Hackers reverse engineer Trojan used by German Police

By Lee Kaelin on October 10, 2011, 12:30 PM

European hacking group Chaos Computer Club claims to have  successfully reverse engineered samples of German Police's lawful intercept malware, known as Quellen-TKÜ, finding that besides eavesdropping on Skype conversations it is also capturing screenshots and logging keystrokes.

The trojan was first disclosed in court documents from 2007 and was designed with the primary task of assisting German Police overcome Skype encryption where an intercept warrant had been granted by a judge. The German government endorsed the usage of Quellen-TKÜ to legally wiretap internet communications only, but the hacker group's analysis of several samples received shows the malware goes well beyond its intended usage.

Analysis showed that Quellen-TKÜ was built from the outset to receive uploaded data, contained remote execution capability and was capable of utilising attached devices like microphones and webcams for surveillance purposes. “The design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer," CCC said in statement released on its website.

"Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system," the group commented.

CCC's investigations also found the malware to be poorly secured. The security level this trojan leaves infected systems in is comparable to setting all passwords to '1234', they said. Screenshots and audio files meant to be sent to authorities were poorly encrypted before passing through U.S. data centers. Meanwhile, the commands from the control software used by authorities to control the trojan were also completely unencrypted, which could allow someone to take control of the computer in question or send falsified information back to authorities.

Security vendor Sophos yesterday confirmed the findings and said the trojan could also be used to intercept communications over Skype, MSN and Yahoo messenger services. They also confirmed it could log keystrokes used in Firefox, Opera, Internet Explorer and Sea Monkey browsers, take screenshots and record the audio of Skype calls.

Sophos was keen to point out that although they were able to confirm the group's analysis was correct, it is impossible to know for certain if the additional capabilities had been written with consent from the German government.




User Comments: 10

Got something to say? Post a comment
treeski treeski said:

This is pretty bogus. I'm perfectly fine with law inforcement tapping someone's computer *if* (huge if here) they get a warrant... but they really should only be doing what their warrant allows them to do. Anything more is a huge issue to me.

Guest said:

Not really, the difference between police having a warrant to search your house and having a warranty to watch what you do on the internet, is that the criminal in suspect doesn't know he is being watched.

Also, if the police could obtain a warrant without the knowledge of the criminal and legally spy on him, what would stop them from doing that to another person or to you, even though you are innocent.

Guest said:

Government spending $billions USD watching

internet "Porno", on millions of unaware users.

Millions of users online, means Government

has nothing better to do, than spending tax

payer monies.

gwailo247, TechSpot Chancellor, said:

Guest said:

Not really, the difference between police having a warrant to search your house and having a warranty to watch what you do on the internet, is that the criminal in suspect doesn't know he is being watched.

Also, if the police could obtain a warrant without the knowledge of the criminal and legally spy on him, what would stop them from doing that to another person or to you, even though you are innocent.

That's all well and good, but what is the alternative? It's great for everyone to decry everything the police and gov't do, but at the same time, nobody offers any other solutions.

So is the answer to forbid the police to do any kind of surveillance on the chance that they will abuse their authority and spy on innocent people?

Guest said:

The problem here is German Jurisdiction penetrating

as legal rights to American Technology, has violated

data communication issues.

Guest said:

Who said the Stasi is gone? Oh, I forgot, the Stasi didn't do anything wrong. They were just state police spying on criminals. Yeah, right!

anguis said:

Sounds like they overstepped their legally given bounds (by the German court system). Also think it infringes international law of sorts (I know something like that would be illegal in the USA and if it passes data through US Datacenters it is definitely considered illegal).

PinothyJ said:

treeski said:

This is pretty bogus. I'm perfectly fine with law enforcement tapping someone's computer *if* (huge if here) they get a warrant... but they really should only be doing what their warrant allows them to do. Anything more is a huge issue to me.

I am confused, when the hell did beating the governments of the world mean owning a proper, *paid* internet security suite?

That is what I paid Trend Micro for and if I was to be tapped successfully than the lawsuit would be with them, not the government...

Guest said:

When people say things like "what is the alternative", that screams that such a person sees things purely in black-and-white, and not realistically.

Allow me to ask you a simple question: Would you rather be subject to the wrongdoings of a handful of people with criminal intent, or the wrongdoings of a criminal government? A criminal government is quite literally ubiquitous. There's no escaping it. It's as if everybody in the country was suddenly forced to sign up for protection from the mafia (remember, the only way you can truly reject the authority of your government is to move outside of the boundaries of its authority; otherwise, all you can do is hope to change it from within).

People aren't expecting the police to do *no* surveillance. People just expect their police to enact surveillance upon those who actually need to be watched. In other words, people with a criminal record who may be up to no good, or people who can be *reasonably suspected* of criminal intent. Again, in other words, as a commenter above me mentioned, if somebody has a reasonable warrant out against them. Everyday people should not be bothered (or rather, treated as criminals) by their government, period. Let's think about the greater good, here, as that is what the government is supposed to represent. It is *always* of the greater good to *protect* the rights of the common people first than it is to assume that everybody in the country is a criminal, until proven otherwise. Because the government in the latter scenario will never actually be convinced. Besides, such power is far too alluring to give up.

Guest said:

@pinothyj

should read your eula for trend micro or any other security suite for that matter. basically states they will do there due dillagence in defending your system. HOWEVER!!! if you are hacked or damages occur due to malware and so forth they are not liable.... so have fun with that lawsuit...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.