Government Backdoor R2D2 Trojan discovered by Chaos Computer Club

[PenTester]

The Famous European hacker club, Chaos Computer Club(CCC) discovered the backdoor Trojan horse capable of spying on online activity and recording Skype internet calls which, it says, is used by the German police force.

Full Article

 

[Jack]

F-Secure Labs first reported this incident and the existence of a trojan isn't a secret. It was discussed publicly in germany and there's even a ruling from the highest german court (Bundesverfassungsgericht) on constraints for law enforcement while using it. Basically this is the modern wire tapping.
The scandal, discovered by CCC, is that the trojan is capable of much more than it should do, basically it can do everything what code allows.

Here’s a partial list of what the CCC analysis uncovered:

The trojan can … receive uploads of arbitrary programs from the Internet and execute them remotely.

Activation of the computer’s hardware like microphone or camera can be used for room surveillance.

[T]he design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.

[With an additional module] it can be used to remotely control infected PCs over the internet [and] watch screenshots of the web browser on the infected PC – including private notices, emails or texts in web based cloud services.

In its own analysis, F-Secure confirmed the workings of the program:

The backdoor includes a keylogger that targets certain applications. These applications include Firefox, Skype, MSN Messenger, ICQ and others.

The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls.

In addition, the backdoor can be remotely updated. Servers that it connects to include 83.236.140.90 and 207.158.22.134.

 

[Jack]

And German states have admitted that they are using the Federal Trojan to spy on people through their computers. The German justice minister has demanded an investigation.

Several German states admit to use of controversial spy software

Several additional German states have admitted to deploying spyware in order to investigate serious criminal offenses, according to regional media sources.

The interior ministers of the states of Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony said that regional police had used the software within the parameters of the law. In Lower Saxony, the software has been in use for two years, according to the public broadcaster NDR.

Authorities in Brandenburg, meanwhile, told the daily Berliner Morgenpost that they are currently using the spyware in a single, on-going investigation. Baden-Württemberg has also used such software to investigate "individual cases," according to the Badische Zeitung.

The interior ministry in the western state North Rhine-Westphalia also admitted that police had used the software in two instances, both of which had been approved by a judge. The news agency dpa reported that both cases had involved serious drug crimes.

Officials in the southern German state of Bavaria were the first to confirm late Monday that their agencies have been using a spyware program since 2009. It remains unclear whether all four states had been using the same software or not.

Bavarian Interior Minister Joachim Herrmann said in a statement that they had acted within the law, and he promised a review of the software's use. Computer security experts and German politicians say such software is likely in violation of the German constitution.

A hacker group accused the German government on Saturday of developing and using the software to spy on its own citizens. Justice Minister Sabine Leutheusser-Schnarrenberger called on the federal and state governments to launch a joint investigation into the matter.

"Trying to play down or trivialize the matter won't do," said Leutheusser-Schnarrenberger while at the same time warning against blanket judgments. "The citizen, in both the public and private spheres, must be protected from snooping through strict state control mechanisms."


Read more

 

[NathanF1]

Emsisoft commented that the Trojan is not only a violation of the Constitutional Law, but is also sloppily coded:

Since eavesdropping actions are only permitted under strict conditions and restrictions this seems to be a clear violation of Constitutional Law. As if this is not enough, the Federal Trojan also appears to be sloppily programmed and contains flagrant security holes. These could theoretically be used by third-parties to gain unauthorized access to infected computers. In addition to disregarding personal rights this also represents a serious threat to the computer security of affected citizens.

Protection and a statement from Emsisoft

The Emsisoft analysis team has also researched the functionality of the Federal Trojan. This is basically a conventional Trojan, except for the small difference that it has not been developed by cyber-criminals but rather by a government department. The good news: the behavior analysis integrated into Emsisoft Anti-Malware and Mamutu also detects the Federal Trojan and can effectively protect the computer from infection.

Christian Mairoll, the General Manager of Emsisoft, says: "You can also trust our protection in the future. There currently exists no law or ruling that compels the suppliers of security software to exclude online search software such as the Federal Trojan from the detection process. If such a law is passed, or a court ruling on this occurs, then we will immediately inform our users of this fact. Until then, especially our behavior analysis module will not distinguish between "good" and "evil" Malware. As the user, you will always be able to immediately block any suspicious program."

Full Emsisoft Statement