German government's Skype spying tool has holes, hackers say

A hacker club found a Skype spying tool used by German law enforcement may violate the country's constitutional law

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club.

The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club.

It has long been rumored that the German government was interested in developing an application to intercept Skype. Three years ago, documents released by WikiLeaks purported to show a proposal by a Bavarian company, DigiTask, offering to develop such a tool.

Press officials contacted on Monday morning at Germany's Interior Ministry were unable to immediately answer questions. On Sunday, Steffen Seibert [cq], a spokesman for Germany's Federal Press Office wrote on Twitter that the Interior Ministry said it did not use the programs examined by the Chaos Computer Club.

Seibert wrote on Twitter on Monday morning that federal and state governments were expected to issue a statement about the controversy.

The tool, called "Quellen-TKU," was developed ostensibly for wiretapping Internet phones calls, the Chaos Computer Club said. It is a lighter version of a more encompassing surveillance tool conceptualized by the German government to spy on computers in Germany but banned by the country's constitutional court in February 2008.

The court left room for the government to develop a tool specifically for wiretapping, but the Chaos Computer Club found that the versions in circulation are far more powerful than the boundaries set by the constitutional court, Rieger said.

"We got our hands on it and found it is doing much more than it is legally allowed to do," Rieger said.

DigiTask's lawyer, Winfried Seibert, said on Monday that the company is investigating whether the application examined by the Chaos Computer Club was developed by the company and should find out within a day or so. He said DigiTask has developed such programs for public authorities in Germany.

"In general, it fits," Seibert said. "We are trying to find out what it really is. We can't be 100 percent sure."

The Chaos Computer Club explains on its blog that Quellen-TKU can activate a computer's microphone and camera, which could be used for room surveillance, and take screenshots. The program can upload other applications to a computer, which could export files from the machine.

"This is clearly in violation of the constitutional court," Rieger said.

Basically, Quellen-TKU is a call recorder. It can intercept Skype calls by recording the conversation from a computer's sound card before it is encrypted by Skype. Skype's encryption has led to widespread fears in countries such as Germany and India that law enforcement would be shut out from monitoring plotting terrorists.

"It's quite hard to intercept Skype calls at the operator level because it's encrypted," said Mikko Hypponen [cq], chief research officer for the Finnish security company F-Secure. "It's fairly easy if it [the interception program] is running on the computer itself."

The club reported other disturbing findings about Quellen-TKU's security: although the data transmitted by the program is encrypted, the commands transmitted to control the program are not. Those commands are also not authenticated to prove the directions are coming from an authorized source, making it possible for an attacker to impersonate law enforcement.

"Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan and upload fake data," according to the Chaos Computer Club's writeup. "It is even conceivable that the law enforcement agencies' IT infrastructure could be attacked through this channel."

The Chaos Computer Club provided samples to F-Secure, which found Quellen-TKU also had keylogging capabilities to intercept data entered into applications such as Firefox, and the instant messaging programs MSN Messenger and ICQ.

Bizarrely, Quellen-TKU has a hidden reference to the movie Stars Wars, F-Secure found. A text string that is used to start data transmission reads:"C3PO-r2d2-POE." F-Secure decided to name the program "Backdoor:W32/R2D2.A."

"I can't confirm the source who wrote this trojan, but I have no reason to doubt what CCC [Chaos Computer Club] is saying," Hypponen said.

Now that is has been detected, it's unlikely Quellen-TKU will be of any use now to law enforcement. F-Secure said it had added a signature to its database to detect the program, and other major antivirus vendors such as Symantec and McAfee have as well.

But many antivirus programs have other methods for detecting malicious software. Hypponen said F-Secure's software -- while not knowing exactly what Quellen-TKU was -- would have blocked it once it executed one a computer as far back as a year ago because the program meddled with low-level parts of a computer's operating system. Other security vendors may also have been capable of stopping it as well, he said.

Even if law enforcement had been recently using Quellen-TKU to monitor someone planning to do violence, Hypponen said the company decided to continue to detect it. F-Secure has a policy that it will not modify its products for law enforcement within respect of European Union laws.

Send news tips and comments to

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Chaos Computer Club

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?