German government's Skype spying tool has holes, hackers say

A hacker club found a Skype spying tool used by German law enforcement may violate the country's constitutional law

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club.

The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club.

It has long been rumored that the German government was interested in developing an application to intercept Skype. Three years ago, documents released by WikiLeaks purported to show a proposal by a Bavarian company, DigiTask, offering to develop such a tool.

Press officials contacted on Monday morning at Germany's Interior Ministry were unable to immediately answer questions. On Sunday, Steffen Seibert [cq], a spokesman for Germany's Federal Press Office wrote on Twitter that the Interior Ministry said it did not use the programs examined by the Chaos Computer Club.

Seibert wrote on Twitter on Monday morning that federal and state governments were expected to issue a statement about the controversy.

The tool, called "Quellen-TKU," was developed ostensibly for wiretapping Internet phones calls, the Chaos Computer Club said. It is a lighter version of a more encompassing surveillance tool conceptualized by the German government to spy on computers in Germany but banned by the country's constitutional court in February 2008.

The court left room for the government to develop a tool specifically for wiretapping, but the Chaos Computer Club found that the versions in circulation are far more powerful than the boundaries set by the constitutional court, Rieger said.

"We got our hands on it and found it is doing much more than it is legally allowed to do," Rieger said.

DigiTask's lawyer, Winfried Seibert, said on Monday that the company is investigating whether the application examined by the Chaos Computer Club was developed by the company and should find out within a day or so. He said DigiTask has developed such programs for public authorities in Germany.

"In general, it fits," Seibert said. "We are trying to find out what it really is. We can't be 100 percent sure."

The Chaos Computer Club explains on its blog that Quellen-TKU can activate a computer's microphone and camera, which could be used for room surveillance, and take screenshots. The program can upload other applications to a computer, which could export files from the machine.

"This is clearly in violation of the constitutional court," Rieger said.

Basically, Quellen-TKU is a call recorder. It can intercept Skype calls by recording the conversation from a computer's sound card before it is encrypted by Skype. Skype's encryption has led to widespread fears in countries such as Germany and India that law enforcement would be shut out from monitoring plotting terrorists.

"It's quite hard to intercept Skype calls at the operator level because it's encrypted," said Mikko Hypponen [cq], chief research officer for the Finnish security company F-Secure. "It's fairly easy if it [the interception program] is running on the computer itself."

The club reported other disturbing findings about Quellen-TKU's security: although the data transmitted by the program is encrypted, the commands transmitted to control the program are not. Those commands are also not authenticated to prove the directions are coming from an authorized source, making it possible for an attacker to impersonate law enforcement.

"Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan and upload fake data," according to the Chaos Computer Club's writeup. "It is even conceivable that the law enforcement agencies' IT infrastructure could be attacked through this channel."

The Chaos Computer Club provided samples to F-Secure, which found Quellen-TKU also had keylogging capabilities to intercept data entered into applications such as Firefox, and the instant messaging programs MSN Messenger and ICQ.

Bizarrely, Quellen-TKU has a hidden reference to the movie Stars Wars, F-Secure found. A text string that is used to start data transmission reads:"C3PO-r2d2-POE." F-Secure decided to name the program "Backdoor:W32/R2D2.A."

"I can't confirm the source who wrote this trojan, but I have no reason to doubt what CCC [Chaos Computer Club] is saying," Hypponen said.

Now that is has been detected, it's unlikely Quellen-TKU will be of any use now to law enforcement. F-Secure said it had added a signature to its database to detect the program, and other major antivirus vendors such as Symantec and McAfee have as well.

But many antivirus programs have other methods for detecting malicious software. Hypponen said F-Secure's software -- while not knowing exactly what Quellen-TKU was -- would have blocked it once it executed one a computer as far back as a year ago because the program meddled with low-level parts of a computer's operating system. Other security vendors may also have been capable of stopping it as well, he said.

Even if law enforcement had been recently using Quellen-TKU to monitor someone planning to do violence, Hypponen said the company decided to continue to detect it. F-Secure has a policy that it will not modify its products for law enforcement within respect of European Union laws.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Chaos Computer Clubsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?