The allegations, which Chancellor Angela Merkel’s spokesman said would be taken seriously, come from a well-known German hacker group called the Chaos Computer Club (CCC).
“The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the Internet.”
Their analysis, which followed an anonymous tip, asserts that the malware was developed by German police forces, but poor data encryption protocols allow that the software be used by third parties.
The CCC is not alone in its findings. Several Internet security companies agree with the conclusions. Mikko Hypponen, chief research officer at F-secure, an Internet security company, stated that “We have no reason to doubt CCC findings. [The CCC] has a long history of trustworthy research.”
F-secure added this Trojan to its list of known malware, but Hypponen said, “There are some details in the code that make it stand out from criminal software.”
While Sabine Leutheusser-Schnarrenberger, Germany’s justice minister, said on German public radio that “there is likely a divergence, based on accusations of the CCC, between what investigative authorities do, and that which the German Constitutional Court has determined,” it will be nearly impossible to prove who developed the software unless someone comes forward.
Among the malware’s functions, the CCC’s analysis showed that it can log keystrokes, take screenshots, record conversations, and activate webcams and computer microphones.
Hypponen commented that “Yes, it’s creepy, if it’s used against you by the government and you’re innocent, but if it’s used against you and you’re a drug lord, that’s a good thing.”
Source: DW-World, OEIC staff