German State Confesses To, Downplays Government Spyware 104
First time accepted submitter clickforfreepizza writes with this news on the German 'state trojan' analyzed by the CCC: '[The] Bavarian Interior Minister [confirmed] that state officials had indeed used the software, but argued that the use had been conducted legally. [...] [A] lawyer said his client had had the software in question installed on his computer during a customs check. That software, which could be legally used for monitoring telecommunications, had been altered to allow it to grab screen shots.'
The H's sister site heise.de reports this case involves nothing like terrorism, but legal substances which 'may become' illegal when exported. (German original) The Bavarian press release (German original) also says the code analyzed by the CCC might be an earlier test version."
I'm so disappointed in you Germany (Score:5, Funny)
I just can't believe that *Germans* would engage in such heavy-handed government repression.
Re: (Score:1)
In his best Sgt Schultz voice "I see nothing"
Re: (Score:1)
Re: (Score:1)
I just can't believe that *Germans* would engage in such heavy-handed government repression.
Seriously, is there a nationality you could sub in there that would not make this funny?
I just can't believe that *French* would engage in such heavy-handed government repression.
I just can't believe that *British* would engage in such heavy-handed government repression.
I just can't believe that *Americans* would engage in such heavy-handed government repression.
I just can't believe that *Russians* would engage in such heavy-handed government repression.
I just can't believe that *Chinese* would engage in such heavy-handed government repression.
I just can't believe that *Canadians* would engage in such heavy-handed government repression.
Even that last one works.
Yes, change it to any Islamic regime and the liberals will have a field day telling you how unfunny it is.
I just can't believe that *Iranians* would engage in such heavy-handed government repression.
I just can't believe that *Pakistanis* would engage in such heavy-handed government repression.
Re: (Score:2)
Um... Why would liberals have a problem with calling out some of the most oppressive anti liberal regimes in the world? I suspect you may be confused about what being liberal is all about.
Re: (Score:1)
Re: (Score:2)
Um... Why would liberals have a problem with calling out some of the most oppressive anti liberal regimes in the world? I suspect you may be confused about what being liberal is all about.
The way I understand it from watching the only fair and balanced news channel in the world, being liberal is all about being wrong. Am I missing something?
</straight_face>
Re: (Score:2)
The way I understand it from watching the only fair and balanced news channel in the world, being liberal is all about being wrong. Am I missing something?
</straight_face>
Re: (Score:2, Troll)
No. No they were not. They are oppressive authoritarian regimes who use fear, violence and lies to suppress their people. They are anti liberal.
Re: (Score:3, Informative)
Yes, change it to any Islamic regime and the liberals will have a field day telling you how unfunny it is.
I just can't believe that *Iranians* would engage in such heavy-handed government repression.
I just can't believe that *Pakistanis* would engage in such heavy-handed government repression.
Really? On what do you base this remarkable assertion? Oh..., right; the blathering of right-wing talking heads. If you'd bother to pull your head out of your ass, and look around, you'd find that most of the people you've labeled "liberal", will be soundly against human rights violations such as the one described in TFA.
Re: (Score:2)
Yes, change it to any Islamic regime and the liberals will have a field day telling you how unfunny it is.
I just can't believe that *Iranians* would engage in such heavy-handed government repression.
I just can't believe that *Pakistanis* would engage in such heavy-handed government repression.
Really? On what do you base this remarkable assertion? Oh..., right; the blathering of right-wing talking heads. If you'd bother to pull your head out of your ass, and look around, you'd find that most of the people you've labeled "liberal", will be soundly against human rights violations such as the one described in TFA.
Point proven I think
Re: (Score:2)
I just can't believe that *Germans* would engage in such heavy-handed government repression.
Seriously, is there a nationality you could sub in there that would not make this funny?
I just can't believe that *French* would engage in such heavy-handed government repression.
I just can't believe that *British* would engage in such heavy-handed government repression.
I just can't believe that *Americans* would engage in such heavy-handed government repression.
I just can't believe that *Russians* would engage in such heavy-handed government repression.
I just can't believe that *Chinese* would engage in such heavy-handed government repression.
I just can't believe that *Canadians* would engage in such heavy-handed government repression.
Even that last one works.
Yes, change it to any Islamic regime and the liberals will have a field day telling you how unfunny it is.
I just can't believe that *Iranians* would engage in such heavy-handed government repression.
I just can't believe that *Pakistanis* would engage in such heavy-handed government repression.
I just can't believe that *Corporations* would engage in such heavy-handed government repression.
FTFY
Re: (Score:2)
Germany didn't start WW1, it started pretty much by itself. One guy got murdered and a ton of automatic defense treaties triggered so suddenly Europe was at war.
Re: (Score:2)
Germany didn't start WW1, it started pretty much by itself. One guy got murdered and a ton of automatic defense treaties triggered so suddenly Europe was at war.
And the banksters keep getting richer.
Re:I'm so disappointed in you Germany (Score:5, Funny)
Heaven: Where the chefs are French, the police British, the carmakers German, and the lovers Italian, all organized by the Swiss.
Hell: Where the chefs are British, the police German, the carmakers French, the lovers Swiss, all organized by the Italians.
Re: (Score:1)
Re: (Score:2)
Disclaimer: I actually like Italian cuisine much more than French. I also am not really a fan of many things French, but cooking is one of the things I can't fault them for.
Re: (Score:2)
Re: (Score:3, Insightful)
Hell: Where the chefs are British, the police German, the carmakers French, the lovers Swiss, all organized by the Italians.
And the accountants are Greek.
Re: (Score:2)
Re:I'm so disappointed in you Germany (Score:5, Funny)
I heard another one like this:
Heaven is a British home, a Chinese chef, an American salary and a Japanese wife.
Hell is a Japanese home, a British chef, a Chinese salary and an American wife.
Re: (Score:2)
I would change it to: Heaven is an American home (nice and big, generally well built), A Chinese/French/Italian chef, a Norwegian salary, and a Japanese wife.
Hell is a British home (I know, I have lived in a few, and compared to Norweg
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
I've always had this theory...
What if the hard drive is removed prior to passing through the checkpoint. Or rather shipped separately, so I'd be passing through with a non-functioning laptop. Never tried it, I don't bring a laptop on vacation, f that, but what about for people who travel international? I don't think a hard drive would get searched in baggage in it's off state.
Re: (Score:2)
Likely successful and even simpler, get a second hard drive. Pack one in your checked baggage (most people check at least one bag flying internationally I think) inside an anti-static bag with your "real" OS and data, put a second cheap one into the laptop with a basic Windows (or Linux to save even more money) install and maybe a game or some non-sensitive work stuff to keep you occupied on the flight. Like you say, I doubt they'd make you install and check a second drive, especially if it were sealed up
Re: (Score:1)
Right, that would definitely work, my goal would be to prevent the intrusive government from installing anything on my computer and not wasting any time. I would be a little paranoid of that second hard drive within the scope of this article, since the government probably has rootkit grade stuff. But now that I think of, add have a system imagine from ghost or something and flash back to that every flight on your 2nd hard drive and that would kill the root kits. I'm thinking more along the lines of peopl
".. has been altered ..." (Score:2)
It actually hasn't been altered but retains its initial functionality even though a prominent decision by Germany's constitutional court requires the abilities to be limited to tapping into digital phone calls.
They simply didn't castrate the program, violating that court order in the process.
Re:".. has been altered ..." (Score:5, Insightful)
There are some government powers for which safeguards against abuse simply are not sufficient. The power itself must be taken away, because the eventual abuse cannot be worth any beneficial uses it might have.
Re: (Score:3)
Re: (Score:1)
They tried taking power away in the United States, with the interesting idea of only providing enumerated powers to the [federal] government, and setting up checks and balances to keep things that way.
Look at how well that is turning out...
Well, the corporations figured out that sending checks to the government works better, because it increases the balance on their bank account.
Re: (Score:2)
Indeed, and of all the political parties trying to use this mess to their advantage at the moment the only ones who grasp this point are the Pirate Party.
""Es gibt keinerlei Möglichkeit, einen Trojaner zu installieren, der den rechtlichen Erfordernissen entspricht." Ein Richter könne nie nachweisen, ob Beweismittel auf Computern eines Überwachten nachträglich verändert wurden."
In English:
"There is no possible way to install a trojan that satisfies the legal requirements*. A judge ca
Re: (Score:2)
Pray they do not alter it any further.
Re: (Score:2)
Seems like you're still rather new to this whole "reading" thing.
Re: (Score:2)
No, I'm just plenty willing to abandon accuracy for a cheap pop culture reference.
One simple question. (Score:4, Interesting)
Re: (Score:2)
Re: (Score:1)
Re:One simple question. (Score:4, Informative)
The lawyer of one person who had this spyware on his laptop claims that it was installed by customs officers at the Munich airport. Apparently there have also been cases where the police secretly broke into the apartment of a suspect (and claims the break in was covered by a simple search warrant).
The version analyzed by the CCC only works on Windows (32 bit). It is unclear whether additional versions exist.
Re:One simple question. (Score:5, Informative)
Someone else mentioned installing it at the border -- yet another reason for completely wiping the system before and after a border check. There are two known cases where this happened. In another case, they broke into someone's home and installed the software on two computers. None of these cases involved terrorism, or child abuse, for that matter.
Source (German, obviously): http://taz.de/Staatstrojaner-gegen-Drogendealer/!79701/ [taz.de]
F-Secure has the installer (Score:1)
F-Secure has the installer: http://www.f-secure.com/weblog/archives/00002250.html [f-secure.com]
Re: (Score:2)
And I have still this one simple question: How are the infecting the systems
In this case, the software was probably installed during a "check" at customs when the victim came home from an international trip.
But the article also mentioned that in other cases it was installed using "black bag" operations (i.e. "legal" burglaries).
and is it cross-platform?
probably not. And the fact that the CCC learned about so many cases of use seems to indicate to me that even a moderately intelligent windows user would notice that something is amiss...
Re: (Score:2)
This may be a good case for a TPM on computers. A "black bag" operation would then force the user to have to pull out a recovery key in order to boot the attacked machine.
Of course, one can theorize about a backdoor in a TPM, but that would require a lot of international cooperation, a lot more than just using an "official" keylogger.
Re: (Score:2)
one can theorize about a backdoor in a TPM, but that would require a lot of international cooperation, a lot more than just using an "official" keylogger.
So, it might make the German users safer against these shenanigans, but what about the US users?
And if well done, the TPM could actually be abused to seamlessly hide any Trojans, so the NSA might even entrust the German authorities with the secret, without fear of the CCC discovering it...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Planted? Oh please, not us, we're the good guys. Here's the modus operandi:
1. Install trojan
2. Plant evidence
3. Get search warrant (with screenshots of the evidence)
4. Delete trojan
5. Seize equipment and have it analyzed.
Trojan? What trojan?
Digitask (Score:5, Informative)
Vaguely referenced in the original heise.de article the company responsible for programming the trojan is "digitask". They charged neighboring Bavarian state Baden-Württemberg 1,2 million Euros for some components of the software in 2007. From the Spiegel article below also looks like digitask was being commissioned to implement a complete digital "Big Brother" system from certain states. So looks like more German states than just Bavaria are implicated in this.
source german: http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791112,00.html [spiegel.de]
Also another English article from spiegel :http://www.spiegel.de/international/germany/0,1518,790944,00.html
Re:Digitask (Score:4, Informative)
Re: (Score:1)
Re: (Score:3)
And DigiTask is owned by Deloitte. And Otto Schily, former minister of the interior, is one of the chairmen of Deloitte.
Re: (Score:2)
Yes, thanks to sloppy wording there could even be trouble if you're using Wireshark to analyze traffic on a network you're doing maintenance for.
Re: (Score:2)
Thanks to the sloppy wording even vi is a hacking tool.
In a nutshell, just ignore it. You're guilty anyway, why bother trying to uphold a law you break by existing?
deja vu? (Score:1)
nobody has the intention of building a surveillance state [wikipedia.org]!
For those who don't RTFA (Score:2)
The programme had been used in 2009, he said.
Re: (Score:2)
Erich Mielke would be so proud. His dream finally comes true.
That it's in Bavaria, the country with the most die-hard right leaning government in Germany (seriously, no change in power since WW2, always a CSU dominated state), must really fill the old man with pride.
Downplaying for sure (Score:2)
A - (old/pre version) CCC had several sources/versions of the trojan to examine, they were very similar or identical (obeying the same US command center)
B - (info not mentioned) News sources (German Radio in particular) never mention that all information gathered (thousands - 60? of screen shots in the airport-laptop infection case) went through the hard coded IP address (207.158.22.134) of the trojan command center's US server(s). Maybe that's below people's event horizon?
they were after skype/ssl.in 2007.. (Score:2)
http://wikileaks.org/wiki/Skype_and_SSL_Interception_letters_-_Bavaria_-_Digitaskwikili [wikileaks.org] wikileaks has something on digitask...
Some background info (Score:5, Informative)
The issue is ore complex.
First of all the german supreme court denied "the police" the right to have such a program in the extend it is used now. Important functionallity, like uploading and installing additional additional components was not allowed. Also a "search warrant" was required to install it.
In the given cases it seems the police just did what they pleased.
On top of that the "Police Trojan" is a true backdoor. It allows loading of arbitrary code via the internet. It allows remote control and screenshots, so you easy can remote control type a compromising email, screen shot it and thus forge evidence.
And on TOP OF THAT they included (forbidden by the supreme court) the option to activate cameras and microphones without the notice of the owner.
By that they are able to record innocent by standers, or take naked photos of people in the living room etc.
The outcry is so big that one of the most conservative german news papers (Frankfurter Allgemeine Zeitung, FAZ) printed the dissasembled code in the "feature pages" (feuilleton) with comments added by the Hackers from Chaos Computer Club.
Re: (Score:2)
just because the functionality exists does not imply that it was actually used - it's completely unclear whether the police/customs/federal police having a too powerful tool at their disposal is a legal problem as long as they don't use the offending functionality
For some the temptation may be too great. Why not release different versions with functionality appropriate for the situation? As I understand it Germany doesn't have any laws regarding illegally collected evidence being inadmissible. In this instance it seems like a conflict of interest.
Re: (Score:1)
If they don't have any spesific laws on the issue allowing parts of the goverment black holes that enable them to do such things, its illegal.
Now, where are the heads that will roll?
Re: (Score:2)
If they don't have any spesific laws on the issue allowing parts of the goverment black holes that enable them to do such things, its illegal. Now, where are the heads that will roll?
I'd like to clarify my comment. The federal courts have already weighed in on the use such software and from what has been uncovered by reviewing disassembled program it doesn't appear to be lawful. I don't condone the use of software like this and my post discusses nothing about the legality of the tool only that evidence collected is admissible (which is cause for alarm). I wrote my comment with the assumption that the reader is informed about the rulings of the German courts.
Several German states admit to use of the software (Score:3)
Several additional German states have admitted to deploying spyware in order to investigate serious criminal offenses, according to regional media sources. The interior ministers of the states of Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony said that regional police had used the software within the parameters of the law. In Lower Saxony, the software has been in use for two years, according to the public broadcaster NDR. Authorities in Brandenburg, meanwhile, told the daily Berliner Morgenpost that they are currently using the spyware in a single, on-going investigation. Baden-Württemberg has also used such software to investigate "individual cases," according to the Badische Zeitung. The interior ministry in the western state North Rhine-Westphalia also admitted that police had used the software in two instances, both of which had been approved by a judge. The news agency dpa reported that both cases had involved serious drug crimes....
See the article [dw-world.de] (in English) for the full text.
Re: (Score:1)
Legally? (Score:2)
There is NO way to use spyware that has the ability to update itself at the whim of its controller legally unless "anything goes" has been made legal for law enforcement. And, pointedly, the Bundesverfassungsgericht (federal constitutional court) explicitly said it ain't so! One could argue if due process and diligence was in place, but I see no trace thereof. Hell, even the versions the CCC analyzed were not within the confines of the law, why bother with updates to step out of legality, we never were insi
Good stuff happening over here in that dept. (Score:3)
This whole German 'Federal Trojan' thing is blowing up in the faces of the conservative right, just as we speak. Just like with the Websperren and IP storaging thing. Wonderfull sight to look at. I'm currently sitting back, watching the fray unravel before me and enjoying my popcorn.
The supreme court will cancel this crapshot (once again) These guys have been doing overtime ever since Schäuble was Minister for Internal Affairs.
The press is having a field day, opposition in parliament will be anal-probing the responible, Schäuble, Von der Leyen and Co. will be backpedaling yet again and the pirate party will get pushed from an allready impressive 8% all the way beyond 10% in the polls nationwide. Well done. The Chaos Computer Club saved the day once again (kudos and thank go out to them) and the professional required-by-law privacy protection experts are all over this like a cheap suit.
Gotta love it.
Nothing beats a 50ies+ old-school roughneck polititian screwing around with them internets and accompaning laws and falling flat on his face a year or two later.
Wonderfull, just wonderfull.
My 2 cents.
Re: (Score:2)
No hang on English understatement could be misunderstood.
THEY ARE ABSO- F@#KING-LUTELY OUTRAGED-SCREAMING BLUE MURDER!
That's better.
Kudos to the Chaos Computer Club for all their efforts on this and it really makes that 70 euro membership very, very justifiable wha
Re: (Score:2)
Yeah, I see people talking about "surprise surprise, the Germans are doing this nasty shit", and I'm like, uh... they're not going to get away with it. The US government has done some outright horrible crap as well, but no one jumps on their case for NSA warrant-less wiretaps (just as bad as this) because they were never ruled by a fascist government.
The fact is that Germany has learned its lesson well, and the German people aren't going to just lay down and take this. If anything there is a strong reaction
They'll just bomb it away ... (Score:2)
Re: (Score:1)
Don't over-generalize. Yes, many people in Bavaria vote CSU, but not all (I don't, for one). And actually the number of people doing so is declining (the CSU already lost the absolute majority in Bavaria, and it is already speculated that after next elections, they might not even get enough votes to get into government again).
Also, part of the problem may be that the Bavarian SPD has a
Re: (Score:2)
ALREADY? They ruled since WW2 without a moment of pause for reality to get into that country, you call that ALREADY?
I call that "about damn friggin' time"!
Re: (Score:1)
Yes, it's already speculated, because it's still two years to the election.
Well, that's factually wrong (although not too far from the truth). They didn't rule from 1954 to 1957.
Re: (Score:2)
Anyway, Servus to a fellow Bavarian slashdotter.
Re: (Score:1)
Well, this is veering off-topic, but do you really believe Ude can do it? He's popular in Munich, true, but outside of it? Besides, who else is there to fill the ranks as ministers and secretaries? As much as I'd love to see the CSU go next time, I'll only believe it when I see it.
Anyway, Servus to a fellow Bavarian slashdotter.
Well, it will certainly not be because of Ude alone, but it certainly helps if there's a candidate which you at least have heard of before (but then, I might overestimate that because I'm originally from Oberbayern). There's also the all-time low of the FDP (which I hope will continue until then). OTOH, the Grüne are currently quite strong; it will be seen how much they can save until 2013. I doubt that the CSU will again get absolute majority, therefore I see a real chance to get a change (even more s
Re: (Score:2)