Slashdot Mirror

← Back to Stories (view on slashdot.org)

Coder of Swiss Wiretapping Trojan Speaks Out

Posted by Soulskill on from the is-swiss-software-full-of-security-holes dept.

Lars Sobiraj writes "Ruben Unteregger has worked for a long time as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would invade PCs of private users, and allow the wiretapping of VoIP calls — in particular, calls made through Skype. In the German-speaking areas of the country, the Trojans were called 'Bundestrojaner' because the Swiss government was involved with their development and use. Unfortunately, Unteregger has to remain silent about the customers of the company. Last night, he published the source code of his Skype-Trojan under the GPL."

13 of 114 comments (clear)

  1. Government Support Malware... Great... by LitelySalted · · Score: 3, Interesting

    Government supported malware...

    I guess he's trying to vindicate himself by publishing the source code, but the reality is that there is a risk some idiot out there is going to misuse this information.

    Seriously, do we want open source malware?

    1. Re:Government Support Malware... Great... by Kokuyo · · Score: 5, Insightful

      but the reality is that there is a risk some idiot out there is going to misuse this information.

      SOME idiot? I'm most worried about the government itself, thank you.

    2. Re:Government Support Malware... Great... by AndrewNeo · · Score: 4, Insightful

      Yes, we do, for the same reason we want other software to be open source.. security. If we can see into a program's source, we can identify potential security issues. By releasing the trojan's source code, Skype can fix their software.

    3. Re:Government Support Malware... Great... by AlXtreme · · Score: 3, Informative

      By releasing the trojan's source code, Skype can fix their software.

      I don't think this will help Skype a lot, at best they could attempt to stop this particular trojan.

      We're talking about a trojan that has complete access to the local machine. At some point in the software Skype has to decrypt the audio transmission and send the data via the OS's audio API, and that is where this trojan will intercept the data. Skype now knows how the trojan intercepts the data, and at best they could frustrate it in a new version (which would work until the trojan is updated).

      The big question is if Skype is still secure without having to gain access to the local machine (ie. can law enforcement decrypt Skype traffic).

      --
      This sig is intentionally left blank
    4. Re:Government Support Malware... Great... by WindowlessView · · Score: 3, Funny

      I'm most worried about the government itself, thank you.

      Well thankfully this was the Swiss government. The US would never use some of the billions poured into the new "Cyberwar" to do exactly the same thing. We have laws and high government officials always get brought to justice over things like this...

      --
      Leave the gun, take the cannolis.
    5. Re:Government Support Malware... Great... by hitnrunrambler · · Score: 3, Insightful

      You are the government (at least you're supposed to be) here in the US, so if you're afraid of the government, you're afraid of yourself. How is that for recursive fear? :-D

      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.

      Cool... having a sig that highlights why you should be "afraid of yourself" while commenting on the recursive nature of such fear turns it from being a simple recursion into a complex fractal pattern.

  2. Re:GPL ? by wild_quinine · · Score: 5, Informative

    Most certainly the guy doesn't even own the source code since he did it under contract from an employer, so he cannot really "release" what is not his... Maybe I'm wrong and he owns the source code though.

    From the article:
    "There won't be problems about copyright, because ERA IT Solutions let me keep it... About the details, why I keep the copyright on this, I can't offer a statement. As already mentioned I agreed to absolute silence. You can speculate now or ask the sources directly. "

  3. Re:Call me naive... by jimicus · · Score: 5, Informative

    You're naive.

    I'm not going to go searching on Google now but there are already loads of malware toolkits out there being used by script kiddies, some of which are rather easier to use than "First learn to code in C". This doesn't change anything.

  4. Re:Call me naive... by mcgrew · · Score: 3, Insightful

    It's odd that even though I'm 57 years old, I have a far higher opinion of youth than you seem to have. Also odd that you think Doom or Quake would turn teens into killers; what turns teens into killers is mental illness, bad upbringing, or high school bullies. And most of the teens who have these unfortunate circumstances kill themselves, not others.

    Most kids I've known from the time I was a teen to now were good kids. Some teenagers I've known were more responsible than a lot of adults I've known. Some were even more responsible than their own parents.

    --
    Free Martian Whores!
  5. Re:GPL ? by chrb · · Score: 4, Interesting

    About the details, why I keep the copyright on this, I can't offer a statement.

    My guess would be liability. If Skype want to sue the "owner" of the trojan, the company is safe. If a "victim" of the trojan wants to sue the "owner", the company is safe. In any court case, the company can turn around and say "Ah, but we just provide advice and consultancy services. The creator and owner of the trojan code is Ruben Unteregger, and he is a completely different legal entity."

  6. Why the heck by JustNiz · · Score: 3, Interesting

    Why haven't the police already busted down the door of ERA IT Solutions and taken all their servers away? Why aren't there tons of class action lawsuits against ERA IT from people that got infected and spied on?

  7. Re:Call me naive... by hitnrunrambler · · Score: 3, Insightful

    You're looking at if from a perspective that can be generalized "security through obscurity"; at it's core is a hope that limiting the general knowledge of a subject will prevent "bad people" from interfering. Again generalizing the motto could be "The less people know the more everyone is safe."

          The weakness of this in practical terms is that people discover things and motivated people can be very creative. If one person or team can accomplish something there is no reason to assume that they are the only ones who possibly could.

          Let's think of it in physical terms: To modify your analogy, this is like assuming "I haven't given {violence-prone-teen} a gun; therefore he can't possibly have a gun."

          Proper disclosure (which on the surface this seems to be) raises awareness of vulnerabilities and helps motivate those who work towards combating such vulnerabilities. It also means that if those responsible are unwilling/unable to fix the problem that the general public is now aware of a problem and may be able to modify their own vulnerability to it. (With these 2 goals in mind some people follow a firm 2 step process of disclosure; informing "the authorities" first to give them a headstart, then informing the general public.)

          Proper disclosure of where a violent teen "might" get a gun disperses the illusion that "I didn't give him a gun so he must be unarmed".

          The dilemma does exist that if a vulnerability is not secured after being disclosed then, yes you have essentially given junior directions to a Glock. But as another responder pointed out... this is hardly the only source for potentially malevolent software/code. If junior is determined to kill he will find a way.

          Where does your ethical duty fall when you have such knowledge?
    That's for you to carefully consider and decide (which is the entire concept behind ethics anyway). But many people would advocate for knowledge, aware that knowledge does not automatically make us safe, but secure in their belief that ignorance never makes us safe... it just makes us feel safe.

  8. Re:GPL ? by oldhack · · Score: 4, Funny

    Title reads: "Coder of Swiss Wiretapping Trojan Speaks Out"

    Summary reads: "Unfortunately, Unteregger has to remain silent about the customers of the company."

    The parent quotes the guy: "About the details, why I keep the copyright, I can't offer a statement. As already mentioned I agreed to absolute silence."

    That's why I am not commenting on this story.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.