View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 11, 2011

Hackers discover Trojan virus used by German police

Malware developers did not have even elementary security in the code, making it possible for hackers to use the virus easily, claims CCC

By CBR Staff Writer

Computer hacking club Chaos Computer Club (CCC) has identified a computer Trojan used by German police forces to intercept communications from several messaging applications including VoIP calls.

The CCC has dubbed the Trojan ‘Bundestrojaner’ (the federal Trojan).

The CCC said said that the Trojan is designed with other capabilities as well.

"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet," the CCC said.

On their website, the CCC said it has reverse engineered and analysed a "lawful interception" malware program used by German police forces.

The outfit said that they found it in the online world.

"It has been found in the wild and submitted to the CCC anonymously," said the CCC.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The CCC has published the extracted binary files of the government malware that was used for "Quellen-TKÜ"(the term means "source wiretapping" or lawful interception at the source), together with a report about the functionality found.

During the analysis, the CCC claimed that it wrote its own remote control software for the Trojan.

The company said that the Trojan can receive uploads of arbitrary programs from the Internet and execute them remotely. "This means, an "upgrade path" from Quellen-TKÜ to the full Bundestrojaner’s functionality is built-in right from the start. Activation of the computer’s hardware like microphone or camera can be used for room surveillance," said the CCC.

The hacking outfit also claims that the Trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," said a CCC speaker.

"Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", added the speaker.

"The security level this Trojan leaves the infected systems in is comparable to it setting all passwords to ‘1234’".

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.