German Government Spyware Capable of Snooping, Remote Updates

By Fahmida Y. Rashid  |  Posted 2011-10-11

A software program used to intercept online communications is capable of doing much more, the German Government has admitted.

The program, Quellen-TKU, was submitted anonymously to The Chaos Computer Club for analysis. Dubbed "R2D2" by antivirus vendors and "Bundestrojaner light" by the hacking group, the group discovered several backdoor functionalities.

"Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully," CCC wrote.

The Bundestrojaner is capable of spying on Skype Internet calls, monitoring online activity, eavesdropping on MSN Messenger and Yahoo Messenger chats, logging keystrokes and receiving and remotely executing program updates from the Internet, the CCC found. It also could activate and monitor computer hardware such as microphones or cameras for surveillance purposes. CCC said it appeared the additional functionality was designed so that it could be later upgraded to perform more stealthy forms of surveillance than its initial goal.

"In this case, functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system," a CCC spokesperson said.

The functionality found in Bundestrojaner violates a 2008 law that bars the use of malware to manipulate computers of German citizens, CCC alleged. While the law allows police to use spyware for snooping, there are strict legal guidelines in place to limit surveillance.

German lawyer Patrick Schladt believes that German authorities are prosecuting his client based on digital evidence surreptitiously collected from the client's computer. The program was allegedly installed when the computer passed through customs control at Munich Airport, according to Schladt.

German law enforcement uses Quellen-TKU as part of its wiretapping surveillance efforts and does so legally and within the bounds of German law, Bavarian Interior Minister Joachim Herrmann said in a statement Oct. 10. The sample submitted to CCC may be a test version of Quellen-TKU, leaked during development in 2009, and is not likely to be the current version being used.

Germany's fedeal law enforcement agency Bundeskfrminalamt (BKA) took to Twitter to officially deny any connection with Quellen-TKU.

The German Justice Minister, Sabine Leutheusser-Schnarrenberger, has called for an investigation.

"Trying to play down or trivialize the matter won't do," the Justice Minister said in a statement.

CCC also alleged there were no security safeguards in place, and that it would be easy for someone to maliciously co-opt the Trojan for their own nefarious users.

F-Secure claimed the software was written by Haiger, Germany-based Digitask for €2,075,256.07.

Rocket Fuel