A Trojan used by several German states to monitor Internet phone calls contains functionalities beyond the legal interception, stirring massive public concerns over the country's Internet surveillance.
A software dubbed Bundestrojaner ("federal Trojan") violates the country’s constitutional law and seriously infringes on citizens' privacy, said a hacker organization and anti-malware experts.
The software that is supposed to be a "lawful interception" program designed to monitor Internet-based phone calls as part of a legal wiretap goes far beyond the legal bounds, according to the Chaos Computer Club, a Germany-based hacker group.
"We got our hands on it and found it is doing much more than it is legally allowed to do," said Frank Rieger, a member of the club.
Germany allowed the use of the backdoor program Bundestrojan, which permits government investigators to listen in on Skype-based phone calls. Since 2008, Bundestrojan has been ruled legal by Germany's Federal Constitutional Court as long as it screened only very specific communications -- Internet telephone calls.
But the hacker club found the software, developed by a private company called DigiTask for the Bavarian police and several other states, was capable of logging keystrokes, activating cameras, monitoring Internet users' activities and sending data to government officials.
"To avoid revealing the location of the command and control server, all data are redirected through a rented dedicated server in a data center in the U.S.," the club said on its website.
The Chaos Computer Club provided samples to F-Secure, an Internet security company in Helsinki, which also found the software had capabilities to intercept data entered into applications such as the web browser Firefox, the instant messaging programs MSN and ICQ.
Another renowned antivirus vendor, Kaspersky Lab, also said the program has the capability of monitoring traffic from 15 Internet programs after the security company analyzed the software's all five components.
"Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows," said Tillmann Werner, a security researcher with Kaspersky in Germany.
"Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total."
The list of targeted applications includes major browsers, including Internet Explorer, Firefox and Opera, as well programs with VoIP and data encryption functionality, including ICQ, MSN Messenger, Yahoo Messenger, Skype, Low-Rate VoIP, CounterPath X-Lite and Paltalk.