Swiss to Use Spyware to Listen to VoIP

An anonymous reader writes "Heise Security is reporting that the Swiss Department of the Environment, Transport, Energy and Communications is entertaining the idea of utilizing the 'Superintendant Trojan', a spyware program designed to allow eavesdropping on VoIP conversations. According to ERA IT Solutions, the creator of the software, it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."

4 words:

[creepynut]

Create it and they will get it.

yea right

[grapeape]

If the trojan can be installed it can be sniffed out and discovered. I give it at tops a week of deployment before someone figures out what it is how it works and backwards engineers it into instant maymem for all the black hats.

Re:yea right

[whoever57]

If the trojan can be installed it can be sniffed out and discovered.

Which then raises the interesting question: how will anti-spyware vendors (including MS) respond to this? There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement, which would be illegal in many jurisdictions.

Re:yea right

[Coldmoon]

"There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement..."

Actually it will turn out to be the exact opposite. Once the program is in the wild and the black hats get their hands on it, both the AV and AS vendors will have no other choice than to add it to their detections.

Regardless of whether the detection is for the original Trojan or not, any subsequent black hat variations found would be added and the original would in all likelihood be flagged due to the particular (add your own term here) scanning technology.

Re:yea right

[surprise_audit]

You know it's only a matter of time before one or more of the NSA, FBI, CIA, TSA, etc deploy their own version, and there'll be encryption involved somewhere so that defeating it will be a DMCA violation and/or an act of terrorism...

Come to think of it, wouldn't it also be a DMCA violation if the government agency's version circumvented any VOIP encryption to eavesdrop?? Not that it really matters, because Bush will pencil-in a clause that makes it OK for his buddies to rape the DMCA all they like...

Hmmm... Anyone tried running a VOIP product in VMWare?? It'll boot a LiveCD ISO and run everything in it, without saving *anything* to disk. Have fun infecting *that* with spyware...

Re:yea right

[ArsenneLupin]

No third party is going to enter your house without your express permission, either, but the police can and will, and there's nothing you can do to stop them.

But that doesn't mean that it is illegal to make locks. So, yes, antivirus and antispyware companies are in their rights to add this to their lists.

I really don't believe this

[El+Cubano]

...it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers...

Do they really think so?

I mean, that completely ignores human nature. Come on.

• radar detectors
• traffic light remotes (the new ones that only emergency vehicles are supposed to have)
• guns in countries where guns are illegal
• police-band radios

All these things have one thing in common: they are not supposed to be accessible to the general public (or at least initially were not supposed to be) and yet they are. Legality does not stop criminals.

Re:I really don't believe this

[wordsnyc]

Scanners that can track trunked digital systems are freely available in the US -- Uniden makes several. But once the digital signal is encrypted, it's illegal to decode it. The FBI and Secret Service use encrypted digital systems.

Re:I really don't believe this

[jimicus]

Legality does not stop criminals.

No kidding. If it did, they wouldn't be criminals.

(As an aside, I wrote to my MP pointing this one out a couple of years ago when they proposed making forging an ID card illegal (it already is anyway). The letter I received back said, in a nutshell, "We know criminals don't obey the law. We're trying to find a solution to that one and anyone who has any ideas is welcome to write to us".)

Firewalls dont present a problem....shhhhure

[Wishful]

Firewalls dont present a problem...........i read this as.....the software connects back to home by connecting to TCP port 80. This is the kind of stupid software developer mentality........everyone allows outbound web browsing right ? (no ... wrong in my case and the company I work for).

The Victim

[NevDull]

Well, the thing about Trojans, is that the victim installs them.

This article is complete and utter bullshit.

"VoIP" is not a single computing platform or implementation.

Re:The Victim

> This article is complete and utter bullshit.

Of course it is. This is just yet another company trying to push its damn product, to get public money, using connections in the government... best example: VeriChip...

Black hats rejoice!

[Mr_Tulip]

The only possible means by which a trojan can get around anti-virus tools, operating systems and firewalls is if the tools themselves have been modified to allow this trojan to work.

I suspect that the software vendors / designers of these tools will be contacted, asked to participate and sign a ND agreement.

All people running software by these vendors will then be susceptible to attacks from this trojan - a trojan which will undoubtedly be in the hands of black hat hackers by then.

Additionally, if this sort of thing becomes common practice, it will result in anti-virus software becoming practically useless, as the virus writers will take advantage of these 'back doors' to create new malware that can mimick the behaviour of the trojans.

Re:Depends.

[Captin+Shmit]

"The ISPs of the persons under investigation will then slip the program onto their computers."

How do they plan on doing that, exactly?

Am I missing something ?

[l0cust]

I read TFA and I was a bit confused. First, I was not sure about where exactly this software is going to be installed

The ISPs of the persons under investigation will then slip the program onto their computers.

This seemed to be saying that it will be installed on the ISP's end which seemed like not such a big deal as ISPs monitor the network data to some extent anyway

The wiretap has some additional functions. For example, the built in microphone on a laptop can be turned on to monitor a room or webcams can be activated. As the latter is usually indicated by an LED, this is unlikely to be useful in practice.

Now it seems more likely that it will be installed on the target's computer. Now it is a spyware. I think it can be compared to planting microphones in the house of a suspect. And they will need a judge's permission before they do it which seems like a sensible thing to do. But unlike a microphone planted in the house, a spyware/trojan can interact with the data on the other end. So what happens when a person discovers this program installed on his system and sues the government for some credit card/personal information stealing (which may or may not have happened) ? I know he is a suspect but the fact that they needed to plant a spyware on his system means that they did not have enough evidence to refute his claims by saying that he is a terrorist or dangerous criminal and get away with the charge easily. This all is ignoring the fact that the program ever makes to the hands of the Black Hat community (which is inevitable as already mentioned by a lot of people).

He can atleast argue that installing a spyware in his system made it insecure in some way which led to the theft or something to this tune. I don't know the technicalities of the software in question but I am sure the judges won't exactly be experts in this domain either.

Dear Swiss People

[SQLz]

Welcome to the USA!!!

Re:Depends.

[TCM]

Well, the ISP basically controls how you view the Internet. The next .exe you download via HTTP could be modified.