The “Chaos Computer Club” one of the oldest hacker groups in existance, claims that a government-built “lawful interception” Trojan has abilities that overstep Germany’s legislation, and that features of the malware agent can easily be misused through a series of design and implementation flaws.
The CCC has received samples of the Trojan used by German law enforcement, and the reverse-engineering process has revealed several troubling characteristics.
- The Trojan is supposedly intended only for “wiretapping” Voice over IP (VoIP) conversations, yet the malware contains backdoor code.
- It can update its functionalities by downloading additional components from the Internet and execute them.
- It can take screenshots of whatever the user is doing at any time.
- It can activate the computer’s web cam and mic for physical surveillance of the PC owner and the room where the computer is located.
- Files sent out to the C&C server are poorly encrypted.
- Commands sent and executed by the Trojan are NOT encrypted, authenticated, or protected in any way.
An unskilled attacker could use an installed Trojan to take control of the infected PC with ease, once the Trojan’s presence is detected. Attackers can also potentially connect to the authorities’ servers, spoofing a specific instance of the Trojan, upload fake data, or outright attack the law enforcement agencies’s IT infrastructure directly.
All of this is illegal according to the German constitutional court. The CCC says that the Ministry of the Interior has been informed of their findings and that they have the ability to make the Trojan destroy itself, which is obviously what the group would like to see happen. Symantec researchers have confirmed many of the claims made by the CCC, although they say that the group “has not offered any proof of their claims that these are government affiliated samples.”
The German government so far, has not commented on these claims.