cryptogon.com

The group says on its Web site that it obtained and analyzed a piece of software that is supposed to be a “lawful interception” program designed to listen in on Internet-based phone calls as part of a legal wiretap, but its capabilities go far beyond legal bounds.

The program is capable of logging keystrokes, activating Webcams, monitoring Web users’ activities and sending mountains of data to government officials, the club said.

To cover its tracks, the data is routed through rented servers located in the U.S., the club alleges.

“To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA,” the Club said on its Web site.

The German government has yet to comment on the findings, but already, antivirus companies are reacting to them. Security firm F-Secure will detect and disable the alleged government monitoring software if found on clients’ computers, it announced on Saturday.

“Yes, it is possible the Trojan found by CCC is written by the German government. We just can’t confirm that,” said Mikko Hypponen, F-Secure’s chief technology officer, via Twitter.

The program, labeled a “backdoor” because it can open a computer to surreptitious access, targets certain applications for keylogging, including Firefox, Skype, MSN Messenger, ICQ and others, according to F-Secure.

“We do not know who created this backdoor and what it was used for,” Hypponen wrote on F-Secure’s blog. “(But) We have no reason to suspect CCC’s findings.”

German courts have long allowed use of a backdoor program known as “Bundestrojan” — “federal Trojan,” in English — which permits government investigators to listen in on Skype-based phone calls as part of a legal wiretap order. Skype and other kinds of Internet phone calls that can be encrypted are particularly troubling for law enforcement, because they can be used by suspects to evade wiretaps.

After a court battle in 2008, Bundestrojan was ruled legal as long as it screened only very specific communications — essentially, Internet telephone calls.

But the Chaos Computer Club announced Saturday that it had obtained a copy of what it believed was a copy Bundestrojan, and that the program has capabilities that go far beyond legal wiretapping. In addition to keylogging and screen shots, the software is also capable of remote control and upgrade.

“This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown Trojan is possible in practice – or even desired…. The Trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court,” said the club on its site. “Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case, functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system.”