Techdirt. Stories filed under "trojan"

Techdirt. Stories filed under "trojan" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "trojan"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Wed, 27 Jun 2012 00:31:00 PDT Trojan Author Includes Integrated Chat, Challenges Security Researchers Digging Through His Code Mike Masnick http://www.techdirt.com/articles/20120622/01175719425/trojan-author-includes-integrated-chat-challenges-security-researchers-digging-through-his-code.shtml http://www.techdirt.com/articles/20120622/01175719425/trojan-author-includes-integrated-chat-challenges-security-researchers-digging-through-his-code.shtml Boing Boing, of some malware (a password stealing trojan targeting Diablo III players) that included some sort of integrated chat function, which the researchers at AVG only noticed when the hacker reached out to them while they were searching through his code. Imagine their surprise when up popped a dialog box asking them what they were doing: Hacker: What are you doing? Why are you researching my Trojan?

Hacker: What do you want from it?

The AVG folks continued to chat with the guy for a little while, which is how they realized just how powerful the trojan was and how much it could do. The guy controlling it demonstrated this to them by remotely shutting down their machine after talking to them for a little while.

Permalink | Comments | Email This Story
]]> paying-attention http://www.techdirt.com/comment_rss.php?sid=20120622/01175719425 Mon, 10 Oct 2011 16:13:43 PDT Hackers Claim That German Officials Have A Backdoor Trojan For Spying On Skype... Which Is A Huge Security Risk Mike Masnick http://www.techdirt.com/articles/20111010/14002616290/hackers-claim-that-german-officials-have-backdoor-trojan-spying-skype-which-is-huge-security-risk.shtml http://www.techdirt.com/articles/20111010/14002616290/hackers-claim-that-german-officials-have-backdoor-trojan-spying-skype-which-is-huge-security-risk.shtml demanded backdoors. In the US, the FBI has been pushing hard for such backdoors. There have been some reports of applications that allow for wiretapping Skype, despite its supposed encryption, but not much in the way of details. Now the famed Chaos Computer Club (CCC) is claiming to have reverse engineered the "lawful interception" trojan being used by German law enforcement.

They got the program after a lawyer whose client was under investigation gave the CCC his client's hard drive, where the group found the code. As frequently happens with these kinds of things, the CCC found that the trojan actually introduces myriad security problems as well:

The analysis concludes, that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC – owing to the poor craftsmanship that went into this trojan – is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question.

[....]

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", commented a speaker of the CCC. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'".

Even without the fact that more capabilities can be added, the existing software is pretty powerful. It apparently can remotely control the computers that it's on, take screenshots of what's happening on the computer, including emails and personal messages. And yet, time and time again law enforcement asks us to "trust" them when they want the power to secretly install this kind of crap on people's computers?

Permalink | Comments | Email This Story
]]> breaking-the-internet http://www.techdirt.com/comment_rss.php?sid=20111010/14002616290