German Government's Malware Analyzed

← Back to Stories (view on slashdot.org)

German Government's Malware Analyzed

Posted by timothy on Saturday October 8, 2011 @08:31AM from the unter-dem-mikroskop dept.

First time accepted submitter lennier1 writes "The German hacker group CCC (Chaos Computer Club) has analyzed a piece of malware the German government uses in criminal investigations to spy on a suspect's computer. I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

162 comments

Min score:

Reason:

Sort:

Frosty Piss by ae1294 · 2011-10-08 08:37 · Score: -1

"I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."
No not really...
1. Re:Frosty Piss by Anonymous Coward · 2011-10-08 08:48 · Score: 0
  
  Sweet, thanks for clearing that up.
2. Re:Frosty Piss by ae1294 · 2011-10-08 08:52 · Score: 1
  
  Sweet, thanks for clearing that up.
  Slashdot asked me "personally" for my opinion... Gezz, don't mod me bro...
3. Re:Frosty Piss by ScrewMaster · 2011-10-08 09:30 · Score: 1
  
  "I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."
  No not really...
  Really, if the government (any government) is going to get into the malware game, they should hire people to create it for them who are at least as competent as the guys on the other side of the fence.
  
  --
  The higher the technology, the sharper that two-edged sword.
4. Re:Frosty Piss by fuzzyfuzzyfungus · 2011-10-08 09:51 · Score: 5, Interesting
  
  The piece of incompetence that I find really striking is not so much the general shoddiness; but the fact that the malware is using a proxy setup in the US to avoid having its traffic traced back to the German police entity using it. Even if they know nothing about the tech side of things, surely exporting the evidence outside of the state, country, and EU, to some random datacenter in the US, would mean a hairy pile of privacy and chain-of-custody problems for the chaps in legal?
5. Re:Frosty Piss by Anonymous Coward · 2011-10-08 12:04 · Score: 1
  
  nope, as german law doesnt exclude illegaly obtained evidence from use in court.
  ive read enough dystopiae to see where this is goin...
6. Re:Frosty Piss by ozmanjusri · 2011-10-08 14:21 · Score: 1
  
  at least as competent as the guys on the other side of the fence.
  The general public is not known for their competence in computer software development. The government would be better off employing criminal hackers.
  
  --
  "I've got more toys than Teruhisa Kitahara."
7. Re:Frosty Piss by IWannaBeAnAC · 2011-10-08 14:28 · Score: 5, Interesting
  
  nope, as german law doesnt exclude illegaly obtained evidence from use in court.
  Right, but that is appropriate. The USA is the only country I know of that does exclude evidence like that. In most jurisdictions, the aim (idealized, not always realized) of a court case is to uncover the truth of what happened. If the law was broken in the process of obtaining evidence, by all means prosecute the people who broke the law, but to exclude that evidence is a weird thing to do. At least, 90% of the planet thinks so...
  The situation in the US is based on a rather bizarre interpretation of the constitution set by the supreme court, actually not so long ago, starting from around 1920. The Fourth Amendment of the constitution is the one about "no unreasonable searches and seizures", and requiring "probable cause". But it doesn't specify what the penalty should be if those rights are violated. In much of the rest of the world, the equivalent violation (eg, of police or some other person obtaining evidence illegally) opens the offender for prosecution but whatever evidence is obtained can still be used. That was the case in the USA before the early 20th century. But several court cases in the 20's and 30's established the "fruit of the poisonous tree" doctrine, in which evidence which was obtained illegally is not admissible in court. This has resulted in many farcical court cases where the facts of the case are well established, but can't be presented in court because the evidence was obtained illegally (in some cases, due to some technical omission). It also results in lots of arguments where opposing lawyers have a big bun fight, and make lots of money, arguing at length over whether a particular fact is allowed to be presented to the court or not.
  It has also resulted in the attitude that cops who break the law are already "punished" by being unable to present the evidence in court (and often therefore unable to convict a criminal), and that this is sufficient punishment for the cop. Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves, in the US they typically don't. This is an encouragement towards corrupt behavior.
8. Re:Frosty Piss by Kjella · 2011-10-08 15:56 · Score: 2
  
  The USA is the only country I know of that does exclude evidence like that.
  Norway would be the second country then. In fact, it's probably stronger than the US protection because an employer that made illegal recordings of his employers had the evidence rejected after filing charges for embezzlement. That one went to the supreme court, I couldn't find a similar case where the police used illegal methods because once that is known the charges would be dropped. Honestly I would be surprised if a modern rule of law didn't include something like that, otherwise there's a million loophole where the police can protect each other or hired thugs to provide evidence without any clear trail.
  
  --
  Live today, because you never know what tomorrow brings
9. Re:Frosty Piss by sourcerror · 2011-10-08 18:50 · Score: 1
  
  I think in Hungary it works similar to the US. Also, evidence can't be reused in a different trial.
10. Re:Frosty Piss by maxwell+demon · 2011-10-08 19:25 · Score: 1
  
  "I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."
  No not really...
  I'm sure everyone here is familiar with the concept of sarcasm.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
11. Re:Frosty Piss by CSMoran · 2011-10-08 23:06 · Score: 1
  
  "I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."
  No not really...
  I'm sure everyone here is familiar with the concept of sarcasm.
  No not really...
  
  --
  Every end has half a stick.
12. Re:Frosty Piss by clickforfreepizza · 2011-10-08 23:12 · Score: 2
  
  It has also resulted in the attitude that cops who break the law are already "punished" by being unable to present the evidence in court (and often therefore unable to convict a criminal), and that this is sufficient punishment for the cop.
  Well, not so in Germany. Typically (at least according to popular lawblog.de) it's like this: Prosecutor gets judge to sign a search order which is blatantly illegal. Search victim goes to court; result: a letter to hang over the fireplace saying the search was illegal.
  If the search victim is prosecuted, the court has to weigh what's more important: the injury of the illegal search or dealing with the crime. Hint: answer's always the same.
  
  Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves, in the US they typically don't.
  Unless it's something big like the recent blanket surveillance of all mobile phones in a city, I don't know there's ever been any consequence in Germany.
13. Re:Frosty Piss by Opportunist · 2011-10-08 23:19 · Score: 2
  
  Knowing the German government, and how it works, I can tell you how this train wreck came into existence.
  Some government employee drafted the requirements for the toy. Being a government employee, he doesn't know jack about security and got his job mostly due to connections and knowledge of people rather than the matter at hand. And as such, his draft was shabby and less than perfect.
  The company executing the order did implement it with the minimal effort to meet the requirements, as is usual in such a scenario. And hence the blunders.
  Why the shabby not-quite-secure AES implementation? Because the requirements most likely listed "must do AES" without details on why and how.
  Why the proxy in the US? Because it wasn't part of the draft and it's been probably cheaper to do.
  Why the hole where planting "evidence" is possible? Because audit security was no requirement.
  Why all the other blunders? Because they were not part of the bid invitation and implementing them would have increased the cost.
  In a nutshell, even if the executing company could do it better, my money is on the wager that it was simply not part of the specs. What's not in the specs does not get implemented.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
14. Re:Frosty Piss by makomk · 2011-10-09 00:46 · Score: 2
  
  In much of the rest of the world, the equivalent violation (eg, of police or some other person obtaining evidence illegally) opens the offender for prosecution but whatever evidence is obtained can still be used. That was the case in the USA before the early 20th century. But several court cases in the 20's and 30's established the "fruit of the poisonous tree" doctrine, in which evidence which was obtained illegally is not admissible in court.
  This incentivises the police and prosecution services in other countries to ride roughshod all over the rules of evidence if the crime is serious and they think it'll net them a conviction. I mean, who really cares if a pedophile was convicted using illegally-collected evidence - he obviously doesn't deserve any rights, and neither the press nor the courts are likely to see anything much wrong with this, if he even lives long enough in jail to be able to sue in the first place. Without the "fruit of the poisonous tree" doctrine, deciding whether or not to deliberately and illegally collect evidence just becomes a gamble - the odds of netting a conviction versus the odds that the person is innocent and it'll backfire - and the police tend to be biased towards assuming guilt. Only throwing out evidence collected in this way can remove the incentive to trample on the constitution.
15. Re:Frosty Piss by nabsltd · 2011-10-09 01:25 · Score: 2
  
  Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves
  What a quaint belief.
  Cops in every jurisdiction don't even get their hand slapped unless they start doing things that are orders of magnitude beyond what would cause normal citizens to be thrown in jail for 10 years. Yes, there are a few examples made, but generally those are going to be people that the rest of the cops didn't like for some other reason.
16. Re:Frosty Piss by Anonymous Coward · 2011-10-09 01:41 · Score: 0
  
  "The government would be better off employing criminal hackers."
  The leaders don't like the competition.
17. Re:Frosty Piss by ScrewMaster · 2011-10-09 03:53 · Score: 1
  
  at least as competent as the guys on the other side of the fence.
  The general public is not known for their competence in computer software development. The government would be better off employing criminal hackers.
  The problem there is ... they're criminals. You'd have to have any code they come up with vetted by someone competent enough, indeed tricky enough, to make sure there's nothing in there that could make the whole thing backfire (I mean, hell, if you were a blackhat of that magnitude ... wouldn't you try to put one over on the gendarmes? Just as a matter of principle?) And if you know someone you can trust who's good enough to spot any problems, you might as well just hire him (or her) in the first place.
  
  It's a bit of a conundrum though, if you work for law enforcement: any capable programmer with ethics is going to think twice about accepting that kind of a job in the first place. The fact that it's "for the good guys" isn't sufficient reason in my mind. I wouldn't do it, even though I could. It's one of a number of areas where I just won't go, even if it might be an entertaining technical challenge. Too much potential for innocent people to get hurt, and I wouldn't want that on my head.
  
  --
  The higher the technology, the sharper that two-edged sword.
18. Re:Frosty Piss by ScrewMaster · 2011-10-09 03:55 · Score: 1
  
  "The government would be better off employing criminal hackers."
  The leaders don't like the competition.
  Ha ... isn't that the truth.
  
  --
  The higher the technology, the sharper that two-edged sword.
19. Re:Frosty Piss by ScrewMaster · 2011-10-09 03:57 · Score: 1
  
  What's not in the specs does not get implemented.
  Yeah, I think you hit the nail on the head. Nor should they be implemented: it's not the contractor's fault if the purchasing party has its head up its collective ass. Know what you're asking for when you put out a bid request: it's the only way you'll a. have any chance of getting what you want and b. be able to tell if you ultimately got what you paid for. Specs can be a pain in the neck, and many see them as a waste of time, but without a proper spec a development contract is a crapshoot.
  
  --
  The higher the technology, the sharper that two-edged sword.
20. Re:Frosty Piss by Opportunist · 2011-10-09 17:20 · Score: 1
  
  And I don't even want to blame the guy responsible for the bidding conditions, because I'm in his shoes and I know how it works. You get an assignment to write the specs and they should be done by, well, yesterday. I mean, how long does it take to type those five pages?
  What people fail to see is that the work isn't typing. It's pondering what to type and taking every aspect into account. Pretty much like programming, once the code gets written, 90% of the work has already been done. At least if the programmer's worth his money.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
21. Re:Frosty Piss by rioki · 2011-10-09 21:42 · Score: 1
  
  I read one of the job postings from BKA for "IT Security Programmer". I definitely was not included to do the devils job, even though I had the skill and sufficient background to do it. Maybe I should have done it, would not have been a mess like it is now. (And pass it on to the likes of CCC...)
22. Re:Frosty Piss by L4t3r4lu5 · 2011-10-09 21:45 · Score: 1
  
  Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves
  Tell that to Jean Charles de Menezes. You'll probably need a medium, though.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
23. Re:Frosty Piss by rioki · 2011-10-09 23:08 · Score: 1
  
  I kind of disagree, in some way. As a government employee you have actually sufficient time to think it though. But the big obvious problem is that you normally don'T think of all the hooks and notches while you write the original spec. Then you go for a bid and Germany, (for government contracts) you need to take the cheapest bid, that fulfills some basic requirements. As it tuns out there is ALWAYS one bid that servilely undercuts the other bids and you know that this one is crap. Only problem is formally the bid is ok. There is a reason why the Netherlands always take the second best bid, that prevents price fixing.
24. Re:Frosty Piss by tehcyder · 2011-10-10 01:26 · Score: 1
  
  The USA is the only country I know of that does exclude evidence like that.
  Norway would be the second country then. In fact, it's probably stronger than the US protection because an employer that made illegal recordings of his employers had the evidence rejected after filing charges for embezzlement.
  I assume, in that case, that the employer went around one night to the embezzler's house with a couple of baseball-bat wielding friends and beat the crap out of him. There's such a thing as natural justice if the legal system fails too egregiously.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
25. Re:Frosty Piss by ScrewMaster · 2011-10-10 11:42 · Score: 1
  
  I kind of disagree, in some way. As a government employee you have actually sufficient time to think it though. But the big obvious problem is that you normally don'T think of all the hooks and notches while you write the original spec. Then you go for a bid and Germany, (for government contracts) you need to take the cheapest bid, that fulfills some basic requirements. As it tuns out there is ALWAYS one bid that servilely undercuts the other bids and you know that this one is crap. Only problem is formally the bid is ok. There is a reason why the Netherlands always take the second best bid, that prevents price fixing.
  Ideally, there should be some give-and-take. There's no way in hell that a spec author can account for everything, know everything, or be aware of special capabilities of a given supplier. Given some communication with contractors during the spec-writing phase a lot of important details can get nailed down, and the purchaser may often learn about options and methodologies of which he wasn't aware. I used to be a contractor, a long time ago: my specs precisely fit customer requirements because I worked them while I was writing it.
  
  --
  The higher the technology, the sharper that two-edged sword.
26. Re:Frosty Piss by Opportunist · 2011-10-10 18:35 · Score: 1
  
  Odd, when I was on the other end of the bargain (i.e. the "picker"), I had pretty much leeway to pick the right offer, as long as I could sensibly argue my choice.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
27. Re:Frosty Piss by Opportunist · 2011-10-11 04:53 · Score: 1
  
  And that's usually a big nono. You see, when you write the specs together with a potential contractor, a competitor could butt in and argue that that you played favorites and that contractor only won because he pretty much drafted the specs.
  Actually, the sensible thing to do when you're writing specs for a field you lack the expert for is to hire such an expert. And that's actually the proscribed procedure in such a case for government contracts. Hire an expert in the field who will then draft the specs with the feds (them writing the "content" requirements, him adding the "technical" requirements) and exclude him or any affiliates of his from the bid for the actual contract. This is the correct procedure.
  Sadly, when it comes to computers, suddenly every idiot able to turn on a box calls himself an expert. There's also very little in the form of hard credentials in the field that isn't geared towards the management-compliance driven and less the technical-hands-on driven aspect of ITSEC.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Well by esocid · 2011-10-08 08:39 · Score: 0

You want competant surveillance too? Sheesh, so demanding.
I'll go ahead and throw out the "if you've got nothing to hide" out there too, and see how this gets modded.

--
Absolute power corrupts absolutely. indymedia
1. Re:Well by Anonymous Coward · 2011-10-08 13:37 · Score: 0
  
  I'd settle for competent spelling. /grandmanotsee
Surprise, surprise, surprise by AliasMarlowe · 2011-10-08 08:42 · Score: 1

I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict
This must be some new meaning for the word "all" that I have not come across before. Because it implies that "all" means a vanishingly small fraction of the population.

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
1. Re:Surprise, surprise, surprise by Shoe+Puppet · 2011-10-08 08:46 · Score: 4, Funny
  
  /etc/init.d/sarcasm start
  
  --
  (+1, Disagree)
2. Re:Surprise, surprise, surprise by ae1294 · 2011-10-08 08:49 · Score: 0
  
  sudo /etc/init.d/sarcasm start
3. Re:Surprise, surprise, surprise by Smallpond · 2011-10-08 08:51 · Score: 2
  
  /etc/init.d/sarcasm start
  Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.
4. Re:Surprise, surprise, surprise by ScrewMaster · 2011-10-08 09:23 · Score: 2
  
  /etc/init.d/sarcasm start
  Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.
  I use Windows. I don't know how to be sarcastic.
  
  --
  The higher the technology, the sharper that two-edged sword.
5. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 09:26 · Score: 0
  
  /etc/init.d/sarcasm start 2&1 | /dev/null
6. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 09:28 · Score: 0
  
  /etc/init.d/sarcasm start
  Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.
  I use Windows. I don't know.
  FTFY
7. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 09:47 · Score: 0
  
  /etc/init.d/sarcasm start
  Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.
  I use Windows. I don't know how to be sarcastic.
  /etc/init.d/ignorance start
8. Re:Surprise, surprise, surprise by cynyr · 2011-10-08 09:51 · Score: 1
  
  lol, i love the ubuntu people, that don't know they can just log in as root to do a bunch of things and then log out...
  sudo foo
  sudo bar
  sudo start foo
  sudo start bar
  su -
  foo
  bar
  start foo
  start bar
  exit
  
  --
  All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
9. Re:Surprise, surprise, surprise by AliasMarlowe · 2011-10-08 09:59 · Score: 1
  
  Actually, in Ubuntu that should be "sudo su" as the first command...
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
10. Re:Surprise, surprise, surprise by allo · 2011-10-08 10:18 · Score: 1
  
  no. its just "sudo -s". "sudo su" is for people who cannot read manpages.
11. Re:Surprise, surprise, surprise by pizzap · 2011-10-08 10:37 · Score: 1
  
  you may use sudo -i as well.
12. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 10:39 · Score: 0
  
  Yet it takes just as many keystrokes.
13. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 10:41 · Score: 0
  
  Oh - so sorry..
  Start>Run
  net start sarcasm
14. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 10:46 · Score: 0
  
  "sudo -i" works just fine in ubuntu too.
15. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 10:59 · Score: 0
  
  You would be better with not allowing sudo su, sudo -s an sudo -i at all. Compromising your user password compromises the root account too.
  Just memorize two passwords instead of one (user and root), it's safer. And use su when you really need root.
16. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 11:29 · Score: 0
  
  /etc/rc.d/sarcasm start
17. Re:Surprise, surprise, surprise by hb79 · 2011-10-08 11:35 · Score: 0
  
  > lol, i love the ubuntu people, that don't know they can just log in as root to do a bunch of things and then log out...
  Well, it wasn't that many months ago we had a discussion here, where people were peeing all over the "old Unix beards" who would switch to root to get stuff done. If your wrong intention, distraction, or other mistake will lead you to fuck up, some "are you sure - type your password" message isn't going to make you think twice.
18. Re:Surprise, surprise, surprise by broken_chaos · 2011-10-08 11:36 · Score: 1
  
  You have to disallow sudo entirely (or to a carefully-patrolled whitelist of commands), not just "sudo su", "sudo -s" and "sudo -i". Otherwise you can do "sudo bash", "sudo busybox ash", "sudo passwd", "sudo writable-script.sh", "cd bash; ./configure; make; sudo ./bash", and all sorts of other little workarounds.
  As far as security goes... I'd give this a shrug at best. At worst, you're in a situation where many people now need the actual root password and that makes logging and monitoring access a lot harder.
19. Re:Surprise, surprise, surprise by agw · 2011-10-08 11:50 · Score: 1
  
  You're right.
  You would not be able to whitelist any command that may execute a third command, change file bits, change (i.e. specify output files) any script or command that IS in the whitelist, etc.
  It's only really useful if you attach a company policy to it saying "we use this to log the commands you run, if you misuse it, you're a bad boy and will be reported".
20. Re:Surprise, surprise, surprise by Wintervenom · 2011-10-08 12:25 · Score: 1
  
  #!/bin/bash if [[ -z $1 ]]; then echo "Usage: ${0##*/} (stop|start|restart) [daemon]" exit 1 fi if [[ -z $2 ]]; then d=sarcasm else d=$2 fi case $(</proc/1/comm) in systemd) systemctl $1 $d.service ;; upstart) service $d $1 ;; rinit) sv $1 $d ;; init) for s in {rc,init}{.d,}; do [[ -f /etc/$s/$d ]] && /etc/$s/$d $1 done ;; *) if [[ $1 == @(stop|restart) ]]; then killall $d for i in {0..5}; do pidof $d &>/dev/null || break done [[ $? -eq 0 ]] && killall -9 $d fi if [[ $1 == @(start|restart) ]]; then pidof $d &>/dev/null || $d -D fi ;; esac if [[ $? -ne 0 ]]; then echo "FATAL: Could not $1 $d service." exit 1 fi
21. Re:Surprise, surprise, surprise by ScrewMaster · 2011-10-08 12:27 · Score: 1
  
  /etc/init.d/sarcasm start
  Please. It used to be service sarcasm start but we've switched to systemctl start sarcasm.service now.
  I use Windows. I don't know.
  FTFY
  {sigh} the Slashdot hive-mind can be so literal sometimes.
  
  --
  The higher the technology, the sharper that two-edged sword.
22. Re:Surprise, surprise, surprise by awehttam · 2011-10-08 14:48 · Score: 1
  
  net start sarcasm
23. Re:Surprise, surprise, surprise by LordLimecat · 2011-10-08 15:33 · Score: 1
  
  No, sudo su is for people who have a random or unknown root password, but have full sudo capabilities.
24. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 16:37 · Score: 0
  
  ...then an upgrade to IE plus a reboot. followed by 42 system updates and then another reboot.
25. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 18:40 · Score: 0
  
  launchctl start org.slashdot.sarcasm
26. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 21:05 · Score: 0
  
  /etc/init.d/sarcasm start 2&1 | /dev/null
  Is /dev/null a command on your system?
  You mean "/etc/init.d/sarcasm start 2>&1 >/dev/null"
  Or just "/etc/init.d/sarcasm start &>/dev/null"
27. Re:Surprise, surprise, surprise by Anonymous Coward · 2011-10-08 23:16 · Score: 0
  
  Even better. sudo -s
28. Re:Surprise, surprise, surprise by ScrewMaster · 2011-10-09 03:38 · Score: 1
  
  ...then an upgrade to IE plus a reboot. followed by 42 system updates and then another reboot.
  Apparently you've not spent any time on Windows 7 (don't know about Vista, never bothered with it) but 7 has improved the update process considerably over XP and earlier: no more use of Internet Explorer as the update vehicle (I'll cheerfully admit that that was not one of Microsoft's better ideas.) Doesn't need to reboot as often after an update either, so it's more competitive with your typical Linux distro in that regard.
  
  As it happens, my entire household is Linux, and on the Ubuntu workstations and Debian server, I still receive plenty of updates (some of those require the occasional reboot.) Frankly, I don't have a problem with that, on any platform. Nobody is perfect, and I'm glad that an ongoing investment is being made in software security and stability, whether it be from Microsoft, Canonical or anyone else. Trying to blame Microsoft for regular system updates when every other vendor worth its salt does the same thing is disingenuous.
  
  The only machine I have left that is still running Windows is the living room HTPC. It runs a stripped-down XP so we can use Netflix, and that will be gone the moment Netflix releases a version of their Silverlight-based player that works under Linux. If they ever do: I'll probably be dropping them at some point in the near future because their streaming selection isn't that good, frankly.
  
  --
  The higher the technology, the sharper that two-edged sword.
29. Re:Surprise, surprise, surprise by rioki · 2011-10-09 23:13 · Score: 1
  
  Except that you need not to type your passwd twice... so much for that...
30. Re:Surprise, surprise, surprise by cbiltcliffe · 2011-10-10 11:58 · Score: 1
  
  At worst, you're in a situation where many people now need the actual root password and that makes logging and monitoring access a lot harder.
  Or, you could just set up multiple root accounts; one for each admin. Then you can log each admin individually, and know who screwed up what when it hits the fan.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
I think there is something... by Dark+Lord+of+Ohio · 2011-10-08 08:42 · Score: 1

I think there is something we don't know about. If they really got "official" version, then I am expecting that many heads in German federal government will fall.
1. Re:I think there is something... by plover · 2011-10-08 08:49 · Score: 2
  
  I think you are overly optimistic about the ability of most governments to correct their own abuses of power. I doubt they'll fire anyone or even stop using the Trojan, they'll just have someone correct some of the deficiencies the CCC found.
  At the most, they may take the Undersecretary for Purposes of Scapegoating out and publicly fire him. They might terminate the contract with the software company who developed it. But don't expect "many heads" to roll.
  
  --
  John
2. Re:I think there is something... by Anonymous Coward · 2011-10-08 08:51 · Score: 1
  
  Unfortunately crass incompetence and general disregard for laws only means the persons responsible will fall UP the promotion ladder. The more you fuck up, the higher you get. The ruling class cannot do wrong. "Du bist Deutschland!"
3. Re:I think there is something... by YouDieAtTheEnd · 2011-10-08 09:12 · Score: 0
  
  Fer someone from Ohio, you sure do talk funny.
4. Re:I think there is something... by Issarlk · 2011-10-08 09:22 · Score: 1
  
  We are talking about beeping computer with blinking lights in front of strange guys with big glasses typing on keyboard as big 3D skulls rotate over a password form... in the imagination of anyone high enough to fire them. They'll probably shrug and just ask them to hire a goth girl to enhance the security of the encryption channel so that they don't get their computers fried in a deluge of sparks if the bad guys squeeze through the security holes".
5. Re:I think there is something... by barv · 2011-10-08 09:39 · Score: 1
  
  More likely than federal public servants being sacked for wrongdoing is a witch hunt to find out who leaked the binary. Oh and also an attempt will be made to hire a proper programmer in place of their script kiddy.
6. Re:I think there is something... by Anonymous Coward · 2011-10-08 09:49 · Score: 0
  
  Heads in the German government rarely fall over wrongdoing. Usually, people just shift blame and weasel out of it.
  "At least it's not as bad as in America" is a common political excuse, and it is all done for the purpose of protecting German democracy.
7. Re:I think there is something... by Anonymous Coward · 2011-10-08 10:52 · Score: 0
  
  No they won't. Only a few nerds will understand what the CCC is talking about. These people are so glaring whitehat that they run to the media before even demonstrating that an exploit is possible. They would have had the chance to spoof the trojan and thus make all evidence the trojan has already collected invalid in court. Instead they chose premature publicity, which will have exactly zero consequences, except that now they have alerted the other side, given them precious advice for free, and destroyed their own chance at proving that what they analyzed is indeed a government-issued trojan.
8. Re:I think there is something... by ultranova · 2011-10-08 15:06 · Score: 0
  
  I think there is something we don't know about. If they really got "official" version, then I am expecting that many heads in German federal government will fall.
  
  Yeah. A country that was mentored by both Hitler and Stalin really has no excuse for incompetence in this area.
  
  --
  Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
9. Re:I think there is something... by Anonymous Coward · 2011-10-08 18:33 · Score: 0
  
  to find out who leaked the binary
  I hope you understand that in order for it to DO anything, you kind of have to... put it on people's computers.
10. Re:I think there is something... by Dark+Lord+of+Ohio · 2011-10-08 19:28 · Score: 1
  
  Fer someone from Ohio, you sure do talk funny.
  LOL, but I try not to forget to spell check what I send :)
11. Re:I think there is something... by rioki · 2011-10-09 23:19 · Score: 1
  
  No no we are unfailable. "Wir sind Papst!"
12. Re:I think there is something... by V+for+Vendetta · 2011-10-10 04:38 · Score: 1
  
  It wasn't "leaked". It was handed over to the CCC by a lawyer. He defended a guy in court which the malware was used against to collect evidence.
13. Re:I think there is something... by t2t10 · 2011-10-19 08:35 · Score: 1
  
  I seriously doubt it. Since WWII, German governments have gotten away with a lot, including massive surveillance and widespread invasions of privacy. Germans just don't care.
extracted binaries by Anonymous Coward · 2011-10-08 08:47 · Score: 0

I was going to scan the binaries with some anti-virus programs to see if their signatures were detected, but the downloaded tgz file comes up with errors when attempting to extract. Anyone else running into that problem?
1. Re:extracted binaries by Anonymous Coward · 2011-10-08 09:00 · Score: 0
  
  works perfectly fine for me
2. Re:extracted binaries by freedumb2000 · 2011-10-08 09:25 · Score: 1
  
  In the german paper at least, it says that it is not currently detected.
3. Re:extracted binaries by berniemne · 2011-10-08 09:47 · Score: 1
  
  tgz is fine for me. Avast is not detecting it. I'm scared.
4. Re:extracted binaries by Opportunist · 2011-10-08 23:22 · Score: 1
  
  AV tools are only as good as the samples the company making them has. And since I'd guess the German government is no more trustworthy than any other malware spreader, I doubt they handed samples to the various AV makers.
  Now that those samples are available, scan again in a few days to see which AV makers put their money where their mouth is, and which are bending over and beg for lube.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
But most importantly by Dunbal · 2011-10-08 08:51 · Score: 4, Insightful

Can this trojan upload child pornography (or any other incriminating files/images) to the suspects computer, to be collected as "evidence" at a later date? I suspect it can. And if this program can uninstall itself at a later date, then this is a perfect tool for "bring him in, boys". Oh George Orwell, how foresighted you were.

--
Seven puppies were harmed during the making of this post.
1. Re:But most importantly by Anonymous Coward · 2011-10-08 08:58 · Score: 0
  
  If an authority's intention is to falsely convict someone by planting material on a piece of equipment that they will seize, disassemble and connect to their own equipment during the course of that conviction, why on earth bother planting it remotely?
2. Re:But most importantly by Dunbal · 2011-10-08 09:13 · Score: 5, Insightful
  
  You really don't understand how corruption works, do you? It would not be a false conviction at all. It would be a very real conviction, documented, with a valid chain of evidence and everything. The reasons can be many - from the "guy they think is the criminal but can't actually arrest him for anything because he hasn't done anything they can prove" situation - like Al Capone; to the "rival gang member needs to be taken out quickly because gang A just paid me $100k to lock up the leader of gang B so I will just upload this stuff onto his computer and call in an "anonymous tip"" situation. It even includes the "pay me $100k or you get thrown in jail" situation where the corrupt law enforcement/government agent decides to put the squeeze on someone.
  Maybe it's because I live in the third world and am used to dealing with corruption like this almost on a daily basis that I am so cynical. However if anyone (police or otherwise) can clandestinely install a program on your machine/cell phone/whatever and have it upload/execute programs, then all machines/cell phones/whatever can be compromised and such "evidence" shouldn't be admissible in court anymore.
  
  --
  Seven puppies were harmed during the making of this post.
3. Re:But most importantly by AliasMarlowe · 2011-10-08 09:24 · Score: 5, Insightful
  
  If an authority's intention is to falsely convict someone by planting material on a piece of equipment that they will seize, disassemble and connect to their own equipment during the course of that conviction, why on earth bother planting it remotely?
  Because the raid, seizure, arrest, and indictment will be made by a completely different organization - the regular local police and local public prosecutor.
  For the police and prosecutor to do their job effectively, they must fully believe in the validity of the evidence they have seized and the chain of custody of that evidence must be impeccable. They will emphatically believe in the culpability of the arrested criminal (sorry, "alleged" criminal until the court inevitably pronounces its verdict of guilt) on the basis of this incontestable evidence. They will be utterly in the dark about any surveillance/incrimination operation, and will vilify the accused with confidence, proud to be protecting their community from such evil malefactors.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
4. Re:But most importantly by Issarlk · 2011-10-08 09:26 · Score: 1
  
  I think in the USA they use special piece of hardware that gives read only access to HDs just to avoid being accused of planting evidence. Maybe it's the same in Germany, in which case planting remotelly is a cool feature.
5. Re:But most importantly by Anonymous Coward · 2011-10-08 09:27 · Score: 0
  
  the procedures at the data collection are tight (using a harware device locker, then using disk-images)
  putting the file in a running enviroment is easyer and makes more cence(to make it look like the vikem put them there)
  alos the defence could ask for a re-invesigation of the "evedence"
  
  b.t.w. yes it can upload files where the german law forbids this
6. Re:But most importantly by jeti · 2011-10-08 09:41 · Score: 4, Informative
  
  Yes. It contains filedropper functionality. Like most malware, it can download and execute additional applications thereby extending its functionality and it can place documents on the infected PC.
7. Re:But most importantly by MichaelSmith · 2011-10-08 09:44 · Score: 1
  
  There may be a difference between a tool which collects evidence for a trial and a tool which collects information for investigators. The latter tool could plant information to help drive an investigation by (say) falsifying communication between conspirators.
  
  --
  http://michaelsmith.id.au
8. Re:But most importantly by Anonymous Coward · 2011-10-08 09:59 · Score: 0
  
  I love how 1984 is the only book about a dystopian future.
9. Re:But most importantly by fuzzyfuzzyfungus · 2011-10-08 10:02 · Score: 1
  
  Hardware write-blockers are pretty much standard for any hands-on forensics not conducted by utter amateurs. The trouble is, of course, that you can only use those after you seize the hardware, and the feds want something they can use before they seize the hardware.
  
  I don't know if analogous US malware tools(Magic Lantern, CIPAV, possibly others) have been studied in as much detail; and they may or may not be of higher quality; but anything that has to run on the live host system isn't going to be fundamentally less capable of modifying that system.
  
  The problem is that, once you've had malware on the system, all the write-blocker can do is assure you that nothing was tampered with during the forensic investigation, which provides no protection against tampering by the malware, and likely makes anything planted by it appear to be much higher quality evidence...
10. Re:But most importantly by izomiac · 2011-10-08 11:30 · Score: 2
  
  Orwell was primarily an essayist, and virtually all of his works take a stance against totalitarianism. People aren't just talking about a single book, they're talking about the life's work of a well known author.
11. Re:But most importantly by Anonymous Coward · 2011-10-08 11:37 · Score: 0
  
  Then it should not be able to be used in any court of law anywhere in the entire world as chain of custody is completly out the window.
12. Re:But most importantly by Anonymous Coward · 2011-10-08 11:38 · Score: 0
  
  That's because most Slashdoters think A Brave New World is a great plan for the future, or that Atlas Shrugged is a handbook on how to run the world.
13. Re:But most importantly by Anonymous Coward · 2011-10-08 19:37 · Score: 0
  
  Your tax Marks at work... Achtung! The existence of such malware just nullified the sentences of all people in German prisons in there for the possession of kiddie porn. And generally anybody convicted of having something on their computer they shouldn't have. They are now all free men since the government obviously planted the evidence. Nice going meine Herren!
14. Re:But most importantly by Opportunist · 2011-10-08 23:30 · Score: 2
  
  Oh, don't worry, it won't be. How should it be used, it's never been there! Why do you think it was there? It never downloaded those child porn pics and deleted itself afterwards, and that search warrant was issued for completely different reasons other than a judge seeing the malware's screenshots. You're in for having child porn on your computer that we found in that search, who ever said anything about a government trojan?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
15. Re:But most importantly by Anonymous Coward · 2011-10-09 00:19 · Score: 0
  
  People have to be really stupid to install 'Anti-virus' software on their computers. So you want me to intall a program thats going to scan all my files and creates md5 signatures of each, then uploads those signatures to a massive database. And with this database of millions of user file information they'll sell to law inforcement, movie industry, network providers, and the government. The police will use this information to kick in your door. The movie industry will use this informations to send you a subpoena in the mail. Network providers (ISP for Windows users) will use this information to halt the movement of certain file over the network. The government will use this information to delete certain file from your computer. Yea, i want a good Anti-virus sofware program can any body recommend one?
16. Re:But most importantly by drinkypoo · 2011-10-09 00:48 · Score: 2
  
  Corruption in the first world is written into law and disguised only with hypocrisy. For example you have to pay to get building codes, most of them can't just be looked up online. But if you don't do it to code they can make you rip it out. Mandatory filing fees even for abused parties, then you have to file another suit if you hope to recover that... we live in a theocracy where the state religion is worship of the state itself.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
17. Re:But most importantly by Anonymous Coward · 2011-10-09 09:37 · Score: 0
  
  It also pings the host gnutella/TOR hybrid-network that the attackers created and waits for commands using the UDP protocol.
18. Re:But most importantly by AmiMoJo · 2011-10-09 23:28 · Score: 1
  
  However if anyone (police or otherwise) can clandestinely install a program on your machine/cell phone/whatever and have it upload/execute programs, then all machines/cell phones/whatever can be compromised and such "evidence" shouldn't be admissible in court anymore.
  The "trojan defence" has been used successfully in court to argue that the owner of the PC did not download illegal material. This just strengthens that defence.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
19. Re:But most importantly by rioki · 2011-10-09 23:33 · Score: 1
  
  Look, the go into your house to install the software. So why should they not use hardware? Seriously...
20. Re:But most importantly by mpe · 2011-10-10 17:55 · Score: 1
  
  Maybe it's because I live in the third world and am used to dealing with corruption like this almost on a daily basis that I am so cynical.
  
  It's more that people in the "third world" tend to take a cynical view of public officials and politicians. Whereas many in the "developed" world tend to be very trusting of the same...
Hi by Anonymous Coward · 2011-10-08 09:10 · Score: -1

Want to play free poker? Login to
http://poker-gratuito.blogspot.com/ and find out how to do
free!
C3PO-r2d2-POE by Anonymous Coward · 2011-10-08 09:15 · Score: 1

Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake.
So, this could be the trojan we're looking for.
Also, the code contains a function called "_0zapftis_le_execute()".
"O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.
Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
1. Re:C3PO-r2d2-POE by ScrewMaster · 2011-10-08 09:32 · Score: 1
  
  Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake. So, this could be the trojan we're looking for.
  Also, the code contains a function called "_0zapftis_le_execute()". "O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.
  Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
  What does the "POE" mean? Porn Over Ethernet?
  
  --
  The higher the technology, the sharper that two-edged sword.
2. Re:C3PO-r2d2-POE by Anonymous Coward · 2011-10-08 09:41 · Score: 1
  
  Correct. "O'zapft is" is Bavarian for "it's tapped".
3. Re:C3PO-r2d2-POE by Anonymous Coward · 2011-10-08 11:29 · Score: 1
  
  The *disassembly* produced by CCC contains those function names. The report mentions near the beginning that all the code is in a DLL without any exported symbols, so that name was picked by the people doing the disassembling; it's not from the original code.
4. Re:C3PO-r2d2-POE by gstrickler · 2011-10-08 14:00 · Score: 2
  
  They better be prepared for the cease and desist order from LucasFilm.
  
  --
  make imaginary.friends COUNT=100 VISIBLE=false
5. Re:C3PO-r2d2-POE by wzzzzrd · 2011-10-09 04:27 · Score: 1
  
  This string has nothing to do with the disassembly. It's a part of the program you can see with any hex editor.
  
  The name R2D2 comes from a string inside the trojan: "C3PO-r2d2-POE". This string is used internally by the trojan to initiate data transmission.
  link
  
  --
  On second thought, let's not go to Camelot. It is a silly place.
I'm outraged! by Anonymous Coward · 2011-10-08 09:15 · Score: 1

How can the US government keep doing stuff like ... what, it isn't the US government? Then it must be for the good of the country since only the US does stuff like this with anything other than good intentions, carry on.
1. Re:I'm outraged! by ScrewMaster · 2011-10-08 09:34 · Score: 1
  
  How can the US government keep doing stuff like ... what, it isn't the US government? Then it must be for the good of the country since only the US does stuff like this with anything other than good intentions, carry on.
  No, we're just the only ones that every one likes to complain about, or maybe we just get caught more often. I don't know, but it's not like every government on Earth doesn't do things like this, to one degree or another.
  
  --
  The higher the technology, the sharper that two-edged sword.
2. Re:I'm outraged! by chrb · 2011-10-08 10:25 · Score: 1
  
  Of course they do, and it has a name: Lawful interception. Support for lawful interception is built in to telephone exchanges, network switches etc. When it's used to eavesdrop on terrorists and drug dealers, then people like it. When it's used to eavesdrop on everyone, then people dislike it. Somewhere inbetween there is a vast land where some approve, some disapprove, and many don't care.
  
  [NB: The German constitutional court ruled that there is a sphere of privacy that is afforded total protection and can never be breached, no matter for what reason, for example keeping a diary or husband and wife talking in the bedroom.
  That is very interesting: even during a criminal terrorism investigation, a suspect's personal notes and diary are legally protected. I doubt very many other nations have such strong privacy laws. CCC is arguing that because these notes are often held on a personal computer, then the personal computer comes within the "sphere of privacy". Obviously you can see why the police would disagree, as this would outlaw the monitoring of personal PCs for evidence.
3. Re:I'm outraged! by Anonymous Coward · 2011-10-08 21:18 · Score: 0
  
  If the privacy protection makes you think "what a great country", you should note that Germany does not subscribe to the "fruit from a forbidden tree" concept, so even though intercepting truly private information is illegal, illegally obtained information can and will be used in court, if it helps the prosecution's case. The officers who broke the law to get the information usually receive a slap on the wrist, if anything at all.
4. Re:I'm outraged! by Opportunist · 2011-10-08 23:37 · Score: 1
  
  The US are just bigger, that's why we hear a lot more about the US than any other country. And only 'cause it's hard to hear anything from Russia, and don't start me on China.
  Government all over the planets managed to slip past the point where they're corrupt to the bone. I miss the Soviet Union. As long as it existed, our politicians at least had to pretend they're the good guys.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:I'm outraged! by t2t10 · 2011-10-19 08:45 · Score: 1
  
  Of course they do, and it has a name: Lawful interception
  Lawful interception requires a court order in the US. In Germany, it's a judgment call by the police, controlled only by internal reviews.
  
  That is very interesting: even during a criminal terrorism investigation, a suspect's personal notes and diary are legally protected.
  That's protection against investigation by the police, enforced largely by internal reviews. It isn't protection against intelligence services or state security services, and even for police work there are exceptions.
  
  I doubt very many other nations have such strong privacy laws
  You illustrate the major problem with German privacy: Germans actually trust that the existence of laws will protect them from government abuse. You'd think a nation that was run by the Nazis and in which a democratically elected government used personal information to commit mass murder would know better, but apparently the lesson still hasn't sunk in.
I am waiting for an AV signatur update by Anonymous Coward · 2011-10-08 09:16 · Score: 0

This hopefully helps that state of the art anti virus software from now on will detect at least this variant of the trojan.
1. Re:I am waiting for an AV signatur update by clickforfreepizza · 2011-10-08 10:15 · Score: 2
  
  http://www.f-secure.com/weblog/archives/00002249.html
Strange by Anonymous Coward · 2011-10-08 09:23 · Score: 1

i have read the report linked to in the article. This report is written in german. Nothing hints in the binary itself that this is the "real thing". The analyzed binary is a windows-DLL with out exported functions. The C&C server the trojan is 207.158.22.134, which is allocated to Web Intellects in Columbus, Ohio, USA. The connection to the german government is only hearsay for now, we have to believe in it.
1. Re:Strange by agw · 2011-10-08 11:24 · Score: 1
  
  Looks like they got it from people who got their computers back after they were busted?
Forget Mafia Wars--play German Gov't Domination! by Commontwist · 2011-10-08 09:26 · Score: 1

Yes, you too can foster Total Political Disintegration (Normal Mode), Totalitarian Rule (Easy Mode), New Nazi Order (Hard Mode), or Common Sense Government (Insane Mode) by pitting the various German political factions against one another via clever remote control of their computers at home and in the office!
Game Play includes: That's Not My Porn and Child Porn Prisoner internet insertion features, send copies of incriminating e-mails to political rivals and international newspapers, bonus mod features to hack China for bonus points or massive DOS attacks on known enemies of Anonymous (pick a target, any target), and many, many other features that have to be seen to believe. (Especially when taking remote control of laptop cameras to take pictures of Government at home and posting the more interesting captions all over the Internet.)
The German Government, working to make life more difficult for citizens and officials alike. You flew it, you blew it, you rue it. (This software law, that is.)
I am German... and... by Tanuki64 · 2011-10-08 10:14 · Score: 1

I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."
... nope, not at all surprised.
1. Re:I am German... and... by lennier1 · 2011-10-08 23:18 · Score: 1
  
  Sarcasm apparently isn't your strong suit.
2. Re:I am German... and... by Tanuki64 · 2011-10-08 23:33 · Score: 1
  
  Sarcasm? Where?
3. Re:I am German... and... by Anonymous Coward · 2011-10-09 03:01 · Score: 0
  
  Tust Du nur so, oder bist Du so blÃd?
4. Re:I am German... and... by Erikderzweite · 2011-10-09 03:16 · Score: 1
  
  Well played...
CCC's public role in Germany by BitterKraut · 2011-10-08 10:15 · Score: 5, Informative

The Chaos Computer Club is probably not adequately characterized as a 'hacker group'. It was founded in 1981 as a computer club and, while hacking has always been their most prominent activity, they have grown not only into a nation-wide association of about 3000 members, but into an influential civil rights organization as well. Their expertise in matters of IT security is frequently called upon by public media in Germany. The CCC is well respected even by many politicians and their expertise was cited more than once by former Ferderal Minister of the Interior Gerhart Baum during the trial that ended last year with the Verfassungsgericht (federal constitutional court)'s finding that the federal anti-terror law that obliged providers to retain all telecommunications data for six months was unconstitutional. The CCC organizes the annual Chaos Communication Congress that Slashdot readers might remember as being the event where some major hacks were presented to the public: http://it.slashdot.org/story/11/01/02/0231242/detailing-the-security-risks-in-pdf-standard http://games.slashdot.org/story/10/12/29/204253/Playstation-3-Code-Signing-Cracked-For-Good http://it.slashdot.org/story/09/12/28/1931256/gsm-decryption-published http://games.slashdot.org/story/05/12/16/2157217/hacking-the-xbox The CCC is also well know for Project Blinkenlights, which grew out of the CCC but is now an independent project.
So will AntiVirus software find it? by PolygamousRanchKid+ · 2011-10-08 10:19 · Score: 1

Or is it illegal for an app to find viruses that are questionably legal because he government spreads them?

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
1. Re:So will AntiVirus software find it? by allo · 2011-10-08 10:19 · Score: 1
  
  f-secure at least will.
2. Re:So will AntiVirus software find it? by Anonymous Coward · 2011-10-08 10:38 · Score: 1
  
  f-secure at least will.
  You're probably referring to their stated policy. However, according to CCC
  
  All examined variants of the trojan were not recognized by any antivirus program at the time of creation of this report. ("Alle untersuchten Varianten des Trojaners wurden zum Zeitpunkt der Berichterstellung von keinem Antivirus-Programm als Schadsoftware erkannt.") -- report page 3
  
  Also, f-secure have not promised to detect all government malware they are aware of:
  
  We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.
  So if there is an EU law or regulation (such as an international treaty) that forbids interfering with an EU government's attempt at spying on their citizens, they will honor it. Not all regulations are public, so there is no way to tell if there is such a regulation or not.
3. Re:So will AntiVirus software find it? by Anonymous Coward · 2011-10-08 11:08 · Score: 0
  
  Which means that the phrase "This decision-making is influenced only by technical factors, and nothing else" is a lie, so why say it in the first place?
  Not to mention that with the whole phrase, f-secure basically says, "We side with malware authors when we see fit to do so." Hooray for trustworthy AntiVirus software!
4. Re:So will AntiVirus software find it? by Goaway · 2011-10-08 14:14 · Score: 1
  
  Which means that the phrase "This decision-making is influenced only by technical factors, and nothing else" is a lie, so why say it in the first place?
  No, it means they hadn't seen this trojan before now, genius. Nobody but the creators and the CCC had, before today.
5. Re:So will AntiVirus software find it? by Anonymous Coward · 2011-10-08 15:16 · Score: 0
  
  They will block this one.
  http://www.f-secure.com/weblog/archives/00002249.html
WebIntellects by Anonymous Coward · 2011-10-08 11:08 · Score: 0

The Command and Control Server (C+C server) hardcoded into the present trojans is on IP 207.158.22.134. This IP is assigned to commercial webhost Web Intellects in Columbus, Ohio, USA. (translated from CCC report p. 4)
Why don't we all ask WebIntellects what they're doing there?
mo3 Up by Anonymous Coward · 2011-10-08 12:18 · Score: -1

United States. the political Mess Its readers and 880 w/512 Megs of supplies to private
No Supprise Here ... Move Along by Anonymous Coward · 2011-10-08 13:33 · Score: 0

That the Nazi Government of Fuehrer Angela Merkel is caught engaging in such Federal buffoonery is of no supprise.
The best thing to happen to the peoples of Deutshland is the nuclear bombing of the Chancellory by US Commander Jack Ripper.
Vell ... meet again ... Don't know vere ... Don't know ven. But I know ... zat ve vill meet again ... zome zunney day ....
++
But... by rrohbeck · 2011-10-08 13:41 · Score: 2

does it run on Linux?

--
thegodmovie.com - watch it
1. Re:But... by Anonymous Coward · 2011-10-08 18:23 · Score: 0
  
  Nope. It's Linux support is severely lacking. The CCC should ask the STASI to license it under the GPL.
2. Re:But... by Anonymous Coward · 2011-10-08 20:21 · Score: 0
  
  "Nope. It's Linux support is severely lacking. "
  It mimics your grammar skills.
3. Re:But... by Anonymous Coward · 2011-10-08 21:32 · Score: 0
  
  The article didn't mention any operating systems. Would have been nice to know. Im assuming it works on win/mac and maybe some popular linux flavors ? If they were smart it was programmed with cross compatibility in mind. Although from TFA "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'". Sounds like maybe they weren't so smart.
4. Re:But... by think_nix · 2011-10-08 21:38 · Score: 1
  
  http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf (german)
  It appears to be a windows dll. For installing it they are presuming someone would need physical access, user installation per email attachment , or drive by download attacks.
5. Re:But... by Mojo66 · 2011-10-08 22:03 · Score: 1
  
  So as I terrorist I switch to a Mac and I'm safe? Nice.....
6. Re:But... by rrohbeck · 2011-10-08 22:33 · Score: 1
  
  Meh. I feel neglected.
  
  --
  thegodmovie.com - watch it
7. Re:But... by Anonymous Coward · 2011-10-09 12:20 · Score: 0
  
  You know that there is another vector (under Windows). The Germans are cheap; the firm they hired was sloppy. Some lovely folks I used to work with at Lockheed that went out on their own developed an approach that has little chance of being detected, but the Germans didn't want to pay for it. They could have enjoyed an unprecedented level of surveillance. Don't be too smug about 'nix, either.
8. Re:But... by Anonymous Coward · 2011-10-09 19:28 · Score: 0
  
  Don't worry, the currently detected version won't work on 64-bit Windows either... Yes, it's a 32bit DLL *without signature* :-)
  So you're not alone in being neglected :D
9. Re:But... by Phaeilo · 2011-10-09 19:59 · Score: 1
  
  Also, according to the report the kernel driver is x86 only.
10. Re:But... by Anonymous Coward · 2011-10-13 15:25 · Score: 0
  
  Not only that, apparently it only works on 32 bit window systems. [GOOD CITATION NEEDED]
Pirate Party by Vlad_the_Inhaler · 2011-10-08 19:52 · Score: 2

In other news, the Piratenpartei recently made it to the Berlin City legistature with 8% of the vote and and are currently running nationally with that level of support. If they maintain this, they will be the 4th-5th largest party in Germany.

--
Mielipiteet omiani - Opinions personal, facts suspect.
FAIL by MrL0G1C · 2011-10-08 21:19 · Score: 1

So, if you're a criminal in Germany, all you have to do is install this software on your computer and then you have plausible deniability because anybody could have uploaded anything to your PC. Your PC could no longer be used as evidence.
Fucked that one up didn't you Germany!!!

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
1. Re:FAIL by dunkelfalke · 2011-10-09 01:44 · Score: 2
  
  It doesn't work that way in Germany. As with the WLAN hotspot, the owner of the hotspot is responsible for all illegal activity on it, even if anybody could have used it.
  
  --
  "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
2. Re:FAIL by MrL0G1C · 2011-10-09 03:15 · Score: 1
  
  I don't think you get it, if a criminal steals your car, ram-raids a shop and makes off with the contents, are you telling me that the car owner is responsible for the crimes committed????.. Or perhaps the gov't is responsible because it owns the roads?
  Root-kit != WLAN hotspot.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
3. Re:FAIL by Anonymous Coward · 2011-10-09 04:29 · Score: 0
  
  whats up with using unrelated analogies? he is not talking about cars, hes is talking about wlan hotspots open or used by the public. why dont you get that?
4. Re:FAIL by MrL0G1C · 2011-10-09 05:29 · Score: 1
  
  Root-kit != WLAN hotspot.
  why dont you get that?
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
5. Re:FAIL by discord5 · 2011-10-09 06:38 · Score: 2
  
  Your initial car analogy is terribly flawed. Don't draw bad car-analogies to prove a point. (If your car is stolen and you fail to report it, you're in for a fun ride, mind you. And reporting it doesn't automatically remove you from the suspect list either.)
  
  Root-kit != WLAN hotspot.
  As for the root-kit, you are responsible for the security of your own machine. If you go to court "Oh lol, rootkit get out of jail free" most likely you'll be laughed out of court (straight into jail) unless you can prove it. I wouldn't be terrible surprised if in the end this whole thing backfires in a spectacular way, but for the time being YOU are responsible for YOUR property. If there is no evidence to the contrary, the court assumes that you are in control of your property. Having said that, I'm pretty sure that the legal system in most countries are going to have more than a few headaches in the future when it comes to technology. Far too few people are properly knowledgeable on the technologies they use on a day to day basis, and there is far too much legal gray area.
  Also, in before the terrible "burglar in an unlocked home" analogy, and various other scenarios that have nothing to do with computers and Internet.
6. Re:FAIL by MrL0G1C · 2011-10-09 06:57 · Score: 1
  
  I live in the UK and the burden of proof is on the prosecution, not the defendant.
  How many people got hit by code red - are you seriously telling me in these days of regular exploits in Flash, PDFs, java, browsers, MS office etc that a person can be held at fault for getting rooted!!!!! The gov't gets rooted all the time, If Sony, govt etc can't secure their systems, then how can the technically clueless general public be expected to?
  And once again, deliberately opening up your wireless for the public to share is not the same as getting rooted, can you honestly tell me that you know your system doesn't have any unpatched vulnerabilities and can you account for every process and driver etc running?
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
7. Re:FAIL by discord5 · 2011-10-09 08:36 · Score: 1
  
  burden of proof is on the prosecution
  They've just submitted your laptop as evidence. Let's for the sake of argument say there is 200GB of kiddy porn on it. They've got the burden of proof thing covered you know? Your laptop, your hard drive, thus your kiddy porn. They'll have an expert on the witness stand explaining how they used their fancy forensic toolkit to find it all. It is on your PC, therefor you must have downloaded all that.
  You can now wave your arms around in court screaming "rootkit" until your throat is sore, but the burden of proof now lies with you. They submitted the evidence, and it's up to you now to submit yours. They don't have to prove that it wasn't a rootkit that downloaded all that, just that a laptop full of kiddy porn was in your possession. As long as they followed the procedures to make sure the evidence was not contaminated, as far as the court is concerned, it IS acceptable evidence against you. Once you have proven that the machine was rootkitted, only THEN do they have to prove that it wasn't the rootkit that did all that. If the prosecution fails in that, you go free, but if you draw the rootkit card, you still have to prove it.
  
  how can the technically clueless general public be expected to?
  That's beyond the point. Most people who own pets are technically clueless as how to train them not to bite people, yet most pet owners are somehow expected to not have their pets bite people (to draw upon another admittedly terrible analogy). Terrible analogy aside, being clueless of the law doesn't excuse breaking it. Your property, your responsibility. If you're not knowledgeable about IT, why didn't you hire someone for that? After all, if you don't know anything about cars, you tend to take it to a garage for maintenance don't you? (heave ho, bad analogy day)
  
  deliberately opening up your wireless for the public to share is not the same as getting rooted
  Stop dragging wireless into this. Wireless has nothing to do with this.
  
  can you honestly tell me that you know your system doesn't have any unpatched vulnerabilities and can you account for every process and driver etc running?
  I'm going to give you the best advice you'll ever get when it comes to the court system in ANY country: pay a lawyer and shut up unless spoken to. Be it Germany, or the UK, or whatever country you decide that "Innocent until proven guilty" means "lalalala, I can't hear you, lalalala". Like I said, the legal system everywhere is bound to suffer more than a few headaches when it comes to technology and Internet, but if you think that pointing out the flaw in the system will save you without proving it is flawed you're in for a hell of surprise. And I really hope you never get into that position, because going by this discussion you're going to lose that argument, and have quite a few years ahead of you to contemplate it.
  You can easily get convicted without a single shred of hard evidence, for any type of crime. An example of this is in Belgium the parachute murder (sorry dutch, google for English) where defendant Els Clottemans had motive, opportunity, and an army of investigators and psychoanalysts against her, but not a single shred of hard evidence. 30 years, first request for appeal denied due to a technicality. Did she do it? Who knows, probably. The court says she did. Was there hard evidence? Nope. Was the burden of proof against her once the prosecutor presented his case? Most definitely. And you know what? She couldn't bring anything in front of a judge that broke the case made by the prosecutor. The prosecutor made fun of her in the courtroom saying that she was expecting "a legal system akin to game of Cluedo". And quite frankly, that's what you're expecting. You're expecting to roll the dice and say "the government did it" "with their spyware" "on my laptop" while ho
8. Re:FAIL by MrL0G1C · 2011-10-09 09:21 · Score: 1
  
  "You can easily get convicted without a single shred of hard evidence, for any type of crime."
  Not normally in the UK, the CPS (crown prosecution service) wouldn't bring the case to court without some evidence.
  I vaguely recall someone in the UK had a case dropped due to the suspect having a trojan and rightly so, the prosecutions job is of course to prove guilt beyond reasonable doubt.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
9. Re:FAIL by t2t10 · 2011-10-19 08:55 · Score: 1
  
  Generally, there's a strong presumption that if it was done with your car and you didn't report your car as stolen, you did it. It's the same with your computer.
EU data protection laws by Alain+Williams · 2011-10-08 22:26 · Score: 1

exporting the evidence outside of the state, country, and EU, to some random datacenter in the US, would mean a hairy pile of privacy and chain-of-custody problems for the chaps in legal?
Far more than that: it is exporting personal data outside of the country, this is against EU data protection laws. In particular the USA which has been found to NOT have a data protection standard that is good enough -- again a violation of EU data protection laws.
1. Re:EU data protection laws by ScrewMaster · 2011-10-09 03:43 · Score: 1
  
  In particular the USA which has been found to NOT have a data protection standard that is good enough
  We have one of those?
  
  --
  The higher the technology, the sharper that two-edged sword.
That description by Anonymous Coward · 2011-10-08 22:37 · Score: 0

Sounds like they just copy/pasted subseven.
Every time I think our goverment is @ the pinnacle by gentryx · 2011-10-08 23:16 · Score: 0

...of its own ridiculousness, they manage to pull off something even more stupid. These times the stuff you write on a postcard is better protected by German law than your private emails/data/whatever. It's like politician are afraid of the new technologies. :-/

--
Computer simulation made easy -- LibGeoDecomp
Re:But most importantly It called .... by Anonymous Coward · 2011-10-08 23:54 · Score: 0

It called "Free Anti-virus Software". Or better yet lets have the proles pay to install our spy-ware {Norton, McA..., WindowMali...Tool, etc.)
"Vote for us, we'll write better malware!" by Anonymous Coward · 2011-10-09 01:22 · Score: 0

In other news, the Piratenpartei recently made it to the Berlin City legistature with 8% of the vote and and are currently running nationally with that level of support. If they maintain this, they will be the 4th-5th largest party in Germany.
I think I see a political strategy forming...