German officials confirm use of spy software

Added by on October 10, 2011

CCC screenshot of spying software, allegedly installed on a computer as it passed through Munich airport customs

German officials confirmed on Monday that Bavaria state agencies have been using spy software since 2009.

In a statement, Bavarian Interior Minister Joachim Herrmann said that agencies had acted within the law and added that the software’s use would be reviewed.

A well-known German hacker group called the Chaos Computer Club found that the software, by analyzing the hard drive of someone under investigation for pharmaceuticals-related charges. The software, called the R2D2 trojan, may have been installed on the computer as it passed through customs at Munich airport.

Under German law, police are allowed to use spying software on suspected criminals’ computers. Strict guidelines govern the use of spying software, also referred to as spyware: investigators must get legal approval to activate spyware. In addition, the spyware is not allowed to alter any files on the suspect’s computer and the spyware must have safeguards in place to prevent addition of more functionality after it has been installed.

The Chaos Computer Club (CCC) found the spyware after scanning and recovering deleted files on the hard drive they received. On analyzing the spyware’s capabilities, they found that it implemented its lawful spying capability: it captures Skype and other similar communications before they leave the suspect’s computer – this is called source wiretapping.

The CCC alleges that they found that the R2D2 trojan can receive files from the internet and execute them. This means that the spyware provides built-in functionality that can result in more capabilities than allowed by law. The CCC further alleges that the spyware can activate a computer’s microphone, webcam, and other functionality to, for example, monitor a room.

The CCC also said that the spyware could be used to plant evidence on a suspect’s computer and delete files and also has significant security deficiencies that open infected computers to attack by others.

Several internet security companies independently confirmed the CCC’s findings.

Computer security experts reportedly said that software with this capability is likely in violation of Germany’s constitution.

The software, officially is known as Troj/BckR2D2-A, yet is also referred to as Quellen-TKÜ.