German police accused of using spyware
The hacker organization Chaos Computer Club (CCC) carried out reverse engineering and analysis of the Bundestrojaner program, which is supposedly used by German police to spy on users.
Staatstrojaner binaries
Analysis of the functional program (him.) (PDF)
Bundestrojaner (“state trojan”) collects private information and has the functionality of a backdoor, that is, it allows the loading and execution of arbitrary code on the user's computer. It is possible that similar tools are in the arsenal of law enforcement services and other countries.
Spyware for secretly recording Internet telephony on users' personal PCs was legalized by the decision of the German Constitutional Court of February 27, 2008. At that time, the object of consideration was the Quellen-TKĂś program, which performed remote VoIP tapping. However, the functionality of Bundestrojaner extends much further than the remote recording of telephone conversations over VoIP, and therefore contradicts the decision of the Constitutional Court, according to the Chaos Computer Club. After analyzing the code, they are sure that the developers did not even try to comply with the restrictions that the Constitutional Court imposed on them.
')
Bundestrojaner is able to remotely activate the microphone and camera on the user's computer, which allows the possibility of listening to conversations in the room. It also sends screenshots of the screen, that is, it gives access to the user's private information. As already mentioned, the program has the functionality of a backdoor - that is, it can perform any functions: for example, through this channel you can download fake “clues” to the victim’s computer, delete files, etc.
Worse, representatives of Chaos Computer Club point out that, due to significant flaws in the architecture and implementation of the program, managing infected PCs is actually available not only to police representatives, but also to an outside attacker. Screenshots and audio files sent from a PC are poorly encrypted, and control commands are not encrypted at all. As proof, they wrote their own command program that allows you to manage an infected PC and retrieve data from it. Finally, even a low-skilled hacker is able to make a fake instance and send fake data to the police.
The program was sent to CCC anonymously. Its authenticity has not been proven one hundred percent, because the command center could not be calculated, commands are received through anonymous proxies (among others, the IP addresses 83.236.140.90 and 207.158.22.134 are used). Since the Chaos Computer Club had sent a warning to the German Ministry of the Interior in advance, by now they already had enough time to cover their tracks and refute the fact of using this program.
According to representatives of the Chaos Computer Club, this example proves once again that state law enforcement agencies are prone to exceeding their own powers if they are not carefully supervised.
In this situation, it is not surprising that the popularity of the Pirate Party in Germany rose to a record 8%. Recall that one of the goals of this movement is to ensure full informational transparency with regard to the activities of state structures, including law enforcement agencies.
PS Antivirus company F-Secure has decided to add a “state trojan” to the list of malware, which is determined by antivirus (Backdoor: W32 / R2D2.A).
Staatstrojaner binaries
Analysis of the functional program (him.) (PDF)
Bundestrojaner (“state trojan”) collects private information and has the functionality of a backdoor, that is, it allows the loading and execution of arbitrary code on the user's computer. It is possible that similar tools are in the arsenal of law enforcement services and other countries.
Spyware for secretly recording Internet telephony on users' personal PCs was legalized by the decision of the German Constitutional Court of February 27, 2008. At that time, the object of consideration was the Quellen-TKĂś program, which performed remote VoIP tapping. However, the functionality of Bundestrojaner extends much further than the remote recording of telephone conversations over VoIP, and therefore contradicts the decision of the Constitutional Court, according to the Chaos Computer Club. After analyzing the code, they are sure that the developers did not even try to comply with the restrictions that the Constitutional Court imposed on them.
')
Bundestrojaner is able to remotely activate the microphone and camera on the user's computer, which allows the possibility of listening to conversations in the room. It also sends screenshots of the screen, that is, it gives access to the user's private information. As already mentioned, the program has the functionality of a backdoor - that is, it can perform any functions: for example, through this channel you can download fake “clues” to the victim’s computer, delete files, etc.
Worse, representatives of Chaos Computer Club point out that, due to significant flaws in the architecture and implementation of the program, managing infected PCs is actually available not only to police representatives, but also to an outside attacker. Screenshots and audio files sent from a PC are poorly encrypted, and control commands are not encrypted at all. As proof, they wrote their own command program that allows you to manage an infected PC and retrieve data from it. Finally, even a low-skilled hacker is able to make a fake instance and send fake data to the police.
The program was sent to CCC anonymously. Its authenticity has not been proven one hundred percent, because the command center could not be calculated, commands are received through anonymous proxies (among others, the IP addresses 83.236.140.90 and 207.158.22.134 are used). Since the Chaos Computer Club had sent a warning to the German Ministry of the Interior in advance, by now they already had enough time to cover their tracks and refute the fact of using this program.
According to representatives of the Chaos Computer Club, this example proves once again that state law enforcement agencies are prone to exceeding their own powers if they are not carefully supervised.
In this situation, it is not surprising that the popularity of the Pirate Party in Germany rose to a record 8%. Recall that one of the goals of this movement is to ensure full informational transparency with regard to the activities of state structures, including law enforcement agencies.
PS Antivirus company F-Secure has decided to add a “state trojan” to the list of malware, which is determined by antivirus (Backdoor: W32 / R2D2.A).
Source: https://habr.com/ru/post/130095/
All Articles