Source:
WIREDAuthorities in the state of Bavaria admitted on Monday that a piece of spyware discovered on a citizen’s computer by the local Chaos Computer Club hacker group was designed for use by authorities to spy on suspects.
Under German law, authorities can use spyware to monitor criminals, but its use is supposed to be limited to the interception of internet telephony.
The so-called R2D2 keylogging Trojan CCC examined, however, does much more than this. In addition to monitoring Skype calls and recording keystrokes to monitor e-mail and instant messaging communications, the Trojan can take screenshots and activate a computer’s microphone and webcam to allow someone to remotely spy on activities in a room. Furthermore, the program includes a backdoor that would allow authorities to remotely update the program with additional functionality.
“The analysis concludes, that the trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court,” CCC wrote on its web site. “On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.”
Read more:
http://www.wired.com/threatlevel/2011/10/german-gov-spyware/