Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Police Allowed To Use Its Own "Federal Trojan" (helpnetsecurity.com)

Posted by timothy on from the democracy-unleashed dept.

An anonymous reader writes: The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called "federal Trojan"). In fact, it could end up being used as early as this week. The police will have to get a court order to use the spyware, and prove that the suspect is involved in a crime threatening citizens' "life, limb or liberty". The malware has been developed in-house, and has been available since autumn 2015. It is supposed to be used only for so-called telecommunication surveillance at the source, i.e. to read emails, chats and wiretap phone calls made by the target via his or her computer or smartphone, and not to access files, steal passwords, or set up video or audio surveillance via the device.

50 comments

  1. Federal Trojan? by RghtHndSd · · Score: 1

    Isn't that what our Secret Service uses when they're partying and hiring hookers?

    1. Re:Federal Trojan? by jfdavis668 · · Score: 1

      Trojan Man!

  2. Its always important to use protection by mmiscool · · Score: 2

    It can help prevent infection and pregnancy.

    1. Re:Its always important to use protection by theprophetof+sarcasm · · Score: 1

      It can help prevent infection and pregnancy.

      I'd be ok with an infection now and again. But the pregnancy, I'll pass on that. What about the STD's though, if your offering the clap...where can I sign up?

  3. Now what by theprophetof+sarcasm · · Score: 1

    Seriously, now what am I going to do with my lolicon collection...Anyone looking for a new source material?

    1. Re:Now what by wonkey_monkey · · Score: 1

      lolicon

      Icons that make you laugh out loud? That sounds awesome. I'll just Google me some.

      *tappity tappity* ...crap.

      --
      systemd is Roko's Basilisk.
  4. Gott in Himmel!! by Harold+Halloway · · Score: 1

    *updates antivirus*

    1. Re:Gott in Himmel!! by Anonymous Coward · · Score: 0

      "im", not "in".

      - a concerned German

    2. Re:Gott in Himmel!! by Harold+Halloway · · Score: 1

      Ah, sorry. I'm fairly sure that in all the English war comics I read in the 1970s, the about-to-be-shot German soldier always shouted 'Gott IN Himmel.' If he didn't shout that then it was usually one of the following:

      Teufel!
      Himmel!
      Donner und blitzen!
      Ach!

      But never 'scheisse!'

    3. Re:Gott in Himmel!! by Anonymous Coward · · Score: 0

      People called Romanes they go the house.

  5. The irony by Anonymous Coward · · Score: 0

    The police will have to get a court order to use the spyware, and prove that the suspect is involved in a crime threatening citizens' "life, limb or liberty"

    The irony, it burnsssssss

    1. Re:The irony by thaylin · · Score: 1

      You are not exercising your personal liberties if you are taking away others liberties, therefore it is not really ironic.

      --
      When you cant win, ad hominem.
    2. Re:The irony by Anonymous Coward · · Score: 0

      Maybe, but if the standard is really that they can already prove the suspect is involved in a crime isn't their job already done? If they can prove it, charge the person an let the courts get access to their computer / phone. Why use spyware AFTER you already have proof?

    3. Re:The irony by arth1 · · Score: 2

      Maybe, but if the standard is really that they can already prove the suspect is involved in a crime isn't their job already done? If they can prove it, charge the person an let the courts get access to their computer / phone. Why use spyware AFTER you already have proof?

      No, the European justice systems are not primarily punitive, but preventative. From that point of view, is much better to find out what else the alleged criminal and his companions are plotting, in order to avert crimes, than it is to just punish crimes after the fact.

    4. Re:The irony by houghi · · Score: 1

      "Involved in" is not the same as "Guilty of". If a drug dealer buys an airplane ticket with drugs money, the travel agent is involved, but not guilty.

      If they only buy one ticket, there is no reason to follow up on it. If they buy 10 each day, it might be interesting to follow up on, even if the travel agent is completely innocent. Just an example.

      Also: There is case building. That means that extra information might be needed for a conviction or they might want to follow the lead and are not interested in the drug dealer on the corner. They know already who those are. They want to know who the big ones are as the smaller ones are replaces faster than they can arrest them.

      --
      Don't fight for your country, if your country does not fight for you.
    5. Re:The irony by ooloorie · · Score: 1

      Really? You're saying that European governments have a right to invade anybody's privacy to prevent them from committing a crime? Care to provide some citations to back up your interesting legal theory?

    6. Re:The irony by arth1 · · Score: 1

      Really? You're saying that European governments have a right to invade anybody's privacy to prevent them from committing a crime?

      They have a duty to prevent crimes they have a suspicion of. Prevent. Not collect evidence to convict. I know, this is a completely different and alien mindset to how US justice system operates.

      US: Police appeals to court. The court then issues a warrant giving the police search rights, mostly a rubber stamping process. Any and all evidence discovered after a warrant is permissible evidene. The police is at liberty to use the data as they see fit.

      Europe: Police appeals to court. The court instructs and orders the police to collect specific data. No other data can be collected or retained, i.e. it can not be used for fishing. Any data, direct or incidental, that points to a crime compels the police to prevent the crime from occurring. Even if it tips the hand and lets criminals get away, preventing the crime takes priority over convicting someone for it.

      In this case, it is perfectly reasonable to want to examine the communications in order to find out what else might be going on, in order to prevent crimes. But that does not extend to gratuitous capture of all data; only what the court orders them to collect.

    7. Re:The irony by ooloorie · · Score: 1

      You know, I grew up on Europe and spent most of my life there, and almost your entire posting is nonsense, both in regards to the US and Europe.

  6. fitting by rmdingler · · Score: 1
    Well... we learned it from watching you.

    B^)

    Watching Us.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  7. "life, limb or liberty" by Errol+backfiring · · Score: 1

    And given the fact that lots of governments are spying on you already, your liberty is threatened anyway.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:"life, limb or liberty" by theprophetof+sarcasm · · Score: 5, Insightful

      And given the fact that lots of governments are spying on you already, your liberty is threatened anyway.

      Can most people really complain about liberties? I just recently turned 30, I can see the liberties and right my parents had. I can see things were much better for them at my age. Now I look at what we currently have, and fear that they are infringing just a little to close. However at the same time I feel that we as a culture are starting to accept some of these abuses of power due to fear of "terrorism". So my real fear is for the future generations, what little rights will they have in 30 years from now? Will they even have any, will they just be completely desensitized to the situation and not even care about civil liberties anymore?

    2. Re: "life, limb or liberty" by Anonymous Coward · · Score: 0

      The best thing for them is just not to think about them. The worldwide trend is towards a progressive restriction of individual rights in favor of better perceived security. We cannot do anything to slow down, much less stop or reverse, this trend. We might as well go with the flow and adapt. Humanity has existed for millennia without "rights" and will do it again. Maybe one day they will surface again - tough I'm skeptical about this - but it won't happen in our, or our grand-grand-grand-grandchildren's, lifetimes.

  8. Threats? by Anonymous Coward · · Score: 0

    " the suspect is involved in a crime threatening citizens' "

    I'll bet it will be used to hack those that threaten refugees.

  9. liability by Anonymous Coward · · Score: 0

    Does that mean if the malware was unsuccessfully entered into the system and the computer crashes or whatnot, the target can sue the government for damages?

    Just kidding, they can sue and waste their money.

  10. Makes forensic evidence useless by Anonymous Coward · · Score: 0

    And gives the government incentive to hold back computer security, so that they don't lose the ability to install this malware. I think they've forgotten who their boss is.

  11. Yeah, shuuure .... by Anonymous Coward · · Score: 0

    ... and not to access files, steal passwords, or set up video or audio surveillance via the device.

    How long before the rules are changed and/or a scapegoat is discovered who "made a mistake" and has been doing it as a matter of daily business (to facilitate a phenomenon referred to as "parallel construction" perhaps ?).

    My guess: the point at which the above will be violated will happen in less than a year (a case of "asking the fat kid to guard the pie").

    1. Re:Yeah, shuuure .... by infolation · · Score: 1

      Since audio and video surveillance don't have to be presented as evidence in court in order to be useful, the police can carry out this surveillance without a warrant, so they find out where to look for the evidence they *can* obtain legally.

      In the past different kinds of surveillance requiring different warrants had to be physically carried out in different ways, so the lines couldn't get blurred. If this software is able to carry out multiple kinds of survellance, it will be tempting to use them all, and only present the admissable ones in court.

  12. Incentivises police not to report vulnerabilities by Anonymous Coward · · Score: 0

    Contrary to what other countries are doing, this requires a warrant and just motivation. But it does create an incentive for the police not to report security vulnerabilities, because instead of reporting them they can use them to improve their trojan.

  13. Tim Cook off the hook by CajunArson · · Score: 1

    "It is supposed to be used only for so-called telecommunication surveillance at the source, i.e. to read emails, chats and wiretap phone calls made by the target via his or her computer or smartphone, and not to access files, steal passwords, or set up video or audio surveillance via the device."

    Phew, for a second there I thought we'd need to call on the powers of Tim Cook to save us.

    This is fine, since they are just spying on mass communications at the flick of a switch instead of trying to access a specific device with full judicial oversight since *that* would be an invasion of privacy!

    --
    AntiFA: An abbreviation for Anti First Amendment.
  14. Europe by 110010001000 · · Score: 4, Insightful

    The enlightened European citizens would never allow this to happen in the EU, unlike the silly Americans. Oh wait, you mean it is already in place and no one asked the citizens their opinion? Carry on then.

    1. Re:Europe by dunkelfalke · · Score: 1

      except that germans have fought that crap for about a decade and lost the fight only just now.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    2. Re:Europe by Anonymous Coward · · Score: 0

      It is not the first attempt. We already had a Bundestrojaner and its use was struck down by the courts in the past. That some stasi and gestapo wannabes support its use wont help it once the first case lands in court. The previous attempt has already shown that the software would violate every existing law just because its creators do not give a fuck.

  15. If they have to prove it beforehand... by Anonymous Coward · · Score: 0

    'The police will have to get a court order to use the spyware, and prove that the suspect is involved in a crime threatening citizens' "life, limb or liberty". '

    If they have to prove the crime before getting a warrant, then why don't they arrest the perp for the crime ?

    Am I reading that right?

    1. Re:If they have to prove it beforehand... by Anonymous Coward · · Score: 0

      This is like a wiretap warrant, just a different tool to enable it.

      You need to prove to the judge that you have probable cause to require it during the course of an investigation.

      Search warrants do not imply guilt.

  16. I was forced to pay for it; they didn't deliver. by fisted · · Score: 4, Funny

    As a German I feel discriminated against, for the new Federal Trojan will not run on my BSD machines. As if it wasn't bad enough that commercial software tends to be Windows-only, now also government-written stuff that I paid for with my tax euros.

    Does somebody by any chance know a hack to still get it working?

    --
    CLI paste? paste.pr0.tips!
  17. I'm Shocked At This by Anonymous Coward · · Score: 0

    This is so unlike the Germans to use Stasi tactics!

  18. Ve haff vays... by Anonymous Coward · · Score: 0

    Ve haff vays of making your computer talk!

  19. Ah yes... by MitchDev · · Score: 1

    " It is supposed to be used only for..."

    The cry of scumbag dictators everywhere...

  20. Re:I was forced to pay for it; they didn't deliver by Anonymous Coward · · Score: 0

    Why do you think it won't work on BSD machines?

    Usually they develop these kinds of software for all target platforms in a modular way, i.e. if the target system is BSD an access module will be added that uses an exploit for BSD, if there is no software exploit and the user does not fall for a Trojan, then the software will be installed by physically accessing the device.

  21. Re:I was forced to pay for it; they didn't deliver by tetraverse · · Score: 1

    @Anonymous: "Why do you think it won't work on BSD machines?"

    Because if it ran on BSD, they would have said it in the title, instead of "Federal Trojan"

  22. It's GERMANY by Actually,+I+do+RTFA · · Score: 1

    They never had a problem with the government spying on its citizens.

    I mean, the US, UK, Canada, etc. all did it. But there weren't any problems that arose from the government spying. In contrast to Russia, China, North Korea and Germany.

    --
    Your ad here. Ask me how!
  23. THE Federal Trojan by goombah99 · · Score: 2

    A Scottish military officer strolls into an apothecary shop. From
    the pouch hanging from his kilt he extracts a used condom and
    places it upon the counter.

    The apothecary says, "Hoot man, Wat be this yur'er thrustin'
    befor me".

    "T'is a used condom, sir, and I've come t' ask ye; hey much to
    replace it and hey much to repair it?"

    "Aye," replies the apothecary, as he examines the condom.
    "T'would be six pence to replace it and thra' pence, heypenny to
    repair it."

    "Thank ye" says the Scottish military officer as he picks up the
    used condom and puts it back into his pouch as he marches out
    of the shop.

    The next morning the military officer returns to the apothecary
    shop. He reached onto his pouch, pulls out the used condom and
    tosses it onto the counter.

    "The regiment has voted to repair it," he says.

    THE FEDERAL RUBBER

    --
    Some drink at the fountain of knowledge. Others just gargle.
  24. Re:I was forced to pay for it; they didn't deliver by voss · · Score: 1

    You people with your bsd machines are all alike, cheap socialist people with affordable healthcare and free education running bsd on their worn out 10 year old boxes feeling entitled to all the latest trojans and spyware. I pay for my operating system to be slowed down by spyware and viruses and I pay for antivirus to slow my system down some more. Why should you be entitled to this when you didnt even pay for it??? CLOSE THE BORDERS! Make Murica Great again!

    (Before you flame me...this was meant humorously)

  25. What's the problem with this? by Anonymous Coward · · Score: 0

    This is targeted surveillance that requires a court order... Seems like the most sane way to get the job done, no different than phone taps or physical surveillance.

  26. How long before... by mars-nl · · Score: 1

    ... the trojan ends up in the hands of black hats, gets "improved", sold and ends up on the computers of the German government?

    1. Re:How long before... by Anonymous Coward · · Score: 0

      It'll already be being used to spy on politicians ....

      How do you think they got enough votes to get the law passed in the first place ?

  27. Re:I was forced to pay for it; they didn't deliver by Anonymous Coward · · Score: 0

    And so it'll start looking for Outlook files on your BSD machine? Sounds pointless

  28. If it wasn't Germany it'd be at the firmware level by Anonymous Coward · · Score: 0

    The sad thing is if this was the United States they'd have this at the firmware level. It might actually be a good idea to live in Germany. At least Germany won't have the technological capability to spy on there citizens at the firmware level. Unlike the Americans whom are in control of the underlying technology (Intel firmware management engine) and can't avoid it by running GNU/Linux or BSD.

  29. Re:I was forced to pay for it; they didn't deliver by jouassou · · Score: 1

    How about a compromise? You downgrade to one of the two OpenBSD releases with a remote security hole in the default install, and then they port it to BSD?

  30. Anti-virus recognition by CanEHdian · · Score: 1

    Will this "Bundestrojaner" be on the anti-virus companies secret whitelist (i.e. will not be flagged)?

    --
    When the copyright term is "forever minus a day", live every day like it's the last.