Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Government's Malware Analyzed

Posted by timothy on from the unter-dem-mikroskop dept.

First time accepted submitter lennier1 writes "The German hacker group CCC (Chaos Computer Club) has analyzed a piece of malware the German government uses in criminal investigations to spy on a suspect's computer. I'm sure we're all surprised that it's opening security holes for third parties, and violates a related court verdict (and several laws in general)."

8 of 162 comments (clear)

  1. Re:Surprise, surprise, surprise by Shoe+Puppet · · Score: 4, Funny

    /etc/init.d/sarcasm start

    --
    (+1, Disagree)
  2. But most importantly by Dunbal · · Score: 4, Insightful

    Can this trojan upload child pornography (or any other incriminating files/images) to the suspects computer, to be collected as "evidence" at a later date? I suspect it can. And if this program can uninstall itself at a later date, then this is a perfect tool for "bring him in, boys". Oh George Orwell, how foresighted you were.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:But most importantly by Dunbal · · Score: 5, Insightful

      You really don't understand how corruption works, do you? It would not be a false conviction at all. It would be a very real conviction, documented, with a valid chain of evidence and everything. The reasons can be many - from the "guy they think is the criminal but can't actually arrest him for anything because he hasn't done anything they can prove" situation - like Al Capone; to the "rival gang member needs to be taken out quickly because gang A just paid me $100k to lock up the leader of gang B so I will just upload this stuff onto his computer and call in an "anonymous tip"" situation. It even includes the "pay me $100k or you get thrown in jail" situation where the corrupt law enforcement/government agent decides to put the squeeze on someone.

      Maybe it's because I live in the third world and am used to dealing with corruption like this almost on a daily basis that I am so cynical. However if anyone (police or otherwise) can clandestinely install a program on your machine/cell phone/whatever and have it upload/execute programs, then all machines/cell phones/whatever can be compromised and such "evidence" shouldn't be admissible in court anymore.

      --
      Seven puppies were harmed during the making of this post.
    2. Re:But most importantly by AliasMarlowe · · Score: 5, Insightful

      If an authority's intention is to falsely convict someone by planting material on a piece of equipment that they will seize, disassemble and connect to their own equipment during the course of that conviction, why on earth bother planting it remotely?

      Because the raid, seizure, arrest, and indictment will be made by a completely different organization - the regular local police and local public prosecutor.

      For the police and prosecutor to do their job effectively, they must fully believe in the validity of the evidence they have seized and the chain of custody of that evidence must be impeccable. They will emphatically believe in the culpability of the arrested criminal (sorry, "alleged" criminal until the court inevitably pronounces its verdict of guilt) on the basis of this incontestable evidence. They will be utterly in the dark about any surveillance/incrimination operation, and will vilify the accused with confidence, proud to be protecting their community from such evil malefactors.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    3. Re:But most importantly by jeti · · Score: 4, Informative

      Yes. It contains filedropper functionality. Like most malware, it can download and execute additional applications thereby extending its functionality and it can place documents on the infected PC.

  3. Re:Frosty Piss by fuzzyfuzzyfungus · · Score: 5, Interesting

    The piece of incompetence that I find really striking is not so much the general shoddiness; but the fact that the malware is using a proxy setup in the US to avoid having its traffic traced back to the German police entity using it. Even if they know nothing about the tech side of things, surely exporting the evidence outside of the state, country, and EU, to some random datacenter in the US, would mean a hairy pile of privacy and chain-of-custody problems for the chaps in legal?

  4. CCC's public role in Germany by BitterKraut · · Score: 5, Informative

    The Chaos Computer Club is probably not adequately characterized as a 'hacker group'. It was founded in 1981 as a computer club and, while hacking has always been their most prominent activity, they have grown not only into a nation-wide association of about 3000 members, but into an influential civil rights organization as well. Their expertise in matters of IT security is frequently called upon by public media in Germany. The CCC is well respected even by many politicians and their expertise was cited more than once by former Ferderal Minister of the Interior Gerhart Baum during the trial that ended last year with the Verfassungsgericht (federal constitutional court)'s finding that the federal anti-terror law that obliged providers to retain all telecommunications data for six months was unconstitutional. The CCC organizes the annual Chaos Communication Congress that Slashdot readers might remember as being the event where some major hacks were presented to the public: http://it.slashdot.org/story/11/01/02/0231242/detailing-the-security-risks-in-pdf-standard http://games.slashdot.org/story/10/12/29/204253/Playstation-3-Code-Signing-Cracked-For-Good http://it.slashdot.org/story/09/12/28/1931256/gsm-decryption-published http://games.slashdot.org/story/05/12/16/2157217/hacking-the-xbox The CCC is also well know for Project Blinkenlights, which grew out of the CCC but is now an independent project.

  5. Re:Frosty Piss by IWannaBeAnAC · · Score: 5, Interesting

    nope, as german law doesnt exclude illegaly obtained evidence from use in court.

    Right, but that is appropriate. The USA is the only country I know of that does exclude evidence like that. In most jurisdictions, the aim (idealized, not always realized) of a court case is to uncover the truth of what happened. If the law was broken in the process of obtaining evidence, by all means prosecute the people who broke the law, but to exclude that evidence is a weird thing to do. At least, 90% of the planet thinks so...

    The situation in the US is based on a rather bizarre interpretation of the constitution set by the supreme court, actually not so long ago, starting from around 1920. The Fourth Amendment of the constitution is the one about "no unreasonable searches and seizures", and requiring "probable cause". But it doesn't specify what the penalty should be if those rights are violated. In much of the rest of the world, the equivalent violation (eg, of police or some other person obtaining evidence illegally) opens the offender for prosecution but whatever evidence is obtained can still be used. That was the case in the USA before the early 20th century. But several court cases in the 20's and 30's established the "fruit of the poisonous tree" doctrine, in which evidence which was obtained illegally is not admissible in court. This has resulted in many farcical court cases where the facts of the case are well established, but can't be presented in court because the evidence was obtained illegally (in some cases, due to some technical omission). It also results in lots of arguments where opposing lawyers have a big bun fight, and make lots of money, arguing at length over whether a particular fact is allowed to be presented to the court or not.

    It has also resulted in the attitude that cops who break the law are already "punished" by being unable to present the evidence in court (and often therefore unable to convict a criminal), and that this is sufficient punishment for the cop. Whereas in other jurisdictions the cop would lose their job, or end up in jail themselves, in the US they typically don't. This is an encouragement towards corrupt behavior.