Belgian Court Orders Blocking Of The Wrong PirateBay Domain

Hackers Claim That German Officials Have A Backdoor Trojan For Spying On Skype... Which Is A Huge Security Risk

from the breaking-the-internet dept

Mon, Oct 10th 2011 4:13pm — Mike Masnick

For many years various governments have complained about the fact that Skype communications are encrypted, and have demanded backdoors. In the US, the FBI has been pushing hard for such backdoors. There have been some reports of applications that allow for wiretapping Skype, despite its supposed encryption, but not much in the way of details. Now the famed Chaos Computer Club (CCC) is claiming to have reverse engineered the "lawful interception" trojan being used by German law enforcement.

They got the program after a lawyer whose client was under investigation gave the CCC his client's hard drive, where the group found the code. As frequently happens with these kinds of things, the CCC found that the trojan actually introduces myriad security problems as well:

The analysis concludes, that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice � or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC � owing to the poor craftsmanship that went into this trojan � is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question.

[....]

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", commented a speaker of the CCC. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'".

Even without the fact that more capabilities can be added, the existing software is pretty powerful. It apparently can remotely control the computers that it's on, take screenshots of what's happening on the computer, including emails and personal messages. And yet, time and time again law enforcement asks us to "trust" them when they want the power to secretly install this kind of crap on people's computers?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoor, ccc, germany, hackers, skype, trojan, wiretapping
Companies: skype

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 10 Oct 2011 @ 4:29pm

Of course this is not the first time this happened, it reminds me of the JAP fiasco.

http://en.wikipedia.org/wiki/Java_Anon_Proxy
[ link to this | view in chronology ]
That Anonymous Coward (profile), 10 Oct 2011 @ 4:46pm

The fact they did this after a court told them no really speaks volumes.
They kept the ability to upload files to the system then remove the trojan. Nothing says getting the right guy when you put the files there to burn them.
[ link to this | view in chronology ]
Anonymous Coward, 10 Oct 2011 @ 5:00pm

"could" is a long way from "does".

Unintentional functionality cannot be attributed to malice. The writers try to make it sound like the German government is using a hack to completely open the system for their benefit. I don't think that was their intention, or that they are even aware of any functionality beyond what they asked for originally.
[ link to this | view in chronology ]
- RTFA, 10 Oct 2011 @ 5:22pm
  
  Re:
  Perhaps you missed this when you were perusing the CCC's release:
  
  When arguing about the government authorized infiltration of computers and secretly scanning suspects' hard drives, the former minister of the interior Wolfgang Sch�uble and J�rg Ziercke, BKA's president (BKA, German federal policy agency), have always claimed that the population should not worry because there would only be "a handful" of cases where the trojan would be used at all. Either almost the complete set of government malware has found their way in brown envelopes to the CCC's mailbox, or the truth has been leapfrogged once again by the reality of eavesdropping and "lawful interception".
  
  The other promises made by the officials also are not basis in reality. In 2008 the CCC was told that all versions of the "Quellen-TK�" software would manually be hand-crafted for the specifics of each case. The CCC now has access to several software versions of the trojan, and they all use the same hard-coded cryptographic key and do not look hand-crafted at all. Another promise has been that the trojan would be subject to exceptionally strict quality control to make sure the rules set forth by the constitutional court would not be violated. In reality this exceptionally strict quality control has neither found that the key is hard coded, nor that the "encryption" is uni-directional only, nor that there is a back door for uploading and executing further malware. The CCC expressed hope that this farce is not representative for exceptionally strict quality control in federal agencies.
  
  The functionality is there, it is/was likely being abused. I would *love* to expect more from a government agency...but that is simply impossible. Time and time again if you give law enforcement/government an inch and tell them they cant do certain things it is only a short time later that it comes out that they redoubled their efforts after being told not to do such things.
  [ link to this | view in chronology ]
- Anonymous Coward, 10 Oct 2011 @ 5:22pm
  
  Re:
  I thought criminal incompetence was in tort law.
  [ link to this | view in chronology ]
  - Anonymous Coward, 10 Oct 2011 @ 5:39pm
    
    Re: Re:
    They do have laws about negligence :)
    http://en.wikipedia.org/wiki/Negligence
    
    http://writ.news.findlaw.com/sebok/20010723.html
    
    h ttp://en.wikipedia.org/wiki/B%C3%BCrgerliches_Gesetzbuch
    http://en.wikipedia.org/wiki/Law_of_Obliga tions
    
    http://www.cgerli.org/index.php?id=30
    [ link to this | view in chronology ]
  - Anonymous Coward, 10 Oct 2011 @ 5:49pm
    
    Re: Re:
    � 241 Duties arising out of the obligation
    
    (1) By virtue of the obligation the obligee is entitled to demand performance from the obligor. Performance may also consist in refraining from doing something.
    
    http://www.iuscomp.org/gla/statutes/BGB.htm#b2s1
    
    Fock! The German government is just screwed.
    [ link to this | view in chronology ]
- Anonymous Coward, 10 Oct 2011 @ 5:30pm
  
  Re: could from does?
  Boy aren't the police (government) lucky that the nice programmer did EXTRA work for FREE. So nice of him/her to add the EXTRA FREE FUNCTIONS.
  [ link to this | view in chronology ]
  - Anonymous Coward, 10 Oct 2011 @ 8:27pm
    
    Re: Re: could from does?
    Oh, so now you're saying that the government is a freetard.
    [ link to this | view in chronology ]
    - Anonymous Coward, 10 Oct 2011 @ 8:27pm
      
      Re: Re: Re: could from does?
      (after all, they take our tax dollars ... for free!)
      [ link to this | view in chronology ]
      - Anonymous Coward, 11 Oct 2011 @ 5:00am
        
        Re: Re: Re: Re: could from does?
        The average joe(no not that one) pay today more in taxes than ever in history, not even in the middle ages people paid that much tax.
        
        Maybe because people got mad and started bloody revolutions.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 11 Oct 2011 @ 12:21pm
        
        Re: Re: Re: Re: Re: could from does?
        Citation please, because this is demonstrably false (if you're talking about the US. I don't know about Germany).
        [ link to this | view in chronology ]
- wizened (profile), 10 Oct 2011 @ 6:57pm
  
  Re:
  And there you have it, direct from the German Government's PR department. Must be true.
  [ link to this | view in chronology ]
- Anonymous Coward, 10 Oct 2011 @ 7:30pm
  
  Re:
  Unintentional functionality cannot be attributed to malice.
  
  Have you ever analyzed any code?
  
  I'm just asking, because I'd like to hear your explanation for how entire functions that implement these capabilities just happen to "accidentally" end up in there. Do you think perhaps an errant cut-and-paste? Or that some random typing is responsible? Maybe the authors were just trying to write something else and it spontaneously mutated. Yep, that must be it; no way any government would craft malware designed to exceed their authority or to facilitate easy entrapment.
  [ link to this | view in chronology ]
- The eejit (profile), 10 Oct 2011 @ 11:21pm
  
  Re:
  Don't governments have a responsibility to help their governees? I mean after all it isn't called the Public In-
  
  Sorry, couldn't keep typing with a straight face anymore.
  [ link to this | view in chronology ]
  - Chargone (profile), 11 Oct 2011 @ 4:46am
    
    Re: Re:
    sad but true.
    [ link to this | view in chronology ]
- Trails (profile), 11 Oct 2011 @ 3:27am
  
  Re:
  "Unintentional functionality cannot be attributed to malice."
  
  Unintentional? How so? They meant to write System.out.println("hello world"); but due to a typo, they wrote an executable extension framework? Given that at least some of this stuff isn't attributable to stupidity, but demonstrates intent, there is at least some unarguable malice.
  
  "The writers try to make it sound like the German government is using a hack to completely open the system for their benefit."
  
  Let me explain something clearly: the German government is using a hack to completely open the system for their benefit. This is like installing a GPS tracker on a car that can also be used to remotely control the car by anyone with a cell phone. It is negligent in the extreme, at best.
  
  "I don't think that was their intention, or that they are even aware of any functionality beyond what they asked for originally."
  
  And you base this on their requirements doc and the technical design they reviewed and approve, which you of course have access to? You make a lot of assumptions about their intent. Where does this come from?
  [ link to this | view in chronology ]
- techflaws.org (profile), 11 Oct 2011 @ 11:52am
  
  Re:
  Unintentional functionality cannot be attributed to malice.
  
  It isn't unintentional but intentional and unconstituitonal. The German consitution court ruled that intercepting (VOIP) phone calls at the source (before being encrypted by the Skype client) is allowed but that's all.
  
  The thousands of screenshots taken by the trojan in that particular case were done so illegally but purposefully.
  
  In a radio interview the head of the German police union (GDP) insisted that there was a gap in the law that would allow this albeit the ruling is crystal clear.
  [ link to this | view in chronology ]
Anonymous Coward, 10 Oct 2011 @ 5:19pm

ZRTP and SRTP

http://en.wikipedia.org/wiki/ZRTP
http://en.wikipedia.org/wiki/Secure_Real-time_Transport_P rotocol

Twinkle uses ZRTP.
http://en.wikipedia.org/wiki/Twinkle_%28software%29

http://en.wikipedia.org/wiki/Compariso n_of_VoIP_software

Sandboxes:

http://blog.bodhizazen.net/linux/selinux-sandbox/
[ link to this | view in chronology ]
Pixelation, 10 Oct 2011 @ 10:31pm

Next will come the bot-net to exploit computers with this government hack. Then we will find out just how many have been compromised already. Nicely done!
[ link to this | view in chronology ]
- Jeffhole (profile), 11 Oct 2011 @ 2:56pm
  
  Re:
  Botnet operators have known about this for a while and they do, indeed, make use of it ;)
  [ link to this | view in chronology ]
Anonymous Coward, 10 Oct 2011 @ 11:59pm

Open source FTW
[ link to this | view in chronology ]
Anonymous Coward, 11 Oct 2011 @ 10:48am

This is absolutely spine chilling.
[ link to this | view in chronology ]
Zaynah, 16 Oct 2011 @ 1:03pm

Cyber War
I was on MUSLIMA dot com.
I received 2 Letters of correspondence from HIGH RANK Government officials. One US the other UK . The UK Officials contacted me Via skype . From here the exploit goes into the Laptop as a trojan exploit and possibly plants evidence there. Has all the footprints of the Israelis . Cover your asses folks. Politicians not voting to their likes find themselves prosecuted for haveing Child porn on their PC . or worse yet... a meltdown.
[ link to this | view in chronology ]
Ava Aseron, 14 Jan 2015 @ 11:39am

Spying on Skype
I read a different article wherein T mobile in Germany bans Skype application for Iphone and Blackberry. Wondering if this article has a correlation to the other. How legitimate is this? Kinda freaky knowing somebody else can access my personal conversation and transactions thru Skype if this is true.
[ link to this | view in chronology ]
Diaa Attia, 14 Jan 2015 @ 1:45pm

Native speakers
What spying? I don't think that it always goes that way, I wonderfully practiced my German language with native speakers without spying through this website http://preply.com/en/german-by-skype and I am fully satisfied with the quality presented !!
[ link to this | view in chronology ]