14 DAY TRIAL // The German government has approved that a new version of the infamous Bundestrojaner (Federal Trojan) malware be used against real-life targets, after authorities have been working on an updated version for the past months.
Bundestrojaner stands for "Federal Trojan," when translated from German. It is one of the first malware families ever created by a government and then deployed against its own citizens.
The Bundestrojaner 2011 scandal
The trojan found itself in the middle of a controversy in 2011 when the German-based Chaos Computer Club (CCC) discovered that Bundestrojaner, also known as R2D2, overstepped its bounds and included more spying capabilities than German authorities initially announced and what the German constitution allowed.
The first version of Bundestrojaner was supposed to allow police officers to tap into Internet and telephony communications, for the sole purpose of wiretapping communications, just like police have been wiretapping phone calls for decades.
CCC researchers showed that the trojan also included additional functionality that allowed German intelligence agencies to open a backdoor on infected computers, take screenshots, and record audio and video via the computer's camera and microphone, breaking a suspect's right to privacy.
Researchers also said that the trojan included an insecure update mechanism, which allowed a remote third-party to take over the trojan and use it for other purposes outside legal investigations.
A media scandal broke out, and a month later, German Justice Minister Sabine Leutheusser-Schnarrenberger had to acknowledge in public that government agencies used this insecure malware in legal investigations, but also made a point to reassure the public that only the wiretapping functions were used, in concordance with the German constitution.
Bundestrojaner v2 makes a comeback five years later
Five years after the Bundestrojaner fiasco, German newspaper Deutschlandfunk is reporting that Germany's Federal Criminal Police has been working on a new version of the trojan, which the German Ministry of Interior has approved for usage starting this week.
This newer version of the Federal Trojan entered development in the autumn of 2015, and before deploying it, police investigators have to obtain a court order.
Besides its in-house developed malware, German police is also a known buyer of the FinFisher spyware developed by German-British surveillance software company Gamma International.