Big Brother is Watching, But He's Not That Clever

[Recusant]

Chaos Computer Club analyzes government malware

The largest European hacker club, "Chaos Computer Club" (CCC), has reverse engineered and analyzed a "lawful interception" malware program used by German police forces. It has been found in the wild and submitted to the CCC anonymously. The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.

. . .

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure.

Coming soon to a machine near you!

[Attila]

Chaos Computer Club analyzes government malware

The largest European hacker club, "Chaos Computer Club" (CCC), has reverse engineered and analyzed a "lawful interception" malware program used by German police forces. It has been found in the wild and submitted to the CCC anonymously. The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.

. . .

Coming soon to a machine near you!

Nope, not near me. Read my sig.  

[Asmodean]

Coming soon to a machine near you!

Let it! There is nothing on my network machine that is likely to be worth anything to anyone. No credit card numbers, addresses, personal identification numbers - not even porn or anything else even remotely interesting or useful except perhaps for a couple of pirated movies and a number of text files readily available through www.

Oh, and BTW, Linux is nowhere near hackerproof. If Big Brother wants to get into your network Linux, he is likely getting in. So... Heavy encryption is your friend more than any OpSys in that regard.

[Attila]

I'm not arguing. I'm curious. Are there any real examples out there? Also linux has excellent Norwegian support. (I meant to mention that before) but this is not proselytising. Feel free to ignore the ignorant ignostic. 
http://www.debian.org/index.nb.html

[Asmodean]

I'm not arguing. I'm curious. Are there any real examples out there?

Examples of what? Hacking Linux..? Or government hacking Linux..?

The first is not all that hard, so I would imagine a quick search on Google might even get you a few tips on how to do it yourself. As for the second, I do not know. Just saying that it is quite doable. UNIX-based systems can be infected with trojans and other nasty just like Windows can, even though the published amount of nasty is far less for UNIX... For as long as such systems do not dominate the marked anyways. If/when they do, you'll see far more generalised malware directed at them.

Going after a speific machine on the network though... Doesn't really matter what OS you run. A good hacker (pardon the term use) will usually get in and steal your porn for himself. (Well, not really, but he might be tempted to steal your identity if you just leave that lying around.)

EDIT: OH shit! No way. I am NOT getting myself an OS in Norwegian. Would take me years to get used to. English serves me fine for computing.

[Attila]

EDIT: OH shit! No way. I am NOT getting myself an OS in Norwegian. Would take me years to get used to. English serves me fine for computing.

Thanks for the info, Asmo. I only mentioned the Norwegian language because I had thought you mentioned it in a previous post. My bad. Apologies.

[Asmodean]

I only mentioned the Norwegian language because I had thought you mentioned it in a previous post. My bad. Apologies.

The last time I did, as I recall, was in that thread about sharia and Copenhagen... And then it was only to say that my lazy ass was too lazy to translate it 

[Attila]

I only mentioned the Norwegian language because I had thought you mentioned it in a previous post. My bad. Apologies.

The last time I did, as I recall, was in that thread about sharia and Copenhagen... And then it was only to say that my lazy ass was too lazy to translate it 

No it was a computer-related thread but I'll be damned if I remember which one. No matter, I'll be damned in any event. 

[Asmodean]

No it was a computer-related thread but I'll be damned if I remember which one. No matter, I'll be damned in any event. 

Oh..! No, that was about Microsoft Norway having been really good to me in terms of customer service. They offered it in Norwegian, naturally enough, but that was never a key point.

[Attila]

Oh..! No, that was about Microsoft Norway having been really good to me in terms of customer service. They offered it in Norwegian, naturally enough, but that was never a key point.

That sounds right, Asmo. Glad we cleared that up.