Slashdot Mirror
Bavarian Police Can Legally Place Trojans On PCs
An anonymous reader writes "The Bavarian Parliament passed a law that allows Bavarian police to place 'Remote Forensic Software' (Google translation) on a suspect's computer as well as on the computers of a suspect's contacts. They may break into houses in secret to install the RFS if a remote installation is not possible; and while they are there a (physical) search is permitted too. The RFS may be used to read, delete, and alter data." The translation says that RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person... Even where there is a reasonable assumptions on concrete preparatory acts for such serious offenses."
but does the trojan run on linux?
Knowledge is power. Knowledge shared is power lost.
In my ignorance, I asked myself "where the hell is Bavaria?". So I wiki'd it. Turns out, it's in Germany.
The more you know...
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
boycott creme-filled long johns!
There are times when I really need a condom and now I know that when I'm in Bavaria, the police will put one right on my computer! Now I know where to look!
Can I request other brands?
The German link is broken. A double hyphen has turned into a long hyphen (what, did somebody edit the url with Word?)
In my ignorance, I asked myself "where the hell is Bavaria?". So I wiki'd it. Turns out, it's in Germany.
The more you know...
I'm also an American. Where's Germany? We're not bombing them so the news doesn't show the country on a colorful map. That's the liberal media for you!
Yay, a step forward to Orwellian state. At least for Bavarians.
For once I would like the politicians test try these on their own computers and assure us that since they've got nothing to hide we should come out as well (right!).
Does this imply that they can install a virus on my PC in Canada if I'm talking to a suspect in Bavaria?
I hope not.
Will this code be safe? What if it opens the infected PC up to access by hackers and the PC is damaged or materials (virtual) are stolen? Is there any liability for the police?
Who stole my key?
Federal agent accidentally gets shot while installing spyware?
Firewall defeats government spying?
Hacker doing port sniffing ruins investigation by taking over remote administration tool?
Ok, Yes. I live in USA. And there's a lot of screwed up stuff here. But come on! This article is just crazy! Even by American standards (or is it...)!
Let's get this right. They can act to install trojans and perform physical searches when there's a threat to the liberty of a Bavarian - and in so doing, they threaten the liberty of EVERY Bavarian. Does that mean they're now allowed to install trojans and perform physical searches in every Bavarian home and business, given that everybody's liberty is now under threat? /joking, but laws like this are not a laughing matter
I thought that the memories of the Geheime Staatspolizei made sure the germans would never approve of such things...
Are they dumb enough to install this on a clubie's machine? A paranoid or diligent sort who runs a tripwire and keeps the checksums on other media would discover this thing toot-sweet.
I would expect that the installation of such a trojan would mean that anything found on the computer cannot be used as evidence, as they can not only read, but alter the data, even after the computer is confiscated.
I can't wait until some tech-savvy suspect finds the trojan, perhaps complete with a packet trace of the remote installation, and posts it online.
I'd think the remote installation would either require a secret back door, or an exploit, maybe even one that is not publicly known.
1) look guilty
possibly 5) get busted for obstructing police investigations by publishing the exploit.2) wait for remote trojan installation, log everything
3) sell unknown (effectively zero-day) exploit
4) profit!
Polizei in lederhosen kann deine computerhosen.
And clean carefully the cashe when finished.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
If you suspect this has happened and reinstall your OS, is that destruction of police property? Will they just keep breaking into your place?
Um, "forensic" software is typically designed to *prevent* the alteration of data. Otherwise you can't reliably go into court and prove that you haven't planted the evidence. Last I heard, Germany still embraced the concept of due process...
Not sure whether this is a crazy law passed by some locals that will be struck down by German courts, a bad write up, or a bad translation...
...Spartan police?
These are all the same exact comments as when another country passed a law like this... it was called the PATRIOT act. Only a matter of time before the US forces every country in the world to pass a similar law so they can all work together against the invisible tirrrists. So unless you have something new to say about this disturbing trend, lets just copy and paste the old comments.
I know this is slashdot and jumping at anything so we can scream 1984!!! POLICE STATE!!11!!! gets you modded informative or insightful, but this slashdot article is just crap.
The "Bundestrojaner" will only be used as a last resort and in defense to terrorism, as you can read here in an article posted today, denying the Bavarian request to use it for other crimes not directly related to terrorism.
Poor google translation:
http://translate.google.com/translate?u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2FBundesrat-will-heimliche-Online-Durchsuchungen-auf-Terrorabwehr-beschraenken--%2Fmeldung%2F110466&hl=en&ie=UTF8&sl=de&tl=en
Ah, screw it. 1984!!! ORWELLIAN STATE!! BURN THE WITCHES!
I am actually surprised to read this on Slashdot. I thought this was already common practise in the US? I really thought that the police can get a court order and install bugs, microcameras and trojans and whatnot on a suspects computer.
I just don't trust anything that bleeds for five days and doesn't die.
No, it simply doesn't have that ring to it.
In Bavaria, trojan cremes you!
.. Even where there is a reasonable assumptions on concrete preparatory acts for such serious offenses. Have a terrible feeling that should say no reasonable assumptions or concrete preparatory acts
that sounds kinky tasty
of Germany, the US, and Britain- and I guess some banana republics in Africa. Maybe even Stalin would love us. The only difference between us and them is that we are going slower so the riots and killing haven't started yet.
Prior judicial review (in other words, their equivalent of obtaining a warrant) required? Or not? Without that information, the summary is meaningless.
...the point! http://img512.imageshack.us/img512/9159/germanybavariaalpschurcob4.jpg
Ve haff vays of makink your computer talk.
http://twitter.com/OLDTELEGRAM
Listen up folks. There is only ONE reason why you would ever want to visit Bavaria. Yes. Ahum. For those of you not in the know, it has something to do with jugs. Large jugs. Yes. Ahum. One thing is certain, it does not require the presence of a computer anywhere near the place.
One might even suggest the use of a computer to be quite counter-productive near aforementioned jugs. Ahum. Jugs.
10 ?"Hello World" life was simple then
I've just returned home to the UK after 13 months living and working in Munich. I come from Big Brother Island and so I'm used to the heavy surveillance. Let me just say something about Bavarian policing.
If you look a bit "different" (i.e. not white, european, wearing expensive preppy labels), for example, black, Asian, latino, white with dread locks, unkept clothes, smoking self rolled tobacco, riding your bike after 10pm, just anything out of the ordinary, you can expect to be stopped at least once by the police.
It is the most policed state in Germany and I'd hesitate to say Europe. They are everywhere. They pull you over randomly, they stop you on your bike for ID, they fine you for crossing the road not at a traffic light even if it's 4am in the morning and there are no cars...
Quite honestly, it does make for an extremely safe city. But who wants safe if you can't be yourself?
In all, Munich is otherwise an awesome city. The people are great, the town beautiful, the location second to none. It's just now I'm home, it's refreshing to see a hoody, emos, scabby relaxed happy people!
Just a quick google search also found me this: http://wikileaks.org/wiki/Bavarian_trojan_for_non-germans
I doubt that trojans can be stretched to cover an entire PC.
Not that I am crazy about those, but hasn't government always had the right to intercept communications under certain circumstances? Why should the fact that this is a method for doing so on a computer make this case any different?
With a warrant the police can do that here i the US too.
Warrants can be issued for 'suspicion'.
---- Booth was a patriot ----
If you encrypt your drive, and don't leave it running while you are gone, unless they guess your password not much they can do.
---- Booth was a patriot ----
I got an error at the link,,, so what's different about this versus a wiretap? Is the procedure for getting authorization any different? Tell me you need a warrant and I'm going ask why we are reading about this ... tell me they can just install it and run, on a whim and I'll be interested.
/LabMonkey09
The "Bundestrojaner" will only be used as a last resort and in defense to terrorism
when the law that allows the police to monitor ALL communication (email, gsm, landline) at all times, without needing any warrant was passed here, (turkey) and gave the daily running of the operation to a small board that would be directly appointed by the prime minister and his cabinet, many idiots believed that 'only as a last resort and in defense against terrorism' bullshit too.
...
then somehow the private conversations of opposition party members who have had a strife with the administration have been leaked to the newspapers and media that were backing the administration. then the private conversations of state attorneys have somehow leaked to the same islamist newspapers. then suddenly the conversations of generals that are opposed to the islamist party (the military is tasked with ensuring the continuance of secular, western style republic, according to turkish laws) have somehow slipped to islamist newspapers backing the administration.
yea. there were idiots who were believing that it would only be used as a last resort and against terrorism here too
Read radical news here
"The RFS may be used to read, delete, and alter data"
Get ready to commit crimes that never happened, only in Bavaria!®
If the software they install can delete and alter files, how can any evidence they procure be admissible in a court of law?
"Was it a millionaire who said 'Imagine No Posessions?'" -- Elvis Costello
... well, this certainly explains why all those Stasi 2.0 (http://en.wikipedia.org/wiki/Stasi_2.0) stickers have shown up here, stuck up on stuff around the ranch . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Oh yes, this sounds exactly like other totalitarian countries, like China, USA and Sweden.
My other account has a 3-digit UID.
They want to stick condoms on my computer? :oP
Bill Clinton had Carnivor and Magic lantern for this sort of thing long before Bush was even in the White House, around 1995.
The Federal government has been violating due process and the US Constitution since FDR was in office.
Don't try and pretend that Bush was the first to do this sort of thing with the Patriot Act, all he did was use it to amend the Constitution.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
to spy on their employees. Sure it is unethical, and maybe morally wrong, but they do it anyway.
Bill Clinton had the FBI use Magic Lantern for that vary purpose.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
in a court of law even if the trojan is programmed to download porn and other things over the Internet. I can recall American employers using trojans like that to fake employees surfing the Internet too much to fire them for it. "He surfed for porn for more than 5 hours each day, so he fired him" when really the trojan surfed porn and planted it on his computer. They do that sort of thing when they want to discriminate against an employee for their religion, race, color, national origin, disability, age, gender, or whatever. It is a way to avoid discrimination laws and civil rights, just fake evidence that the employee did something wrong and that is good enough to get a court to agree with you that you didn't violate his/her rights.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Fehlermeldung
404 - File not found
Leider ist die von Ihnen aufgerufene Seite auf diesem Server nicht vorhanden.
Bitte überprüfen Sie:
die Schreibweise der URL (Groß- und Kleinschreibung beachten!).
Ihren Bookmark.
die Seite, von der Sie gekommen sind.
"Kill 'em all and let Root sort 'em out"
As bad as you want to say things have gotten in the USA, it's nothing like this yet. And all his contacts too? Wow!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
"The RFS may be used to read, delete, and alter data" Get ready to commit crimes that never happened, only in Bavaria!®
"Naw... wouldn't happen... Police wouldn't frame you with things you haven't done... 'd be against the law!"
Believe it or not, that's the first counter-argument if you speaking against the recent legislation.
(used to live there long enough)
No, they can only screw you if you're running a Windows OS.
They probably install some variant of Back Orifice before slamming in the Trojan.
Huh?
What puzzles me is why this would be something the Bavarian Parliment would do. I would think this would be done at the national level; US laws that enable wiretaps are all at the Federal level.
They tried to. It came as far as the constitutional court in Germany, and failed miserably. The law now returns, slightly changed.
You have to know that in Germany, each "Land" (~County) has its own law. If there's a matter on which both a county's law and federal law exist, the federal law supercedes county law. The federal law on computer trojans failed before the constitutional court. It's been slightly changed and they're going to give it another try on the federal level the next few weeks. Meanwhile, Bavaria layed out its own law regarding trojan infection of suspects' computers. It will probably also fail before court as soon as somebody bothers to sue (and a lot will, believe me), but until that happens, it's there and it's valid.
I suspect it's all some show-off attempt for big guys in politics, along the lines of "look, we were the first to arm our police with the necessary tools against terrorism", paired with a boxcar load of right-wing attitude...
Although this law will get smashed soon, it pretty much shows there the wind blows from in Germany. Or Europe, for that matter. Or the world...
Is it retroactive? Because I still have the problem of past intrusions, unexpected viruses, spied code and where exactly is the internet? Then intercepted emails and what happened to the woman? Maybe I understand why Bavary... If you send comments to the White House should you await an automatic reply for each message or lets see how many the system deems correctly to acknowledge?
Where the hella ya been all these years!!!!!!
Barbarian Police Can Legally Place Trojans On PCs
Of course! There is no other way to deal with the Borg; if we don't use RFSs, it could mean the end of existence for the entire Alpha Quadrant, not just the Federation!
Don't underestimate the power of The Source
3... 2... 1... ~m
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
When thinking of the GeStaPo (Geheime Staat Polizei) Most people will remember the torture , the sending to concentration camp, the executions, the kidnapping and nobody see you again, rather than the petty search in secret. You know, like nearly all security/spionnage agency of the world are doing right now, like DGSE, CIA, And sometimes even the police in the middle of an inquiry when they don't want to alert the perp etc...
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Sorry, most of what you said or suspected is wrong. The system is actually a very clever design which prevents interruption of data/fax calls by the phone and in fact also eavesdropping from another phone inside the house.
The "multi-way phone sockets" are usually of the NFN-Type. Here F means "Fernsprecher" (Phone) while N means "Nicht-Fernsprecher" (Non-Phone). The socket is designed so that the line goes first to the left N socket , then to the right N socket and finally to the F socket. The phone will always be the last in chain. A non-phone device (fax, modem) plugged into one of the N sockets is supposed to have two electronic switches inside which will chain-through the line to the next socket when the device does not use the line. So if you are not sending a fax or surfing the net, you will be able to use the phone normally. However when the fax/modem takes over, the phone will be cut off. This clever trick prevents you from interfering with the transmission by picking up the phone.
As you are not supposed to plug two phones into one box, this also prevents eavesdropping. Overload prevention is not the reason. There were and are devices available which either are put before the NFN-box and allow to wire another NFN-box or contain a F or NFN socket themselves. Both will allow to wire a second phone and of course you could use more than one of these devices. These device however contain a automatic switch will will cut-off the other phone when one is in use. But they will all ring.
Especially since the main reason to cover up the WMD search in Iraq was to rid the ppl of a police state etc...
Maybe one day Iraq will lead a campaign to rid the Northern Hemisphere of police states to return the favor. I think the only difference nowadays is G8 regimes have more resources to make it look more Legalish.
If I was German, I'd emigrate right now. Heinrich Himmler would be so pleased.
Beauty is in the beholder of the eye.
RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person...
Apparently, they are drawing on a century of experience that Germany has with intrusion into people's private lives, both under right wing and left wing extremist states. Even the language of the law itself is... classic.
But watch: there will be abuses immediately (cops cannot help themselves, they have a compulsion to "fight crime") and in about 3 years one will be egregious and funded enough to make it to seriously senior courts. Then one of these (especially the EU) will seek to exert its' jurisdiction with a ruling like the US "fruit of the poisoned vine" doctrine.
Odd thing is, the bayricherbeamter are anything but stupid and may even see and desire this.
Bavaria's capital is big on using Linux - and what better target could the conservative Bavarian state government find than the liberal city council of the capital?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
"The "Bundestrojaner" will only be used as a last resort and in defense to terrorism"
The Bavarian police is currently thinking to extend the applications of this software to child pornography, a crime "so terrible" that no one can disagree (isn't murder at least as terrible).
So the escalation in Germany goes generally like this:
* Terrorism (SO bad, you have to give up your basic rights)
* Child Pornography (So disgusting, we forget our principles here).
* Tax evasion (hey, the state is bankrupt and the money has to come from someone)
* Everything
This escalation steps work all the time. Each step takes between 6 months to a year.
So what does the AV software vendor do when it encounters the "signature" for a trojan that has been set up by some government? If AV vendors weren't already pretty darn screwed by the fact that their methodology is seriously flawed, this would push them over the edge by itself, I would think...
Run Linux
Encrypt Boot and home disks.
Encrypt everything.
md5sum *everything*
Boot off a knoppix or install CD periodically.
Keep a spare motherboard around and/or change motherboards frequently.
Always buy a name brand ethernet card that is a different chipset than your motherboard.
Run wireshark on your laptop which you *NEVER* let out of your sight.
Remember, thieves will only steal your stuff. The government will steal your life and liberty if it is politically possible.
True on the keylogger (but then, you can see those - especially if, like me, your home computer is a laptop).
However, if the the computer has a TPM chip and is using BitLocker, then no, they can't install a hypervisor - by necessity, the hypervisor changes the boot instructions, which would cause the (TPM-enabled) boot validation in BitLocker to fail and the drive will lock itself until the recovery password is entered (and no, it's not guessable - it's a very long machine-generated value). Barring a really stupid user who ignores the warning that the boot sequence changed, this is about as safe as you could get.
I don't know how TrueCrypt or similar would handle this situation, but as long as a strong password and boot validation are used, full-disk encryption would probably be effective against this.
There's no place I could be, since I've found Serenity...
Bavaria is a very strange state and could be best described as Germany's Texas.
So even if Bavarian politicians tend to find the idea of breaking into homes secretly quite attractive, the majority of the German population will still strongly oppose to this.
Remain calm everyone! Please move to the back! No pushing!
...The RFS may be used to read, delete, and alter data."
So they can alter a picture of your wedding to create evidence of terrorist connections by showing you kissing osama bin laden in a dress.
Anti-virus software in Barvaria would have to allow it to function, otherwise it would be of very little use, so it would be a good idea to use a slightly modified version of it as payload for another piece of malware. This way you can gain access to most computers in the state.
So that means anybody not subject to Bavarian arrest can place Trojans on Bavarian police computers, sell the output, and place counter-Trojans to disable or mislead the Trojans they immorally place on "perp's" computers.
Cool.
Does anyone anywhere ever need PRIOR probable cause to "believe a crime has been committed" (CONTEXT SENSITIVE) or, are we in a global police state now? Just asking so I can act accordingly and bring anarchy to said police state if we are in a global police state now.
The RFS may be used to read, delete, and alter data.
So, getting this straight... They have the right to modify data in ways that can't be [reasonably] detected... and then they can use this data to press charges?
"Of course not your honor! It was different data we changed. The incredibly convenient file that says, 'I am guilty, it's a fair cop, guv! Oh yeah, it was me!' was there all along."
You're on incredibly shaky ground when you allow the police to manufacture information where they may subsequently use information to support charges. As soon as one dirty cop gets caught manufacturing evidence, you've devalued the entire method for gaining it. How long before the standard defense becomes, "My client has never seen that file before. Given the police routinely add and modify files on people's computers, prove beyond a reasonable doubt that they didn't put it there themselves and then change the logs to simply make it look like my client did it."
Seems you were taken for a ride by some obscure kraut. Or yours was a July 4 joke.
There are 3 (or 4, depending on how you take it) different types of "TAE" phone sockets here. A single one for a phone (coded "F"), a dual one for a modem and a phone (coded "N-F"), where the modem or answering or fax machine plugs into "N" and cuts off the phone socket when active, and a third one which combines a N-F socket with another F socket accomodating 2 lines (coded "N-F-F"). There are also "N-F-N" types for special uses. Your flat or hotel room apparently got only a "F" socket. Next time you come to Munich you visit one of the electronics stores in Schillerstrasse and buy an N-F socket for 3.50 Euros and exchange it for the F socket.
No nazi conspiracies here. Duh.
By the way the German federal constitution court in Karlsruhe already ruled online searches of the said kind unconstitutional, and the law now passed will most probably get probed there, and fail. Why in the world the Bavarian government would do that I've no idea. Any Bavarians here who can shed some political light on it?
open (SIG, "</dev/zero"); $sig = <SIG>; close SIG;
"urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person.."
With this law installed, living in Bavaria IS an "urgent threat to the security of the liberty of a person.."
So it always applies. Even if the police installs a logging version of Notepad, they can now enter your house without a search warrant.
Stasi = secret police, not secret people.
Antiquis temporibus, nati tibi similes in rupibus ventosissimis exponebantur ad necem.
the link is dead because TFA was a premature assumption, it's apparently replaced by this http://www.heise.de/newsticker/Bundesrat-will-heimliche-Online-Durchsuchungen-auf-Terrorabwehr-beschraenken--/meldung/110466 article, stating that it stranded in the Bundesrat of Germany, there's no such thing as a Parliament of Bavaria.
I leave my dogs outside the house [5], so they can get to any who try to break-in.
We have stock piled a lot of hightech weaponanry for this eventuality. I will be able to see my targets at night aswell, plus my mate reckons he is close to hacking into the defence grid, [he used to work for them so nose a thing or two. so we can use the salalites to view the cops, whats even better he reckons is they all have to have RFID injected, so they will be easy targets, when the system is hacked and brocken.
I would say with the Hundreds of Millions of people who have seen what has really occurred to Humanity at the hands of these Oligarchs and their bosses and agents, nowhere on the planet will be safe for them or their children.
The Earth is tired of them.
Plus the whole 2012 cleansing cycle, the roaches think they can hide underground, but they are sorely mistaken.
The Roach cleaner is comming, so get ready roaches, time for some payback.
As far as i know they use this Keylogger. I read that lots of polices and governments agencies use that All In One Keylogger.
See Blinkenlights:
http://en.wikipedia.org/wiki/Blinkenlights
Shot in the dark?
~hylas