Coder of Swiss Wiretapping Trojan Speaks Out

← Back to Stories (view on slashdot.org)

Coder of Swiss Wiretapping Trojan Speaks Out

Posted by Soulskill on Wednesday August 26, 2009 @02:41AM from the is-swiss-software-full-of-security-holes dept.

Lars Sobiraj writes "Ruben Unteregger has worked for a long time as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would invade PCs of private users, and allow the wiretapping of VoIP calls — in particular, calls made through Skype. In the German-speaking areas of the country, the Trojans were called 'Bundestrojaner' because the Swiss government was involved with their development and use. Unfortunately, Unteregger has to remain silent about the customers of the company. Last night, he published the source code of his Skype-Trojan under the GPL."

114 comments

Min score:

Reason:

Sort:

we by Presto+Vivace · 2009-08-26 02:43 · Score: 1, Interesting

are going to be hearing a lot more about this.
GPL ? by Pieroxy · 2009-08-26 02:46 · Score: 1, Insightful

GPL really is a stupid option in my opinion. Most certainly the guy doesn't even own the source code since he did it under contract from an employer, so he cannot really "release" what is not his...

Maybe I'm wrong and he owns the source code though. But it will give some more ammo to the FUD that carries some big corporations that GPL is bad.

--
Write boring code, not shiny code!
1. Re:GPL ? by tecnico.hitos · 2009-08-26 03:10 · Score: 1
  
  But now everyone can wiretap Skype calls. Isn't it great?
  
  --
  The good, the evil and the vacuum tubes.
2. Re:GPL ? by wild_quinine · 2009-08-26 03:22 · Score: 5, Informative
  
  Most certainly the guy doesn't even own the source code since he did it under contract from an employer, so he cannot really "release" what is not his... Maybe I'm wrong and he owns the source code though.
  From the article:
  "There won't be problems about copyright, because ERA IT Solutions let me keep it... About the details, why I keep the copyright on this, I can't offer a statement. As already mentioned I agreed to absolute silence. You can speculate now or ask the sources directly. "
3. Re:GPL ? by syphax · 2009-08-26 03:27 · Score: 2, Informative
  
  From TFA:
  Rubin Unteregger: Yes, thatÂs the plan. The source code of this wiretapping trojan will be published in the upcoming days. There won't be problems about copyright, because ERA IT Solutions let me keep it.
  
  --
  Simple Unexpected Concrete Credible Emotional Stories
4. Re:GPL ? by Anonymous Coward · 2009-08-26 03:42 · Score: 0
  
  i can't believe this is moderated insightful, he says in the intervew that he has full copyright of the sourcecode
5. Re:GPL ? by Runaway1956 · 2009-08-26 04:07 · Score: 1
  
  I seem to hear an assumption that the laws governing his contracts are compatible with United States corporate views concerning contracts. Maybe this code really IS his, by law?
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
6. Re:GPL ? by chrb · 2009-08-26 04:16 · Score: 4, Interesting
  
  About the details, why I keep the copyright on this, I can't offer a statement.
  My guess would be liability. If Skype want to sue the "owner" of the trojan, the company is safe. If a "victim" of the trojan wants to sue the "owner", the company is safe. In any court case, the company can turn around and say "Ah, but we just provide advice and consultancy services. The creator and owner of the trojan code is Ruben Unteregger, and he is a completely different legal entity."
7. Re:GPL ? by Anonymous Coward · 2009-08-26 04:17 · Score: 0
  
  I can believe it. Obviously the commenter and the mod never read the entire article, but then again, neither did I.
  -- gid
8. Re:GPL ? by oldhack · 2009-08-26 04:46 · Score: 4, Funny
  
  Title reads: "Coder of Swiss Wiretapping Trojan Speaks Out"
  Summary reads: "Unfortunately, Unteregger has to remain silent about the customers of the company."
  The parent quotes the guy: "About the details, why I keep the copyright, I can't offer a statement. As already mentioned I agreed to absolute silence."
  That's why I am not commenting on this story.
  
  --
  Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
9. Re:GPL ? by element-o.p. · 2009-08-26 05:22 · Score: 2, Insightful
  
  GPL really is a stupid option in my opinion...it will give some more ammo to the FUD that carries some big corporations that GPL is bad.
  Assuming the source code is his to give away (certainly not a given!), I have to disagree.
  
  1) GPL is perfect for this, since it essentially says, look -- take this code and modify it, redistribute it, analyze it, re-publish it...do what you want with it, as long as you allow this same freedom to anyone else who gets the software. This is the whole reason the GPL exists in the first place! In this case, this is good because it allows others to take the code apart, figure out what makes it tick and come up with A/V signatures to detect it without worrying about whether or not you are violating a licensing agreement by trying to analyze and reverse engineer the code. It does also allow black hats to rewrite and enhance it for illicit use, but that's one of the problems with freedom -- you can always abuse freedom, if you choose. And for whatever it's worth, I don't think the black hats were going to be too concerned about license restrictions, anyway...
  
  2) Saying that GPL is bad because software that may possibly be used for ill intent is licensed under the GPL is a logical fallacy. Would anyone in their right mind say that, because someone somewhere has used a car to commit a crime (drunk driving? getaway car in a robbery? ran over someone who pissed them off?) that therefore all cars are inherently evil? Of course not, so why would you say that about software?
  
  3) Okay, maybe that's not what you meant by your "more ammo to FUD" argument. Maybe instead you meant that it allows big corporations to worry that their developers might give away their software products by licensing them under the GPL. How is that any different than any other commercially developed GPL'd product (MySQL, RHEL, etc.)? Or, from another angle, how is that any different than any other big company worrying that their developers might give their intellectual property to a competitor, or publish it on-line somewhere? It is *possible* for this to happen whether it's GPL'd, released under other FOSS licenses or simply posted on-line without any kind of license at all.
  
  Of course, if he doesn't really own the rights to the source code, then all bets are off.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
10. Re:GPL ? by element-o.p. · 2009-08-26 05:28 · Score: 1
  
  I guess I should RTFA -- there are posts below mine that show that he does, in fact, own the copyright to the software. In which case, if the company hires someone to write software and the author of that software then posts it under the GPL (or other FOSS license), then how does that possibly add ammo to the FUD argument about the GPL?
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
11. Re:GPL ? by improfane · 2009-08-26 05:35 · Score: 1
  Logical fallacy? It COULD be used for good but think: Wiretapping is invasive by design, you're trying to tap into listening to a communication you probably do not have the invitation to. The few legitimate and reasonable purposes for wiretapping software I can think of are:
  
  personal recordings of calls
  legal enforcement/national security (haha)
  monitor your children
  Do you think that most users of this will be doing these things?
  A hammer may be used for murder but you generally use it for hammering nails. Think about the intent not the potential usage! That's why what you say is not a logical fallacy. Do you not think that a car is regarded a transport vehicle first and criminal intent second?
  --
  Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
12. Re:GPL ? by CrimsonAvenger · 2009-08-26 05:40 · Score: 1
  
  2)Would anyone in their right mind say that, because someone somewhere has used a car to commit a crime (drunk driving? getaway car in a robbery? ran over someone who pissed them off?) that therefore all cars are inherently evil? Of course not, so why would you say that about software?
  
  Of course, people say that about guns all the time. So I'm assuming that the same sort of people would say the same sort of thing about a Trojan...
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
13. Re:GPL ? by element-o.p. · 2009-08-26 06:14 · Score: 1
  
  You missed my point. I'm not arguing whether or not this particular piece of software is good or evil; I'm arguing whether or not someone releasing under the GPL a piece of software that is most likely to be used for ill intent makes the GPL itself good or evil.
  
  The argument I am trying to counter goes like this:
  1) This software is evil.
  2) This software was released under the GPL.
  3) Therefore, the GPL is evil.
  
  This is the argument I was attacking, and it is indeed a logical fallacy. The GPL does not take on the characteristics of the software released under it; software released under the GPL takes on the characteristics of the GPL, and those characteristics apply equally to malware and to beneficial software.
  
  In my argument, the GPL, not the software, is like the car. Both the GPL and a car can be used either for legitimate purposes (i.e., Linux/GPL and transportation/car) or illegitimately (i.e., malware/GPL and murder/car).
  
  Incidentally, I hereby release this argument under the GPL so that anyone wishing to use it to counter FUD from big corporations trying to make the association from malware to GPL may be free to do so :)
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
14. Re:GPL ? by element-o.p. · 2009-08-26 06:33 · Score: 1
  
  Yeah, I didn't really want to go there. Although I think the principle is as true for guns and software as it is for cars, a lot of people feel that guns are only used for killing, therefore they are inherently evil[1]. Consequently, if I had used guns rather cars in my analogy, I would have potentially harmed my argument.
  
  [1] I believe that this conclusion is false, too. A gun is designed to kill, but I disagree that this is always evil. I would not hesitate for a single second to kill someone who intended to harm my family, nor do I think that using a gun to kill a moose or deer, etc. for food to feed my family is evil. However, there are people who believe that killing is never, ever justified, so I didn't intend to go there in my original argument.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
15. Re:GPL ? by KC7JHO · 2009-08-26 06:57 · Score: 1
  
  A gun is designed to kill,
  
  Actually, it can be said that a gun is designed to push a piece of material in a (mostly) straight line at a very high speed. While this could just as easily be target practice, competition shooting, etc. the intent to use it to kill (a person, animal, etc.) is solely at the discretion of the shooter.
  
  The same applies to this software, it is designed to record the Skype conversation. This could be used to archive several machines / users to a central server (yes some source code would need changed, but it is now under GPL and this can be done) for "Training/Quality Assurance" purposes.
  
  Note: I am not disagreeing with your intent, just clarifying it a bit.
16. Re:GPL ? by CrimsonAvenger · 2009-08-26 07:24 · Score: 1
  
  A gun is designed to kill,
  While this is certainly true, I should point out that more guns in the USA are used for target shooting than for killing.
  
  Yeah, I didn't really want to go there.
  Understand completely. I was just pointing out that there exist a large group of people who believe that tools can be evil. And those people would be delighted by the chance to name yet another tool to be evil incarnate.
  IMO, men can be evil, and can use tools to commit evil acts. But the tools, in and of themselves, are never more than tools, and no more evil than a rock is evil.
  Yes, a gun is a tool. So is a rock, for that matter....
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
17. Re:GPL ? by element-o.p. · 2009-08-26 09:47 · Score: 1
  
  Point taken.
  
  CrimsonAvenger also raised a similar objection, pointing out that guns are used far more often for target practice than for killing, which might also be true (historically, including hunting for food? Maybe; I don't know for sure). It's certainly true for me, at least. I own several guns but I have never shot a single living thing with any of them (although I have shot a grouse -- once -- with a bow, but that's slightly off-topic).
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
18. Re:GPL ? by Mr.+Slippery · 2009-08-26 12:56 · Score: 1
  
  Most certainly the guy doesn't even own the source code since he did it under contract from an employer, so he cannot really "release" what is not his...
  
  But of course, in order to claim copyright on the code, they'd have to admit responsiblity.
  
  --
  Tom Swiss | the infamous tms | my blog
  You cannot wash away blood with blood
19. Re:GPL ? by Anonymous Coward · 2009-08-26 15:48 · Score: 0
  
  The GPL is viral!!
20. Re:GPL ? by Cosmostrator · 2009-08-26 19:13 · Score: 1
  
  You have it all wrong, GPL is a brilliant option. Let's say that someone decides to install this software on your computer to listen in on your conversations. Since they are distibuting sofware that is under the GPL they have to make the source code available to you. To top it off all of the changes that they made to the code are also available to you under the GPL. Those script kiddies won't even know what hit them.
21. Re:GPL ? by Anonymous Coward · 2009-08-26 20:42 · Score: 0
  
  Most people would sooner hold that anything not responsible for its own actions cannot be evil.
  This point is more or less true in Law, as well.
Only a matter of time by eviloverlordx · 2009-08-26 02:46 · Score: 2, Interesting

I don't think that a reasonably informed person could expect that this sort of thing could be kept bottled up for very long.

--
'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
1. Re:Only a matter of time by Anonymous+Cowar · 2009-08-26 02:54 · Score: 1, Troll
  
  This is government we're talking about. "Reasonably Informed" and "Politician"/"Government Bureaucrat" are mutually exclusive. Anywho, if the swiss politicians are anything like we have stateside, the trojan that they voted for doesn't need to stay secret forever, just until after the next election. That's the problem with politics, very few successful politicians thing or act long term because thinking long term means making painful decisions that will most likely get them voted out of office for the next feel-good guy. So you have all of these feel-good guys with 2,4, or 6 year attention spans and as long as the world doesn't end in that time period, they're pleased as punch.
  
  The guys who voted on this or approved it will probably say "That was last term/fiscal year, this is this term/fiscal year! Lets go have a beer!" and be done with it, as if they are magically not guilty of voting this monster into existence.
2. Re:Only a matter of time by fuzzyfuzzyfungus · 2009-08-26 03:18 · Score: 1
  
  It's not at all clear to me that the plan really required keeping it bottled up. You don't really need secrecy if you have power(though secrecy is undoubtedly gravy if you can get it).
  
  There are precious few, if any, countries where authorities have had much trouble passing laws giving themselves broad "security" powers. With those in place, they don't really need to keep things under wraps, what are you going to do about it?
3. Re:Only a matter of time by AHuxley · 2009-08-26 13:00 · Score: 1
  
  It penetrated windows/skype for a set period, as Apple and Linux move on and MS rushed to catch up, the Skype torjan would become exposed or useless.
  This product did its work for governments at a set time in the past.
  The interesting part was hints at a Magic Lantern option
  http://en.wikipedia.org/wiki/Magic_Lantern_(software)
  The real fun is what the German gov did with this around the world via this software in the past.
  The German "CIA" (BND, hi guys) did get caught with a false flag operation Kosovo,.'suspicion of plotting a bomb attack on European Union offices in Kosovo".
  Having your windows 95 malware talked about is no problem as OS independent versions can/have been contracted for.
  having your agents caught trying to a "operation gladio" is something you would want to keep 'bottled up".
  http://en.wikipedia.org/wiki/Operation_Gladio
  Skype of death was used in the past?
  If you talk of "bottled up" things you join Costas Tsalikidis, the Greek telco whistleblower who was found hanged.
  Adamo Bove head of security at Telecom Italia who exposed the CIA renditions via cell phones "fell" to his death.
  This seems like a coder saying "I was just a contractor, I just wrote the code"
  "I was just obeying orders"... :)
  
  --
  Domestic spying is now "Benign Information Gathering"
Government Support Malware... Great... by LitelySalted · 2009-08-26 02:49 · Score: 3, Interesting

Government supported malware...
I guess he's trying to vindicate himself by publishing the source code, but the reality is that there is a risk some idiot out there is going to misuse this information.
Seriously, do we want open source malware?
1. Re:Government Support Malware... Great... by Kokuyo · 2009-08-26 02:53 · Score: 5, Insightful
  
  but the reality is that there is a risk some idiot out there is going to misuse this information.
  SOME idiot? I'm most worried about the government itself, thank you.
2. Re:Government Support Malware... Great... by Dr_Ken · 2009-08-26 02:57 · Score: 1
  
  He might be feeling guilt about what he did and is trying to absolve himself. And I agree releasing open source mal ware code isn't especially helpful either.
  
  --
  "If you want to know what happens to you when you die, go look at some dead stuff."
3. Re:Government Support Malware... Great... by AndrewNeo · 2009-08-26 02:58 · Score: 4, Insightful
  
  Yes, we do, for the same reason we want other software to be open source.. security. If we can see into a program's source, we can identify potential security issues. By releasing the trojan's source code, Skype can fix their software.
4. Re:Government Support Malware... Great... by AlXtreme · 2009-08-26 03:10 · Score: 3, Informative
  
  By releasing the trojan's source code, Skype can fix their software.
  I don't think this will help Skype a lot, at best they could attempt to stop this particular trojan.
  We're talking about a trojan that has complete access to the local machine. At some point in the software Skype has to decrypt the audio transmission and send the data via the OS's audio API, and that is where this trojan will intercept the data. Skype now knows how the trojan intercepts the data, and at best they could frustrate it in a new version (which would work until the trojan is updated).
  The big question is if Skype is still secure without having to gain access to the local machine (ie. can law enforcement decrypt Skype traffic).
  
  --
  This sig is intentionally left blank
5. Re:Government Support Malware... Great... by fuzzyfuzzyfungus · 2009-08-26 03:20 · Score: 2, Insightful
  
  I think we do. If the malware is a "feds only" tool, there will be pressure, overt or covert, on security vendors to make their products look the other way when it shows up. That would be bad.
  
  If every tom, dick, harry, and script kiddie out there has a dozen variants, security vendors will have to treat it as a threat, and hopefully end up mitigating the effectiveness of the fed trojan.
6. Re:Government Support Malware... Great... by LitelySalted · 2009-08-26 03:22 · Score: 0
  
  I think you're missing the point. Releasing the source code for a piece of software can have more impact than analyzing how to defeat it.
  In this particular case, releasing methods for breaching firewalls and infecting computers can create problems for a MYRIAD of software developers. Not to mention that it might help people trying to develop their own hazardous software.
  I think the community all to often associates "Open Source" with all that is good and shiny without fully analyzing the repercussions of publishing the code. Think about it, if Windows, for some unknown reason, suddenly decided to go Open Source, there would be ABSOLUTE MAYHEM. Caps for emphasis.
7. Re:Government Support Malware... Great... by gnick · 2009-08-26 03:23 · Score: 2, Insightful
  
  ...releasing open source mal ware code isn't especially helpful either.
  Open sourcing it is fine (assuming he's allowed to do so - I know I'd be in trouble if I open sourced the code I'm paid to write) - Even then there's the Wikileaks option if GPL (or whatever) isn't practical. But, both as a courtesy, an aggressive encouragement to improve, and an effort to minimize damage, it should be politely delivered to Skype first. Skype should also be made aware of your intentions, in say 3-6 months, of sharing it with the world.
  
  --
  He's getting rather old, but he's a good mouse.
8. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 03:27 · Score: 0
  
  Politicians are ensured to do something stupid if corporations make it worth their while.
9. Re:Government Support Malware... Great... by gad_zuki! · 2009-08-26 03:33 · Score: 1
  
  I doubt skype can do anything. This trojan runs locally with admin rights. Somewhere in there skype needs to put the encryption key in memory. The trojan probably just grabs it and then decrypts the VOIP packets. The solution here is to not run trojans.
10. Re:Government Support Malware... Great... by Archangel+Michael · 2009-08-26 03:35 · Score: 1
  
  You are the government (at least you're supposed to be) here in the US, so if you're afraid of the government, you're afraid of yourself. How is that for recursive fear? :-D
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
11. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 03:42 · Score: 1, Interesting
  
  The big question is if Skype was ever secure. They've sure got something they're trying to hide, with all the anti-debugging measures they've built in to their software.
12. Re:Government Support Malware... Great... by tsm_sf · 2009-08-26 03:46 · Score: 1
  
  Seriously, do we want open source malware?
  
  The 2nd amendment fans will clue up any minute here and fill you in.
  
  --
  Literalism isn't a form of humor, it's you being irritating.
13. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 03:49 · Score: 0
  
  .. which is, traditionally, mainly a COLLECTION of idiots..
14. Re:Government Support Malware... Great... by gad_zuki! · 2009-08-26 03:51 · Score: 1
  
  >Government supported malware...
  I dont see a problem with this as long as it requires a warrant, like how the US uses programs like CIPAV.
15. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 03:53 · Score: 0
  
  Don't worry. It's just as afraid of you as you are of it!
16. Re:Government Support Malware... Great... by smooth123 · 2009-08-26 04:08 · Score: 0
  
  Why not... it will bring about a balance to the force......
17. Re:Government Support Malware... Great... by Runaway1956 · 2009-08-26 04:21 · Score: 1
  
  I see two possibilities. Skype is using buggy code which is easily exploitable, in which case, everyone should know it. The only reasonable response is to abandon Skype.
  OR, Skype has now learned of a flaw in otherwise reliable software, in which case they patch it, and go on.
  If the Linux and the Unix kernels have survived all these years with the code readily accessible by anyone who wants it, I see no reason to protect Skype from an open sourced exploit. Skype would be better off if they open sourced their own code.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
18. Re:Government Support Malware... Great... by EdIII · 2009-08-26 04:27 · Score: 1
  
  The solution here is to not run trojans.
  I think the solution is not the run Skype. Skype is shit, but it would probably be better to use a standalone piece of hardware to run it. I use hardware SIP phones to make all my phone calls with their packets being encrypted between them and the IP-PBX. A machine gets infected with a trojan the worst it can do is possibly capture those encrypted packets. There is no access to the encryption key anywhere in that particular machine.
  Ideally, Skype should not be any different.
19. Re:Government Support Malware... Great... by WindowlessView · 2009-08-26 04:29 · Score: 3, Funny
  
  I'm most worried about the government itself, thank you.
  Well thankfully this was the Swiss government. The US would never use some of the billions poured into the new "Cyberwar" to do exactly the same thing. We have laws and high government officials always get brought to justice over things like this...
  
  --
  Leave the gun, take the cannolis.
20. Re:Government Support Malware... Great... by hitnrunrambler · 2009-08-26 04:34 · Score: 3, Insightful
  
  You are the government (at least you're supposed to be) here in the US, so if you're afraid of the government, you're afraid of yourself. How is that for recursive fear? :-D
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  Cool... having a sig that highlights why you should be "afraid of yourself" while commenting on the recursive nature of such fear turns it from being a simple recursion into a complex fractal pattern.
21. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 04:38 · Score: 0
  
  The thing is that software of this kind does not only collect data, it can also PRODUCE data - i.e. FALSIFY it. There's no guarantee - none at all - that what is being reported by the law enforcement agencies as "criminal behaviour" was ever committed - you just have to trust the operator of the malware. Oh, and even IV there was criminal behaviour, who says who the computer USER was during these acts? No, covert intrusion of computer systems is NOT how I want my govt' to operate.
22. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 05:15 · Score: 0
  
  You must be new here
23. Re:Government Support Malware... Great... by element-o.p. · 2009-08-26 05:32 · Score: 1
  
  Well...it makes it easier for the A/V companies to write a detection algorithm, since they don't have to reverse engineer the binary now.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
24. Re:Government Support Malware... Great... by element-o.p. · 2009-08-26 05:33 · Score: 1
  
  Your signature, in light of your post, is rather interesting. And I won't even go into the differences between a pure democracy and a representative democracy right now.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
25. Re:Government Support Malware... Great... by TooMuchToDo · 2009-08-26 05:40 · Score: 1
  
  Can you provide info on what hardware IP phones you use? We have a bunch of Cisco IP phones, and I'm in the process of deploying another 100 or so. I would very much like to do encryption of both the SIP and the voice data stream at the phone's level.
26. Re:Government Support Malware... Great... by TooMuchToDo · 2009-08-26 05:42 · Score: 1
  
  As someone who works with several ISP co-ops, I'd love to get a snort signature that I could provide to them and say "If this flies across the network, you should be notifying your user immediately", while also having snort jam it using RST packets.
27. Re:Government Support Malware... Great... by fulldecent · 2009-08-26 05:56 · Score: 1
  
  it's secure, except for in china where they use the NSAKEY
  
  --
  -- I was raised on the command line, bitch
28. Re:Government Support Malware... Great... by mxs · 2009-08-26 06:29 · Score: 1
  
  And the big answer is "if you assume it is, you are an idiot". Use something you can audit.
29. Re:Government Support Malware... Great... by itzfritz · 2009-08-26 06:30 · Score: 1
  
  It's not exploiting a bug in Skype's software; it just inserts a hook into Windows' audio api and records whatever runs through it when Skype is running.
30. Re:Government Support Malware... Great... by EdIII · 2009-08-26 08:30 · Score: 1
  
  I don't know what phones you are using, but Cisco more than likely supports SRTP on the model you are using. They helped create it in the first place. I am using Aastra 9480i's and 9143i's. They support SRTP. You must enable it in your configuration files (defaults to off) and can specify a preferred state (will downgrade to RTP) or an only state in which non-SRTP capable calls will fail.
  As for IP-PBX, I mostly use Asterisk. You can add SRTP support to Asterisk and there are resources on the web that help you do that. FreeSwitch supports SRTP as well. Most solutions for an IP-PBX probably support SRTP at this point too.
  You just need to make sure in your conf files (on your IP-PBX) that you specify that it should be used, and then check for it in your dial plan. You can set it up where encryption is used when available, or force the issue and disallow SIP clients that are not capable of it.
  Any other questions, just post them here. I'll do my best to answer it :)
31. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 09:07 · Score: 0
  
  >do we want open source malware?
  No, we just want people who refuse to write malware. For any reason.
  Especially for money.
  So morally, he's an assh*le because he DID write it, and for money.
32. Re:Government Support Malware... Great... by Eil · 2009-08-26 09:15 · Score: 1
  
  but the reality is that there is a risk some idiot out there is going to misuse this information.
  There are a lot of idiots out there. There is a lot of information out there. I dare you to try to keep them separate.
  
  Seriously, do we want open source malware?
  Well, why not?
  1. Having the malware open source means that everyone can study it. Not just script kiddies but also security researchers, software developers, and students.
  2. If the malware exposes any vulnerabilities, they can be fixed a lot more readily than if an expert white hat reverse engineer had to step through the compiled version in a debugger to find out what was going on.
  3. Obscurity is not security. Someone, somewhere, would have also figured out how to make a Skype wiretapping trojan and use it for nefarious purposes, if they haven't already.
33. Re:Government Support Malware... Great... by Kokuyo · 2009-08-26 09:19 · Score: 1
  
  Albeit late, thanks to Inglorious Basterds, I'd like to mention that I AM Swiss, you insensitive clod! ;)
34. Re:Government Support Malware... Great... by Hurricane78 · 2009-08-26 11:22 · Score: 1
  
  The point is, that if he had not opened the source, the same would happen, but without a chance for Skype or us!
  That's the thing! It's not as if not opening the source would have prevented anything.
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
35. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-26 19:00 · Score: 0
  
  Yes, you moron.
36. Re:Government Support Malware... Great... by Anonymous Coward · 2009-08-27 00:24 · Score: 0
  
  moreover, at this point Skype MUST fix their software.
37. Re:Government Support Malware... Great... by hawleyal · 2009-08-27 00:53 · Score: 1
  
  Seriously, do we want open source malware?
  Yes, yes we do.
  Open source malware is important for the security of the targeted systems.
  If unnamed corporate software monopoly discovers hole via malware, and doesn't release a notification (let alone patch), everyone else can discover that hole as well.
  If all malware writers were so inclined to help the public protect against their malware.
Surprised by davidwr · 2009-08-26 02:50 · Score: 1

When the American/British/other-similar-country version of something similar comes out it will be on Wikileaks, without attribution.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Seriously, do we want open source malware? by Presto+Vivace · 2009-08-26 03:00 · Score: 1

I wondered the same thing.
Not helpful? by weirdcrashingnoises · 2009-08-26 03:06 · Score: 2, Interesting

Isn't the idea of full disclosure meant to help security by bringing to light flaws in ...whatever? thus forcing companies/governments to deal the the problem rather than simply ignore them. Altho in this case a government (Swiss) is playing on one side, and a company (Skype) is on the other.

--
sigs... don't talk to me about sigs....
Now, Would A Patriot Please Post by Anonymous Coward · 2009-08-26 03:10 · Score: 2, Funny

the N.S.A.'s code for intercepting EVERYTHING .
Yours Seditiously,
Kilgore Trout
1. Re: Now, Would A Patriot Please Post by muckracer · 2009-08-26 03:24 · Score: 1
  
  dd if=/dev/all_major_inter_slash_national_pipes of=/dev/dcs_in_maryland | grep -f echelon_keywords.txt > mail -s FARKINGCOMMIES! analyst14398@nsa.gov
  You're welcome! :-)
2. Re: Now, Would A Patriot Please Post by TheRaven64 · 2009-08-26 04:21 · Score: 2, Informative
  
  I suspect you mean tee, not dd. The dd command won't output anything to the stdout so grep never receives any input.
  Although, come to think of it, that would explain why the wiretapping program hasn't produced much by way of results...
  
  --
  I am TheRaven on Soylent News
Call me naive... by Zantac69 · 2009-08-26 03:11 · Score: 2, Insightful

...but isnt this is a little irresponsible? Its not as irresponsible as handing a loaded Glock to a 17 year old that as raised on Half-Life, Doom, Quake, etc...but still. You are giving basically ready made code to cryp kiddies to cut, paste, and be stupid with. True black hats probably dont need it (or already had it), but that kind of makes it too easy for the wannabes. I can see why code would be released so that software makers can IMPROVE and and lock down their code to prevent snooping like this...but to just toss it out there so anyone can play with it. :shrug: Just does not seem right. (of course - the snooping to begin with was probably not "right" to begin with)

--
1331461 is only semiprime *sigh* Alas - I am just short of 1337.
1. Re:Call me naive... by jimicus · 2009-08-26 03:28 · Score: 5, Informative
  
  You're naive.
  I'm not going to go searching on Google now but there are already loads of malware toolkits out there being used by script kiddies, some of which are rather easier to use than "First learn to code in C". This doesn't change anything.
2. Re:Call me naive... by mcgrew · 2009-08-26 03:55 · Score: 3, Insightful
  
  It's odd that even though I'm 57 years old, I have a far higher opinion of youth than you seem to have. Also odd that you think Doom or Quake would turn teens into killers; what turns teens into killers is mental illness, bad upbringing, or high school bullies. And most of the teens who have these unfortunate circumstances kill themselves, not others.
  Most kids I've known from the time I was a teen to now were good kids. Some teenagers I've known were more responsible than a lot of adults I've known. Some were even more responsible than their own parents.
  
  --
  Free Martian Whores!
3. Re:Call me naive... by MikeBabcock · 2009-08-26 04:21 · Score: 1
  
  For example to supplement the parent, bo2k isn't exactly hard to find. They have a really huge website with a lot of details on how to use it.
  
  --
  - Michael T. Babcock (Yes, I blog)
4. Re:Call me naive... by hitnrunrambler · 2009-08-26 04:23 · Score: 3, Insightful
  
  You're looking at if from a perspective that can be generalized "security through obscurity"; at it's core is a hope that limiting the general knowledge of a subject will prevent "bad people" from interfering. Again generalizing the motto could be "The less people know the more everyone is safe."
  The weakness of this in practical terms is that people discover things and motivated people can be very creative. If one person or team can accomplish something there is no reason to assume that they are the only ones who possibly could.
  Let's think of it in physical terms: To modify your analogy, this is like assuming "I haven't given {violence-prone-teen} a gun; therefore he can't possibly have a gun."
  Proper disclosure (which on the surface this seems to be) raises awareness of vulnerabilities and helps motivate those who work towards combating such vulnerabilities. It also means that if those responsible are unwilling/unable to fix the problem that the general public is now aware of a problem and may be able to modify their own vulnerability to it. (With these 2 goals in mind some people follow a firm 2 step process of disclosure; informing "the authorities" first to give them a headstart, then informing the general public.)
  Proper disclosure of where a violent teen "might" get a gun disperses the illusion that "I didn't give him a gun so he must be unarmed".
  The dilemma does exist that if a vulnerability is not secured after being disclosed then, yes you have essentially given junior directions to a Glock. But as another responder pointed out... this is hardly the only source for potentially malevolent software/code. If junior is determined to kill he will find a way.
  Where does your ethical duty fall when you have such knowledge?
  That's for you to carefully consider and decide (which is the entire concept behind ethics anyway). But many people would advocate for knowledge, aware that knowledge does not automatically make us safe, but secure in their belief that ignorance never makes us safe... it just makes us feel safe.
5. Re:Call me naive... by Anonymous Coward · 2009-08-26 04:28 · Score: 1, Insightful
  
  of course irresponsibly feeding your children a steady diet of violent entertainment might just qualify as a symptom of "bad upbringing". Results vary.
6. Re:Call me naive... by xenobyte · 2009-08-26 23:16 · Score: 1
  
  Actually it can't qualify as bad upbringing in itself - unless we're moving into the couch potato vs. physically active schism. Feeding children violent entertainment isn't any different than feeding them bad quiz and game shows. It might actually be better if it's creatively done violence as the game show diet is a proven intelligence killer.
  
  --
  "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Criminals All by bloobamator · 2009-08-26 03:25 · Score: 1

Both he and the company he works for are criminals. Allegedly.

--
"Crude and slow, clansman. Your attack was no better than that of a clumsy child."
Bundestrojaner = Federal Trojan by Anonymous Coward · 2009-08-26 03:29 · Score: 1, Informative

In case anyone was curious, "Bundestrojaner" means "Federal Trojan" (if I'm remembering right from my highschool German classes).
1. Re:Bundestrojaner = Federal Trojan by Anonymous Coward · 2009-08-26 03:48 · Score: 0
  
  You remember correctly. It's a term that most likely originated in Germany where the federal police wants to/already does use trojans to remotely access computers.
Re:Mod parent by Anonymous Coward · 2009-08-26 03:32 · Score: 0

-1 SHOUTING
+1 momentofsilence
He's doing it wrong.
Unfortunately it was done the easy way by mrjb · 2009-08-26 04:01 · Score: 1

Even though the source of the trojan is made GPL, we won't see Skype support in Pidgin anytime soon; rather than decoding the audio stream, the code intercepts the already-decoded audio. That is, the trojan author did not reverse- engineer any parts of the Skype protocol. Too bad- unfortunately this means I'll still need to be running multiple messenging clients. Fortunately my Skype contact list is rather short.

--
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
Why the heck by JustNiz · 2009-08-26 04:19 · Score: 3, Interesting

Why haven't the police already busted down the door of ERA IT Solutions and taken all their servers away? Why aren't there tons of class action lawsuits against ERA IT from people that got infected and spied on?
1. Re:Why the heck by witherstaff · 2009-08-26 05:13 · Score: 1
  
  It could be that like the ACLU warantless wiretapping case that was thrown out by the supreme court, it would require people that could prove they were actually spied upon. Of course just knowing you were spied upon would be a state secret so it's a chicken/egg sort of thing. Not sure if the Swiss have such a screwy legal system as the US but it wouldn't surprise me if it's a government covering its own ass.
2. Re:Why the heck by KC7JHO · 2009-08-26 07:20 · Score: 1
  
  Once and for all... Rabbit/Egg/Chicken ... just so you know and all... ;)
3. Re:Why the heck by Anonymous Coward · 2009-08-26 08:33 · Score: 0
  
  Switzerland. No Class Action Law Suit...
4. Re:Why the heck by Hurricane78 · 2009-08-26 11:28 · Score: 1
  
  Haven't you read the summary? It was ordered by the government! They payed for it. The Bundestrojaner was meant to be used in at least Germany, as a tool for the federal intelligence service!
  Of course the police that nothing. It's their own project!
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
5. Re:Why the heck by JustNiz · 2009-08-27 04:11 · Score: 1
  
  Just because one dept. of the governmnent ordered it does'nt make it legal.
  The police should enforce the law, even if its a part of the government that broke it.
Doesn't by Anonymous Coward · 2009-08-26 04:28 · Score: 1, Interesting

Vista support DRM on the hardware level?? Could this not be used to encrypt any communications to and from your machine? Isn't it illegal in the US to try to decrypt such messages under the DCMA?
1. Re:Doesn't by Stupendoussteve · 2009-08-26 05:55 · Score: 2, Informative
  
  Last I checked Switzerland was a nation independent of the United States and thus not subject to the DMCA and other such nonsense.
Re:Mod parent by davidwr · 2009-08-26 04:44 · Score: 1

-1 SHOUTING
+1 momentofsilence
He's doing it wrong.
+0 Wailsofmourning ???

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Horse already bolted by improfane · 2009-08-26 05:43 · Score: 1

We're talking about a trojan that has complete access to the local machine.

If the machine is compromised, nothing you do really matters. It's closing the barn doors after the horse has bolted; fixing this is silly. It's just like this 'exploit'.
You could just record whatever comes from stereo mix? Why bother decrypting anything?

--
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
WINDOWS ONLY? by webweave · 2009-08-26 06:01 · Score: 1

YES, Looks like it only works on windows, I wish these articles would start by listing what is vulnerable. Of course anyone who knows anything about security knows windows is totally broken as far a security goes and it is way too big of a target for future malware writers so best to just avoid it if you are building systems where privacy in important. I'd tell you what I do but I'm sworn to secrecy.
Yeah! by improfane · 2009-08-26 06:24 · Score: 1

I would have modded you up in your original post but chose to reply because of another reply in the thread I think. I actually agree but was trying to strengthen your analogy.

--
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
1. Re:Yeah! by element-o.p. · 2009-08-26 06:37 · Score: 1
  
  It never hurts to flesh out and clarify an argument. That's one of the reasons I love /. -- I get critical analysis of my thinking, which I greatly enjoy (well,usually :). "Steel sharpens steel," and all that. Thanks for showing me where I can do better!
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
"Bundestrojaner" == german, not swiss by kju · 2009-08-26 06:34 · Score: 1

"Bundestrojaner" is the nickname in germany for the trojan intended to do a "online (house) search" under german law. The article also mentions that. Quote: "You say that while you worked for ERA IT Solutions under consignment of the German Federal Police (Bundeskriminalamt/BKA) you were entrusted with the development of a trojan". Please note that the guy in question does not admit that he worked on the "Bundestrojaner", but mentions that the BKA employed own people to do that. The article reports that he programed a trojan for skype calls for the swiss government, but that one is not what is usually understood to be/should be the "Bundestrojaner".
1. Re:"Bundestrojaner" == german, not swiss by Chrigi · 2009-08-26 09:58 · Score: 1
  
  Exactly what I wanted to post just now. The Bundestrojaner has nothing to do with Switzerland! But still I'm a bit confused... I live in Switzerland and read the Newspapers and normally watch the News but that a Company developed a "Skype Trojan" for the government completely slipped through my fingers apparently O.o That sucks pretty hard! Not only do we have a stupid DNS Block for CP sites (at least Germany had a chance to fight against it -.-) but now this? In Soviet Switzerland...
I should have said by improfane · 2009-08-26 06:43 · Score: 1

I should have said I was commenting on wiretapping itself, not GPL. GPL's intended purpose is to help people and for freedom like a car is for transport. :-) This is why I like Slashdot, there are many level headed people!

--
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
Let me provide some insight... by denzacar · 2009-08-26 07:14 · Score: 1

Why haven't the police already busted down the door of Heckler & Koch and taken all their machines away? Why aren't there tons of class action lawsuits against Heckler & Koch from people that got shot and killed?
Oh riiiight... They don't kill people. Their customers to kill people. Their major customers being governments.
They are just a private company, providing a service for a friendly foreign government.
Oh and...
http://en.wikipedia.org/wiki/Class_action_lawsuit#Switzerland

Switzerland
Swiss law does not allow for any form of class action. When the government proposed a new federal code of civil procedure in 2006, replacing the cantonal codes of civil procedure, it rejected the introduction of class actions, arguing that:
[It] is alien to European legal thought to allow somebody to exercise rights on the behalf of a large number of people if these do not participate as parties in the action. ... Moreover, the class action is controversial even in its country of origin, the U.S., because it can result in significant procedural problems. ... Finally, the class action can be openly or discretely abused. The sums sued for are usually enormous, so that the respondent can be forced to concede, if they do not want to face sudden huge indebtness and insolvency (so-called legal blackmail).

--
Mit der Dummheit kämpfen Götter selbst vergebens
Dammit by denzacar · 2009-08-26 07:17 · Score: 1

Meant to say:

Their customers use their product to kill people.

--
Mit der Dummheit kämpfen Götter selbst vergebens
Not Exactly Rocket Science by cromar · 2009-08-26 09:11 · Score: 1

This isn't rocket science or brain surgery. A trojan that sniffs your internet connections' packets and allows interested parties to gain access to the packets sent/received by Skype or any other application could be written mostly with open source libraries already available. It would take some bit of know-how, but nothing extremely specialized. Heck, you could even just stream the user's microphone audio data out and bypass Skype entirely. You could connect directly to the user's web cam - I think there was a virus/trojan that did that already even :)
1. Re:Not Exactly Rocket Science by Anonymous Coward · 2009-08-26 09:37 · Score: 0
  
  This isn't rocket science or brain surgery. A trojan that sniffs your internet connections' packets and allows interested parties to gain access to the packets sent/received by Skype or any other application could be written mostly with open source libraries already available. It would take some bit of know-how, but nothing extremely specialized. Heck, you could even just stream the user's microphone audio data out and bypass Skype entirely. You could connect directly to the user's web cam - I think there was a virus/trojan that did that already even :)
  
  There are many which already do that.
Who is the user anyway by CAPSLOCK2000 · 2009-08-26 12:53 · Score: 1

If such a trojan is installed on a computer, who is the user? The one installing the trojan or the victim. Although the victim may not know it, he is obviously using the software.
According to the GPL he has a right to the code :)
Free Trojans by Anonymous Coward · 2009-08-27 00:12 · Score: 0

A GPLed Trojan? So, if you deceive me into installing the trojan, you also have to provide me with a copy of the licence informing me of my rights, and the source code at my request?