Backdoor R2D2 ~ Government Trojan discovered by Chaos Computer ClubNov 27th, 2011 | By admin | Category: BFTC Featured, Communications, In the News
The Famous European hacker club, Chaos Computer Club (CCC) discovered the backdoor Trojan horse capable of spying on online activity and recording Skype internet calls which, it says, is used by the German police force.
For some years, German courts have allowed the police to deploy a Trojan known colloquially as “Bundestrojaner” (“State Trojan”) to record Skype conversations, if they have legal permission for a wiretap.
But the CCC’s claim is controversial, as the Trojan they have uncovered has more snooping capabilities than that. For instance, it includes functionality to download updates from the internet, to run code remotely and even to allow remote access to the computer – something specifically in violation of Germany’s laws.
The malware has the following of functionality as per the Sophos’s analysis:
* The Trojan can eavesdrop on several communication applications – including Skype, MSN Messenger and Yahoo Messenger.
* The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey.
* The Trojan can take JPEG screenshots of what appears on users’ screens and record Skype audio calls.
* The Trojan attempts to communicate with a remote website.
A CCC spokesperson expressed the group’s concern at the discovery:
“This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired. Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system.”
Was the Trojan horse really written by the German authorities?
We have no way of knowing if the Trojan was written by the German state – and so far, the German authorities aren’t confirming any involvement.
The comments in the Trojan’s binary code could just as easily be planted by someone mischievously wanting the Trojan to be misidentified as the infamous the Bundestrojaner.
What we can say is that the phrase “0zapftis” has raised some eyebrows amongst the German speakers at SophosLabs. It’s a play on a Bavarian phrase “The barrel is open”, said by the mayor of Munich when he opens the first barrel of beer at the Oktoberfest.
But there certainly have been claims of German state-sponsored cyber-spying in the past. For instance, in 2008, there were claims that the BND – Germany’s foreign intelligence service – deployed spyware to monitor the Ministry of Commerce and Industry in Afghanistan.