Consider this the next time you want to browse a German language website: the German government might just end up with access to your computer. Reading the excellent Schneier on Security blog, I ran across the latest in what appears to be a long-standing fight among German police forces to allow them to snoop computers using different types of malware and trojans. Bundestrojaner, they call those.
The hacking website Chaos Computer Club has discovered a new form of this malware that takes screenshots of the infected computer’s currently-open window, sending that image along to the police. But in what seems like an attempt to evade detection by other law enforcement, the information is bounced to an American server first. Data laundering, you might call that.
This data transfer almost certainly violates both German and US law. But the fun doesn’t stop there: the team that reverse engineered the trojan also discovered the ability to remotely install other software on command. So, not only do German police have the ability to watch what you’re doing on your own machine, but they can install software that might allow them remote access.
It is doubtful that the laws violated by this trojan will be enforced, though we may hope that the German government has enough politicians with an electoral interest in personal privacy to kill the program. But such software has the potential to open up embarrassing and uncomfortable confrontations between many governments, as both law enforcement and military interests continue to seek out purchase on the digital realm. In such an environment, what constitutes a military program or a civilian police program is murky at best.
CCC | Chaos Computer Club analyzes government malware.