You may have seen a trail of news stories bubbling up yesterday and over the weekend about a group of hackers who said they discovered the German government was using spyware to keep tabs on its citizens. It turns out that story may be true as some German officials from a number of states have admitted to using the software.
The large European hacker club called Chaos Computer Club (CCC) stumbled upon a Trojan Horse, and upon reverse-engineering and analyzing tracked the program back to German police. The software was designed to be used through legal wiretaps, but has allegedly been used to spy on more than it should.
According to Deutsche Welle, Chaos Computer Club asserts that the software, nicknamed R2D2 or0zapftis, once installed has the ability to log keystrokes, screenshot and even record Skype conversations. Bavaria was one of the first German states to confirm use of the program, the Bavarian interior minister Joachim Herrmann belived the police acted within the laws parameters but will investigate into the matter of R2D2’s use.
German law, thanks to a court decision in 2008, permits use of spy software by government officials in order to combat terrorists and criminals. Wiretapping is legal but courts need to give the OK. Also, according to Chaos Computer Club’s analysis, the program oversteps bounds of the law as it not only observers but has the ability to “receive uploads of arbitrary programs from the Internet and execute them remotely”.
The German DigiTask firm revealed that R2D2 could be a tracking program the company sold to Bavaria four years ago. DigiTask also sold similar programs to Austria, Switzerland and the Netherlands. DigiTask is rumored to offer certain “forbidden functions” to some of its government clients.
The Trojan find adds fuel to the debate of whether governments should use electronic surveillance. As CCC points out, how easy it may be for authorities to overstep boundaries if not watched carefully.