German Hacker Club Uncovers Gov't-Sponsored In The Wild Malware

A well-known German hacker group has accused the German government of releasing a Trojan horse program into the wild. According to the Chaos Computer Club, the program is the stuff of political fiction: it was designed to allow the government to spy on its citizens.

The CCC released its findings on its website, in the form of a 20-page PDF file (in German), along with an accompanying post in English.  In part, the CCC said the following,

"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.

"The trojan can … receive uploads of arbitrary programs from the Internet and execute them remotely. Activation of the computer’s hardware like microphone or camera can be used for room surveillance."

Meanwhile, security firm F-Secure confirmed many of the findings of the CCC, saying that the software includes a keylogger and code that can take screenshots and record audio. They also confirmed it's a backdoor Trojan, meaning it opens a backdoor in a computer system, allowing remote access sans authentication to the computer in question.

What F-Secure didn't do was assign the blame to the German government. F-Secure said “We do not know who created this backdoor and what it was used for. We have no reason to suspect CCC’s findings, but we can’t confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.

"We have never before analysed a sample that has been suspected to be governmental backdoor. We have also never been asked by any government to avoid detecting their backdoors." In fact, F-Secure detects the malware as Backdoor:W32/R2D2.A, where R2D2 comes from a string inside the trojan: "C3PO-r2d2-POE."

There is a so-called "legal" Trojan known as "Bundestrojan," or "federal Trojan" in English. If authorized by a court order, authorities can use the Bundestrojan to listen in on Skype-based phone calls. This new program goes far beyond the abilities of Bundestrojan.

F-Secure said it expected an official response from the German government, but that has not been made yet.