/00002250.html [f-secure.com]

    • And I have still this one simple question: How are the infecting the systems

      In this case, the software was probably installed during a "check" at customs when the victim came home from an international trip.

      But the article also mentioned that in other cases it was installed using "black bag" operations (i.e. "legal" burglaries).

      and is it cross-platform?

      probably not. And the fact that the CCC learned about so many cases of use seems to indicate to me that even a moderately intelligent windows user would notice that something is amiss...

      • by mlts (1038732) *

        This may be a good case for a TPM on computers. A "black bag" operation would then force the user to have to pull out a recovery key in order to boot the attacked machine.

        Of course, one can theorize about a backdoor in a TPM, but that would require a lot of international cooperation, a lot more than just using an "official" keylogger.

        • one can theorize about a backdoor in a TPM, but that would require a lot of international cooperation, a lot more than just using an "official" keylogger.

          So, it might make the German users safer against these shenanigans, but what about the US users?

          And if well done, the TPM could actually be abused to seamlessly hide any Trojans, so the NSA might even entrust the German authorities with the secret, without fear of the CCC discovering it...

  • Digitask (Score:5, Informative)

    by think_nix (1467471) on Tuesday October 11, 2011 @10:39AM (#37679216)

    Vaguely referenced in the original heise.de article the company responsible for programming the trojan is "digitask". They charged neighboring Bavarian state Baden-Württemberg 1,2 million Euros for some components of the software in 2007. From the Spiegel article below also looks like digitask was being commissioned to implement a complete digital "Big Brother" system from certain states. So looks like more German states than just Bavaria are implicated in this.

    source german: http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791112,00.html [spiegel.de]

    Also another English article from spiegel :http://www.spiegel.de/international/germany/0,1518,790944,00.html

  • by Anonymous Coward

    nobody has the intention of building a surveillance state [wikipedia.org]!

    .~.

  • The programme had been used in 2009, he said.

  • A - (old/pre version) CCC had several sources/versions of the trojan to examine, they were very similar or identical (obeying the same US command center)
    B - (info not mentioned) News sources (German Radio in particular) never mention that all information gathered (thousands - 60? of screen shots in the airport-laptop infection case) went through the hard coded IP address (207.158.22.134) of the trojan command center's US server(s). Maybe that's below people's event horizon?
     

  • Some background info (Score:5, Informative)

    by angel'o'sphere (80593) on Tuesday October 11, 2011 @12:03PM (#37680226) Homepage Journal

    The issue is ore complex.

    First of all the german supreme court denied "the police" the right to have such a program in the extend it is used now. Important functionallity, like uploading and installing additional additional components was not allowed. Also a "search warrant" was required to install it.

    In the given cases it seems the police just did what they pleased.
    On top of that the "Police Trojan" is a true backdoor. It allows loading of arbitrary code via the internet. It allows remote control and screenshots, so you easy can remote control type a compromising email, screen shot it and thus forge evidence.
    And on TOP OF THAT they included (forbidden by the supreme court) the option to activate cameras and microphones without the notice of the owner.
    By that they are able to record innocent by standers, or take naked photos of people in the living room etc.
    The outcry is so big that one of the most conservative german news papers (Frankfurter Allgemeine Zeitung, FAZ) printed the dissasembled code in the "feature pages" (feuilleton) with comments added by the Hackers from Chaos Computer Club.

  • by QuietLagoon (813062) on Tuesday October 11, 2011 @12:16PM (#37680362)
    Several German states admit to use of controversial spy software

    Several additional German states have admitted to deploying spyware in order to investigate serious criminal offenses, according to regional media sources. The interior ministers of the states of Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony said that regional police had used the software within the parameters of the law. In Lower Saxony, the software has been in use for two years, according to the public broadcaster NDR. Authorities in Brandenburg, meanwhile, told the daily Berliner Morgenpost that they are currently using the spyware in a single, on-going investigation. Baden-Württemberg has also used such software to investigate "individual cases," according to the Badische Zeitung. The interior ministry in the western state North Rhine-Westphalia also admitted that police had used the software in two instances, both of which had been approved by a judge. The news agency dpa reported that both cases had involved serious drug crimes....

    See the article [dw-world.de] (in English) for the full text.

  • There is NO way to use spyware that has the ability to update itself at the whim of its controller legally unless "anything goes" has been made legal for law enforcement. And, pointedly, the Bundesverfassungsgericht (federal constitutional court) explicitly said it ain't so! One could argue if due process and diligence was in place, but I see no trace thereof. Hell, even the versions the CCC analyzed were not within the confines of the law, why bother with updates to step out of legality, we never were insi

  • by Qbertino (265505) on Tuesday October 11, 2011 @01:35PM (#37681218)

    This whole German 'Federal Trojan' thing is blowing up in the faces of the conservative right, just as we speak. Just like with the Websperren and IP storaging thing. Wonderfull sight to look at. I'm currently sitting back, watching the fray unravel before me and enjoying my popcorn.

    The supreme court will cancel this crapshot (once again) These guys have been doing overtime ever since Schäuble was Minister for Internal Affairs.

    The press is having a field day, opposition in parliament will be anal-probing the responible, Schäuble, Von der Leyen and Co. will be backpedaling yet again and the pirate party will get pushed from an allready impressive 8% all the way beyond 10% in the polls nationwide. Well done. The Chaos Computer Club saved the day once again (kudos and thank go out to them) and the professional required-by-law privacy protection experts are all over this like a cheap suit.
    Gotta love it.
    Nothing beats a 50ies+ old-school roughneck polititian screwing around with them internets and accompaning laws and falling flat on his face a year or two later.
    Wonderfull, just wonderfull.

    My 2 cents.

    • by vorlich (972710)
      Qbertino's analysis of the present situation is well observed and accurate and his English(!) is certainly vastly superior to my German, despite my long residence here. This is the hot topic of my friends and family here. They are not happy!
      No hang on English understatement could be misunderstood.
      THEY ARE ABSO- F@#KING-LUTELY OUTRAGED-SCREAMING BLUE MURDER!
      That's better.
      Kudos to the Chaos Computer Club for all their efforts on this and it really makes that 70 euro membership very, very justifiable wha
    • by snowgirl (978879)

      Yeah, I see people talking about "surprise surprise, the Germans are doing this nasty shit", and I'm like, uh... they're not going to get away with it. The US government has done some outright horrible crap as well, but no one jumps on their case for NSA warrant-less wiretaps (just as bad as this) because they were never ruled by a fascist government.

      The fact is that Germany has learned its lesson well, and the German people aren't going to just lay down and take this. If anything there is a strong reaction

  • Call me paranoid, but with Germany's police track record [wikipedia.org], I have few doubts that they'll just organize some fake (or real) terrorist attacks to get rid of these negative headlines and get the people back into sheeple mode ... It may have already started [diplomunion.com].

Stupidity, like virtue, is its own reward.

Working...