A German hacking group says it's discovered a Trojan horse that the government is using to spy on citizens' online activities.
The German government openly uses a Trojan known as Bundestrojaner to monitor Skype conversations - so long as it has offocial authorization for a wiretap.
But, says the Chaos Computer Club (CCC), it's going substantially further than that, using malware also dubbed '0zapftis', and 'R2D2' that can download updates from the internet, run code remotely and even allow remote access to the computer - specifically prohibited by Germany's legal code.
"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs," says the group.
"Significant design and implementation flaws make all of the functionality available to anyone on the internet."
The CCC says that the Trojan's developers made no effort to makes sure that the malware could only be used to tap internet telephony, as mandated by German courts.
On the contrary, it says, the design included functionality to clandestinely add more components over the network right from the start.
"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice
The German government openly uses a Trojan known as Bundestrojaner to monitor Skype conversations - so long as it has offocial authorization for a wiretap.
But, says the Chaos Computer Club (CCC), it's going substantially further than that, using malware also dubbed '0zapftis', and 'R2D2' that can download updates from the internet, run code remotely and even allow remote access to the computer - specifically prohibited by Germany's legal code.
"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs," says the group.
"Significant design and implementation flaws make all of the functionality available to anyone on the internet."
The CCC says that the Trojan's developers made no effort to makes sure that the malware could only be used to tap internet telephony, as mandated by German courts.
On the contrary, it says, the design included functionality to clandestinely add more components over the network right from the start.
"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice