Around HawaiiOceanic Time Warner Cable's Community Website
OceanicspacerRoad Runner Mailspacerspacer

Aloha! It's Saturday, December 27, 2014

Google
 

Lifestyle :: Geeks in Paradise :: Federal Trojan

Federal Trojan

User Graphic
 Based on 0 member reviews
HELP ME WITH RATINGS

Patrick Schladt is a German lawyer defending a client relating to a pharmaceuticals case under German law. When his legal team examined the digital evidence the government had presented against his client, they began to suspect that there may have been some sort of surveillance software on his client’s computer that was somehow leaking information to an external entity.

With permission of Schladt’s client, the hard disk of the computer was shared with the Chaos Computer Club (CCC), a well-known “white hat” computer hacker group. The CCC used forensic software to restore deleted files from the hard drive, and revealed the existence of spyware known as "Bundestrojan" the “Federal Trojan” or “R2D2,” named because of a string of characters imbedded in the Trojan code.

Schladt told the media that it has been determined that the Trojan malware was installed on his client’s computer as it passed through customs control at the Munich Airport.

 

What does the R2D2 Trojan do, exactly?

According to CCC, R2D2 Trojan has the following capabilities:

  • The Trojan can eavesdrop on several communication applications - including MSN Messenger and Yahoo Messenger.
  • The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey.
  • The Trojan can take JPEG screenshots of what appears on users' screens
  • The Trojan can record Skype audio calls.
  • The Trojan attempts to communicate with a remote website.
  • The Trojan is capable of uploading and executing code.

The last capability is troubling, because having the ability to upload and execute additional code means added capabilities may be enabled from the R2D2 Trojan at any time. Furthermore, it would also be possible to plant faked evidence to the files of a computer and delete files that might prove the innocence of a subject, if the party controlling the R2D2 Trojan desired to do so.

 

Federal Trojan code
Screenshot of Federal Trojan code. Note the references to the executables like "skype.exe"

 

The other troubling aspect of R2D2 is that the communications security of the Trojan is weak. This opens the possibility of incriminating evidence being intercepted by third parties, or a third party discovering this malware and figuring out how to control it, thereby allowing unknown third parties to hijack the Trojan for their own use.

 

Is this legal?

In Germany, law enforcement is allowed to use spyware to gather information from suspected criminals. There are strict guidelines for doing this. Recording conversations made with Skype is permitted, similar to receiving permission to wiretap a phone conversation.

However, the German courts have made a distinction between the “wiretap” type of intrusion and a “sphere of privacy” that should never be breached, such as if a diary or other personal notations were kept on a computer.

Because of this “sphere of privacy” concept, law enforcement makes assurances to the courts that the spyware used is specifically “handcrafted” to achieve the desired purpose as permitted by the courts and no more. In no case would the spyware be capable of altering or adding to the existing files on the computer.

CCC’s analysis of the Trojan discovered indicates the use of spyware that goes far beyond what the courts allow and therefore would violate German law.

 

Can we connect R2D2 to the German government?

Neither the CCC nor other software security groups who have had access to the R2D2 code can establish any direct governmental connection, although CCC has publicly stated that it strongly suspects that this Trojan had origins with the government.

The two German governmental agencies likely to employ such spyware are the BKA (Bundeskriminalamt), the national investigative police agency, or LKA (Landeskriminalamt), the state investigation bureau. There are 16 LKA bureaus.

According to the CCC, one of the IP addresses R2D2 connects to is 83.236.140.90. This seems to be in Düsseldorf or Neuss. Interestingly, LKA Nordrhein-Westfalen is based in Düsseldorf.

In 2008, WikiLeaks released a confidential memo between LKA and a software company called DigiTask. In this memo, there is a description of surveillance software that matches the behavior of R2D2.

 

Magic Lantern

About ten years ago in the US, there were unconfirmed reports that the FBI approached various anti-virus companies asking them NOT to detect a piece of spyware they had written called “Magic Lantern.” Reportedly, some of these companies implied they would leave a backdoor in their anti-virus product open to allow Magic Lantern to work.

Nowadays, it seems to be the publicly stated policy of security software firms not to try to distinguish between “good” spyware and “bad” spyware. As in the case of the Federal Trojan, who’s to know if an unscrupulous third party has not discovered and commandeered the Trojan for their own use?

Furthermore, if word leaked out that one anti-virus software company allowed a governmental back door, and another did not, even for us law-abiding citizens, which anti-virus software would YOU buy?

 

Final Thoughts

Some may disconnect the discovery of German of law enforcement using some sophisticated (and illegal) surveillance methods with what US law enforcement might do. They might say that such a thing would not happen in the US.

On the contrary, the reports of Magic Lantern indicate that the United States may have been at this for more than ten years. That’s a very long time. I would expect that US surveillance technology, driven to a great extent by the need to track terrorist activity, would have given law enforcement in this country some VERY sophisticated tools by now, some legal, some surely not.

 

References / Interesting Reading

 

Goodbye, Steve Jobs

I'm sure all of you know of the passing of Apple co-founder, Steve Jobs. Back in March, I wrote an article titled Steve Jobs takes a medical leave of absence from Apple. This was always meant to be my goodbye to Steve Jobs. Here's an excerpt:

Anyone that follows technology knows Apple. Apple products have reached cult status. Apple is changing the culture, created product markets where there were none, created business models where they were none, and for the near future, shows no signs of easing up.

And if you know about Apple, you know about Steve Jobs, the charismatic driving force of Apple. There is no other major company where its CEO is such a public icon of the company and the singular force that drives all its philosophies. Steve Jobs has taken a computer company on the verge of bankruptcy in 2006 to a corporation with a present market capitalization second only to ExxonMobile. This was all Steve.

 


The views and information contained are not provided or endorsed by Oceanic Time Warner Cable or any its affiliates. The content provided is for general information and entertainment purposes only. Please seek professional advice before acting on any information contained within this web site. Any unauthorized reproduction is prohibited.

Comments

User Graphic
anonymous — Friday, December 5, 2014
reportreply
1


User Graphic
anonymous — Friday, December 5, 2014
reportreply
1


User Graphic
anonymous — Friday, December 5, 2014
reportreply
1


User Graphic
anonymous — Friday, December 5, 2014
reportreply
1


User Graphic
ed — Friday, December 5, 2014
reportreply
1


20141110_BST

Puna
Regarding the Kilauea volcano lava flow.



Send This Person a Message


Email Article to a Friend


Become a Columnist
Are you an expert in your own field? Do you know somebody who is? Fill out our online form and tell us about it. We'll select and consider those who fit the bill!



Oceanic on Twitter Oceanic on Facebook