back to article German hackers snare wiretap Trojan, accuse gov of writing it...

German hackers have captured and analysed a cyber-sleuth Trojan which they claim may have been used by police to tap Skype calls and IM chats of criminal or terrorist suspects. German wiretap laws do in fact permit the use of a "Bundestrojaner" ("Federal Trojan"), which has been used by police to record VoIP conversations for …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Maybe it wasn't the government

    The use of "0zapftis" actually indicates some sense of humour -- unlikely to be found in a government agency, let alone a German one.

    1. Andreas W.

      "0zapfis" is a jump mark label name invented by the CCC, is it not? Assembly labels do not appear in binary code.

      1. Anonymous Coward
        Anonymous Coward

        Assembly labels do not appear in binary code, but the labels can appear in the compiled program unless it has been stripped.

  2. Anonymous Coward
    Anonymous Coward

    German efficiency..

    If it had been the UK government it would have required a small server farm to run with terabytes of storage, still be out to tender and already half a billion over budget.

  3. Christian Berger

    It's Oktoberfest

    It's Oktoberfest, and the traditional phrase is "O'zapft is". It literally means "It is tapped".

  4. Christian Berger

    Probably developed by "Digitask"

    It currently seems as if it was developed by a company called "Digitask".

  5. This post has been deleted by its author

    1. big_D Silver badge

      No

      It wouldn't be illegal. It would be the same as discovering a tap on your normal telephone and either using a different phone line or removing it.

      If it is a government supplied trojan, it should be covert, but if found the game is up. It is the same as finding a bug in your flat or a tracking device attached to your car, you can remove it, but then the plod will know you are on to them, so they will probably step up the game.

      It would be hard to enforce. If you decided to do a new install on your computer, you would also nuke the trojan, whether you knew it was there or not... They wouldn't be able to prove you knew it was there and removed it on purpose.

      1. BristolBachelor Gold badge
        Joke

        "...or a tracking device attached to your car"

        I found a bug attached to my car; it was easy to spot, it was bright yellow and attached to one of the wheels with a padlock...

        Will Anglegrinder man be able to save us from Gov trojans?

        1. Anonymous Coward
          Anonymous Coward

          I think Big Bolt Cutter Man is best for that and fits in the boot as well.

    2. Anonymous Coward
      Anonymous Coward

      That would require them to admit they wrote it. That can cause a lot of other issues in itself

    3. Christoph Hechl

      I wonder how police would react, if for every spyware found on any computer they were asked if you were allowed to remove it.

      No, you cannot be expected to analyse the type and origin of malware found on your computer system. Therefore, at least in Germany, you would be save to do so. Whether or not someone may have used that tool to place false evidence on your PC is an entirely different story...

  6. Claude Warren
    Mushroom

    Dr. Strangelove?

    "The R2D2 name comes from a string of ASCII, "C3PO-r2d2-POE", found in the mystery Trojan. "

    OK C3PO and rd2d are easy references but POE... is that not a reference to Dr. Strangelove and the Sterling Hayden's character Brig. Gen. Jack Ripper the man that starts Armageddon?

  7. unky
    FAIL

    Lame or not - that depends. As far as currently can be told, the badly written trojan created even more security risks for the already wire-trapped computer.

    And yes, "O'zapft is" does refer (if I am not mistaken) to "es ist angezapft" - so indeed, it can be translated directly to "it is wire-trapped".

    Also, while the federal police (BKA) denied any influence, recent information suggest that it has been used by Bavaria's local police forces (their LKA). As the analysed sample seems to have been supplied by someone being trialled by the Bavarian LKA. (The trial only broke down when his lawyer bemoaned the 60000 supplied screen shots to be gathered unlawfully - you think, that they printed them out?!) (And no, he was no terrorist - but rather a software engeneer who worked for a company who supplied something like an online shop to another company that sold drugs outside of Germany - while the drugs themselves were legal in Germany, the act of helping to sell them abroad seems to have upset the police forces.)

  8. Tim #3

    On the subject of security, where's the El Reg coverage of the malicious software that is infecting the US drones, as reported in today's Times?

  9. Dazed and Confused
    Black Helicopters

    Who does it work for?

    What IP addresses does it report back to?

    Who are they registered too? Surely it would be illegal for the gubberment to be using incorrectly assigned IP addresses. They must be registered to contactable keeper, presumably a front company, but would make a fun way to start investigating.

  10. Dazed and Confused

    I love the inference

    It's so badly written it must be the gubberment,

    with the unwritten foot note, hackers have got better than that these days, why go to the trouble of own a system and then leave it open to being stolen by a rival gang.

    1. r4co0n
      Alert

      Good question

      Apparently this is an US-American IP, for privacy's sake, you know.

      I think I read this in CCCs pdf about the incident, or heard it on the news, it's some big story here in good ol' Germany, if Europe wasn't gonna annihilate itself financially this would be widely covered...

  11. EgoTrippin

    The Bavarian Ministry of the Interior now confirmed that this trojan indeed belonged to the Bavarian state police.

    1. Alexander Vollmer
      Coat

      Time will tell

      And now we are waiting for the German Federal Public Prosecutor to search the offices of Bavarian Government and of the Bavarian LKA. Only one deferring factor, the German Home Secretary is member of the Bavarian branch of the ruling Christian Democratic Union and who knows what he ...

  12. Zippy the Pinhead
    Trollface

    "The screenshots and audio files it sends out are encrypted in an incompetent way"

    I'm waiting for the government to issue a denial by stating.. Yes it was well written! lol

  13. Kurgan
    FAIL

    So badly written...

    ... that it is likey made by a government! LOLLASTIC!

    By the way, do terrorist still use Windows?

  14. NoneSuch Silver badge
    Joke

    Analyse the code?

    Nein!

    Zat is exzactly vat zey exzpect us to do.

  15. andreas koch
    Holmes

    Siemens?

    0zapftis

    That string triggered a something. I can remember it also turned up in the last issue (58) of Benq-Siemens' mobile phone firmware for the last model (EF81) built in the Kamp-Lintfort site.

    I would have a look at the guy who wrote that. Don't quite remember his name, but it was somewhat Polish, Stanislaw Nebowski or similar. Might be a 'signature'...

  16. Christian Berger

    They admitted to it

    By now, Lower Saxony, Brandenburg, Baden-Württemberg and Bavaria confessed. Hesse nearly confessed.

    There are also official documents of the relevant institutions in those states buying software from Digitask.

    http://ted.europa.eu/udl?uri=TED:NOTICE:23600-2008:TEXT:DE:HTML

    http://ted.europa.eu/udl?uri=TED:NOTICE:307886-2008:TEXT:DE:HTML

    Oh and the director of the company Digitask has been sentenced to 21 months in prison on bail and 1.5 million Euros in 2002 because of blackmail.

    http://www.foebud.org/firmenchef-von-digitask-2002-wegen-bestechung-verurteilt

  17. Christian Berger

    Apparently a lawyer of Digitask admitted it's most likely the trojan of their company.

    BTW, the really big issue is that the constitutional court forbid certain features like loading new code... however those features are in there, but deliberately hidden. This probably means they are not only there by accident, but on purpose, made by someone who know that what he was doing was illegal.

  18. Ken Hagan Gold badge

    Presumably illegal outside Germany

    So either they've got rather better geolocation than anyone else on the planet or they've inadvertently trampled on the criminal law of their neighbours. Where's that popcorn...?

    1. The Flying Dutchman
      Happy

      If the functionality exceeds VoIP eavesdropping...

      ... (and it apparently does), it's illegal inside Germany too. That's the point.

      In the meantime, officials of several German federal states have more or less admitted that this malware was indeed gov business...

This topic is closed for new posts.

Other stories you might like