German State Malware Cracked and Exposed

by Simon Fodden

Last month the respected German national newspaper Frankfurter Allgemeine (FAZ) published an exposé in its Sunday edition Feuilleton about a German government computer surveillance program introduced into citizens’ computers some years ago and the ease with which it can be cracked and misused. The Staatstrojaner, or “state trojan,” is a key-logging program that can record everything entered into an infected computer via the keyboard, and, in this case I believe, control the computer to some degree.

The newspaper’s exposé is available in English as a PDF file via Edge.

To uncover and reverse engineer the trojan, FAZ teamed up with Chaos Computer Club (CCC) hackers, an unlikely partnership indeed for a right of centre newspaper.

The German constitutional court ruling in 2008:

sets severe restrictions on the secret services and investigation authorities when they seek permission to infiltrate computers in Germany for the purpose of extracting data and surveying core privacy.

Nevertheless, FAZ points out,

Representatives of the investigation authorities and the government have vehemently argued in the Karlsruhe discussion that they need to capture all encrypted communication on a suspect’s PC before they become encrypted. The court does not want to completely obstruct this and have permitted “source telecommunication surveillance” – though only “when the surveillance is limited to data from an ongoing telecommunications process. This is to be enforced through technical and legal means.”

The newspaper’s central concern is that the trojan with which computers are infected is itself insecure and can be easily reprogrammed to violate the restrictions and, indeed, to plant evidence on the host computer. Their partners in this exposé, CCC, were able to do just that.

If you have some notion that encryption is a workable way of frustrating snoops, governmental or otherwise, or that “the authorities” know what they’re doing to such a degree that their intrusions into citizens’ digital lives will be surgical and secure, as it were, you would do well to read this careful, thoughtful piece.

Comments

David Collier-Brown

November 7th, 2011 at 2:13 pm

We saw this same problem before, in miniature when Sony infected customer PCs with a virus. The virus was used to transmit a DRM (digital rights management) program, but the act of cracking the computer’s skull open left its tiny little brain exposed for any other viruses which came along.

Some days I start to think we all should be running B-1 level (military grade) secure systems on our laptops (;-))

–dave

Most Recent Comments

Gerald Genge, LL.M., P.Eng on Democratizing Justice, Whose Problem Is It?:

While A2J is reasonably the responsibility of the state one must decide what that looks like. The bandwidth for funding… more »
Sarah A. Sutherland on What if Access to Justice Was Never Going to Lead to Poverty Alleviation?:

Thank you Noel. The clinics sound like a great example of programming targeting poverty alleviation. more »
Noel Semple on What if Access to Justice Was Never Going to Lead to Poverty Alleviation?:

This is a very apt and important point. It reminds me one initiative consciously designed to both improve A2J and… more »
Annette Demers on Anticipating AI-Generated Law Journal Submissions:

Thanks for this Dylan! Glad to have some feedback on this and I'm wondering what others think? more »

+ -

Thursday Thinkpiece: Internationally-Trained Lawyers Need More Than Just NCA Exams

R. v. Bykovets: SCC Recognized Privacy Rights for IP Addresses

Sharenthood: Turning Childhood Into Lucrative Content

Democratizing Justice, Whose Problem Is It?

What if Access to Justice Was Never Going to Lead to Poverty Alleviation?

The Court of Owls… and Other Things That Mean Different Things to Different People

German State Malware Cracked and Exposed

Comments