Members of the Chaos Computer Club have spyware analyzed by the German police would be deployed. The ‘Bundestrojaner’ would have more features than is allowed by law, and data is unencrypted sent.
According to the hackers of the CCC, that a report on the operation of the spyware have been published, the software can not only Skype calls draining, also, the so-called Bundestrojaner files can manipulate or destroy. In addition, by the built-in keylogger passwords captured, while the malware also covertly screenshots can make of activities.
Via a offered backdoor, the attacker immediate access to an infected system, which, for example, the new ‘functionality’ to the trojan can be added. The CCC gives the remotely enable a webcam or microphone as an example.
The CCC states that the Bundestrojaner in command of the government is designed, and by the German police can be deployed to pc’s of suspicious persons to monitor. The functionality of the spyware, however, goes much further than the legal framework. For example, the German Federal Constitutional Court earlier determined that such afluistersoftware may only be used to make voip calls to drain.
In addition, the German spyware a number of gross errors. Thus, all collected data without encryption is sent. This can in addition public authorities are also third-party access to this information or the spyware remote control. In addition, the tool is not an authentication mechanism, allowing an attacker falsified information to the authorities can send. Finally, it draws the German hackersvereniging that the collected information is to a Us server, is forwarded, presumably to the ip address of the command and control server to hide. According to the CCC is once again violate the law because the information is in the hands of other countries.
Or the Bundestrojaner, which consists of a dll file and a Windows-kerneldriver, active by the German law enforcement authorities is used, it is not clear. However, the CCC say that the authorities prematurely informed in order to provide them the opportunity to give to the zelfvernietigingsmechanisme of the Bundestrojaner to activate. This would have ongoing police investigations in which the spyware is being used, not to be bothered.
The German hackersvereniging calls in his publication, other hackers on to the malware, which if a binary is to download further analyze. Also, the CCC that they are different spyware that is used by governments, would like to analyze and that suspicious software to them can be sent. The German government has not yet responded to the publication of the Chaos Computer Club.