German Government Spyware Transforms Citizen’s Computers Into ‘Big Brother’-Type Surveillance Devices
November 2, 2011
A seemingly innocuous email plants malicious spyware on your computer, allowing strangers to not only access your private communications but also to spy on you in your own home.
The fact that such invasive technology was deployed by officials in Germany has caused uproar here.
While the monitoring of internet telephone communications is allowed by German law in serious cases, it has emerged that software deployed by some law enforcement agencies was capable of much more intrusive snooping, raising serious concerns about the potential for a “Big Brother” level of surveillance.
The use of so-called “Trojan horse” software by authorities in a number of German states came to light after the Computer Chaos Club, a hacker group, published details of their examination of spyware planted on a laptop in Bavaria.
It found that the software — developed by a private company called DigiTask for the Bavarian police — was capable of much more than just monitoring internet phone calls. It could take screenshots, remotely add files and control a computer’s microphone or webcam to monitor the person’s home. However, the authorities insist that they did not deploy these functions. Investigations are ongoing.
Graham Cluley, a senior technology consultant with British computer security firm Sophos, which also analyzed the software, said that the spyware could “automatically update itself over the internet, so new functionality can be added. It can be used to install new software onto the computer, so people could actually alter the contents of a suspect’s hard drive.”
The scandal has led politicians and security experts to look at whether the country’s already stringent privacy laws need firming up.
Privacy advocates had already raised concerns about the potential for state intrusion back in 2007, when the Interior Ministry said that it was developing software to monitor suspects’ internet communications.
The following year the Federal Constitutional Court, the highest in the country, made a ruling that placed narrow limits on the use of such software, including stipulations that it could only be used to monitor Internet telephone communications. The 2008 ruling stated that the integrity of people’s computers was a “fundamental right” and could only be infringed upon with a court order.
Yet evidence now suggests that some state law enforcement agencies went beyond those constitutional limits when they deployed Trojans that had wider functionality.
“There are very strict guidelines regarding the use of this kind of software in those situations,” Cluely told GlobalPost. “It appears to us that if this piece of software was being used for that purpose then it goes beyond those guidelines.”
“The Trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the Constitutional Court,” the Computer Chaos Club wrote on its website.
The Interior Ministry in Bavaria confirmed that law enforcement officials there have been using the spyware since 2009 and insists the application is legal. Other states, including Baden-Wurttemberg, Brandenburg and Lower Saxony, also admitted using Trojans.