Possible Governmental Backdoor Found ("case R2D2") (opens in new tab)

(f-secure.com)

152 pointsFSecurePal14y ago28 comments

28 comments

21 comments · 6 top-level

spullara14y ago· 5 in thread

I'd be more worried if this was a backdoor in a popular program or operating system that was specified by the government and implemented by the original software author rather than more typical malware/trojan more akin to a wiretap. The former would be widespread and affect millions of users, while this appears to be a tool for use by law enforcement to carry out legitimate surveilance in criminal investigations. Presumably every modern government has such capabilities or they are really asleep at the switch.

lachenmayer14y ago

The main gripe the authors of the paper have is not that this trojan exists - there are indeed German laws that allow for such a trojan - but that it has been so insecurely implemented, and also collects information that cannot be identified as "communication" (which is a requirement for this German law).

Any data received from the command and control server is sent unencrypted and unchecked. Additionally, the trojan contains a "backdoor within a backdoor", which allows any code to be attached to the trojan and executed unchecked!

Moral issues of computer surveillance aside, this trojan is a shocking example of the German government's (if indeed this is a government effort) incompetence regarding the internet.

timrod14y ago

another gripe was the fact that the "backdoor within a backdoor" functionality (which AFAIK was ruled unlawful by German courts) is the only part of the trojan that tries to hide what it does.

joe_the_user14y ago

I would challenge the concept of the government carrying out "legitimate surveilance" through this dubious means.

The person surveiled has not been has not convicted of a crime yet the state has taken onto itself to install software that would leave the person open to further hacking by random individuals.

This is akin to the police not simply breaking into the house of a man they suspected of a crime but also them leaving his door a-jar after they left. See the Sony Rootkit.

ars14y ago

If they got a warrant first I'd be OK with it - as long as they were competent of course and didn't leave the person vulnerable.

It's no different from getting a warrant for a phone tap, or a copy or your US mail.

(Incidentally they don't need a warrant for a copy of the address on the front, called http://en.wikipedia.org/wiki/Mail_cover - so presumably they don't need a warrant to ask your ISP for a list of IP address, but I'd want a court to confirm that first.)

palish14y ago

It's a little naive to believe governments don't do this kind of thing (software surveillance), don't you think? Even if they "shouldn't".

1 more reply

buster14y ago· 4 in thread

That's really a big deal and just shows how governments treat their own laws and how important an open government is, in which such things can be verified and controlled!

ceejayoz14y ago

> That's really a big deal and just shows how governments treat their own laws...

Not really. My understanding is that German law permits trojans for surveillance.

buster14y ago

http://news.ycombinator.net/item?id=3090951

canistr14y ago

While an open government would be ideal, it won't change the fact that the CIA or any government organization will never admit to working on viruses.

buster14y ago

With an open government they wouldn't be able to do this in the dark.

Also, they don't need to admit it, it's not like nobody knows that this software exists.

2 more replies

specialist14y ago· 3 in thread

Digging down to the source material, the Strong Towns group does address Government Transfer Payments, explaining that all suburbs are subsidized. But they avoid offending anyone by pointing out that the suburbs were financed by the urban areas.

In my experience, suburban dwellers don't like learning that they're parasites.

WalterGR14y ago

You're looking for the "A Complete Guide To The Ponzi Scheme That Is Suburban America" submission. http://news.ycombinator.com/item?id=3090385

specialist14y ago

Haha. Oops! How'd that happen...?

bahman200014y ago

did we read completely different articles?

buster14y ago· 2 in thread

Germans interested in similar news should check Felix von Leitners blog, who brings up interesting articles almost every day: http://blog.fefe.de/

ugh14y ago

And crazy conspiracy theories!

buster14y ago

It's a personal blog and as such he adds his own notion to the text but it has always been worthwhile for me to check the source articles (which are almost always renowned news agencies). You should always read the sources and make up your own mind, but i found his blog to be very good at finding those sources.

1 more reply

sciolizer14y ago· 1 in thread

POE = Purity of Essence?

raphman14y ago

Poe was a protocol droid owned by Grand Duke Gror Pernon. He acted as the Rogue Squadrons diplomatic liaison to the people of Eiattu.[1]

[1] http://starwars.wikia.com/wiki/Poe

Hoff14y ago

j / k navigate · click thread line to collapse

28 comments

21 comments · 6 top-level

spullara14y ago· 5 in thread

lachenmayer14y ago

Moral issues of computer surveillance aside, this trojan is a shocking example of the German government's (if indeed this is a government effort) incompetence regarding the internet.

timrod14y ago

another gripe was the fact that the "backdoor within a backdoor" functionality (which AFAIK was ruled unlawful by German courts) is the only part of the trojan that tries to hide what it does.

joe_the_user14y ago

I would challenge the concept of the government carrying out "legitimate surveilance" through this dubious means.

The person surveiled has not been has not convicted of a crime yet the state has taken onto itself to install software that would leave the person open to further hacking by random individuals.

This is akin to the police not simply breaking into the house of a man they suspected of a crime but also them leaving his door a-jar after they left. See the Sony Rootkit.

ars14y ago

If they got a warrant first I'd be OK with it - as long as they were competent of course and didn't leave the person vulnerable.

It's no different from getting a warrant for a phone tap, or a copy or your US mail.

palish14y ago

It's a little naive to believe governments don't do this kind of thing (software surveillance), don't you think? Even if they "shouldn't".

1 more reply

buster14y ago· 4 in thread

That's really a big deal and just shows how governments treat their own laws and how important an open government is, in which such things can be verified and controlled!

ceejayoz14y ago

> That's really a big deal and just shows how governments treat their own laws...

Not really. My understanding is that German law permits trojans for surveillance.

buster14y ago

http://news.ycombinator.net/item?id=3090951

canistr14y ago

While an open government would be ideal, it won't change the fact that the CIA or any government organization will never admit to working on viruses.

buster14y ago

With an open government they wouldn't be able to do this in the dark.

Also, they don't need to admit it, it's not like nobody knows that this software exists.

2 more replies

specialist14y ago· 3 in thread

In my experience, suburban dwellers don't like learning that they're parasites.

WalterGR14y ago

You're looking for the "A Complete Guide To The Ponzi Scheme That Is Suburban America" submission. http://news.ycombinator.com/item?id=3090385

specialist14y ago

Haha. Oops! How'd that happen...?

bahman200014y ago

did we read completely different articles?

buster14y ago· 2 in thread

Germans interested in similar news should check Felix von Leitners blog, who brings up interesting articles almost every day: http://blog.fefe.de/

ugh14y ago

And crazy conspiracy theories!

buster14y ago

1 more reply

sciolizer14y ago· 1 in thread

POE = Purity of Essence?

raphman14y ago

Poe was a protocol droid owned by Grand Duke Gror Pernon. He acted as the Rogue Squadrons diplomatic liaison to the people of Eiattu.[1]

[1] http://starwars.wikia.com/wiki/Poe

Hoff14y ago

j / k navigate · click thread line to collapse