Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Spyware Threats

October 10th, 2011, 06:49 GMT · By Eduard Kovacs

German Government Lawful Interception Tool Not So Legal

SHARE:

Adjust text size:

The German police has the means to track citizens
Enlarge picture
A hacker club called Chaos Computer Club (CCC) got in the possession of a tool that's used by the German authorities to track potential criminals. After a complex analysis, the spyware turned out to lack basic security features, which makes it accessible to almost anyone.

According to CCC, the Quellen-TKÜ is a piece of software developed by the government to tap internet telephony calls and even though it’s supposed to be enforced through technical and legal means, the reality is far from this.

After a reverse engineering process, the hackers noticed that the Trojan, called R2D2, can do a whole lot more, thus violating the regulations imposed by the German constitutional court in 2008, which forbade the use of malware to manipulate the devices of the country's citizens.

The research shows that not only can the tool be utilized to control most part of a computer's hardware and software resources, the poorly implemented safety measures allow for the spy software to be manipulated by someone who wants to do harm.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," revealed a CCC member.

"Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

Even though law enforcement representatives are not allowed to spy on citizens, stating that such Trojans will be used only in certain circumstances and adapted to each situation, the discoveries beg to differ, as all the variants found are basically the same.

Furthermore, the lack of even basic encryption of the data transmitted from the utility is even more concerning.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities," the source further revealed.

"The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'."

Backdoor.R2D2.A Removal Tool 1.0.0.1 is available for download here


2,335 hits · 1 comment
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


DigiNotar Certificates Used to Spy Iranians
LURID Attack Compromises 1456 Computers in 61 Countries
Air Force One Flight Plan Leaked in Japan
US Congress Debates the Movement of Federal Agencies to the Cloud
Telecomix Hackers Leak Syrian Internet Censorship Log Files

READER COMMENTS:


Comment #1 by: Eric on 10 Oct 2011, 19:22 UTC reply to this comment

Yeah cops being complete jerks isn't news, it's policy.

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use