Tweet
Trojan Trouble
The Shady Past of Germany's Spyware
By Marcel Rosenbach, Holger Stark and Steffen Winter
DPA
Details continue to emerge about the potentially unconstitutional use of spyware by German investigators, including indications they used the controversial Trojan horse program on suspects some 50 times. The future of online surveillance is now in question, and court appeals could also follow.
[B]Among friends, Dimitry A. was known as "the Diminator." He was riding a wave of success. Whether it was money, friends or muscles, everything in his life seemed to be moving in one direction -- they were all growing.
At first, the 110-kilogram (243-pound) German of Russian descent was a champion junior bodybuilder. But then he got involved in the anabolic-steroid business. Using "Hushmail," a supposedly secure e-mail service provider, he wrote to his Chinese suppliers at their telling email address: anabolicsteroid@hotmail.com. The Diminator also communicated with his own clients via "SAFe-Mail," another encrypted email service. On January 21, 2010, Dimitry's use of these services led a Nuremberg court to approve the use of computer surveillance "in the context of remote control." Federal prosecutors had asked for permission to employ a Trojan horse and, by way of precaution, they noted that issues surrounding the legality of using such software were "not yet viewed in a uniform way at the national level."[/B]Investigators then smuggled the software onto the Diminator's hard drive, presumably via an e-mail attachment. They read e-mails he had sent in encrypted form, they recorded his telephone conversations via Skype and they took "application shots" that allowed them to monitor what the weight lifter was doing on his computer in real time.
After 13 days, investigators had enough evidence to arrest Dimitry A., who had apparently not anticipated that his pursuers would possess such technical finesse.
In Violation of High Court Ruling?
The Nuremberg case is fuelling a debate that has been raging in Germany in recent weeks about the fundamental rights of citizens in a constitutional state. The debate centers around two main questions: First, which technologies are German law-enforcement officials allowed to employ while investigating suspected criminals? And, second, in using such technologies, are they undermining the guidelines set in place by a February 2008 ruling by the Federal Constitutional Court, Germany's highest court, which placed narrow limits on the permissible use of programs known as Trojan horses?
The debate was triggered by an analysis conducted by the Chaos Computer Club (CCC), a famous hacker organization that dissected a spyware program known as a Trojan horse used by Bavarian law-enforcement officials. The group's recently published analysis not only found that the software was full of technical defects; it also said that it was in possible violation of German law. Since the report's release, there has been growing outrage at the apparently unconstitutional use of the surveillance software.
Officials allegedly use the Trojan horses only when they have run out of other options. They are only allowed to use them when suspected criminals engage in clandestine communication, whether by using scrambled chat software, telephoning via Skype or employing encrypted e-mail services. The spyware parks itself on the target individual's computer, from where it relays information to the investigators' server. For this reason, the method has been dubbed "source telecommunication surveillance."
In its precedent-setting 2008 ruling, the Federal Constitutional Court declared that the "integrity in information-technology systems" -- that is, of computers -- was a "fundamental right" comparable to the inviolability of the home, and that encroachments would first require a court order.
Spyware Use Suspended
Indeed, courts have approved requests from officials to employ such Trojan horse programs well over 50 times. The Federal Criminal Police Office (BKA) has smuggled the spyware onto the hard drives of suspected criminals 20 times, the Federal Office for the Protection of the Constitution, the country's domestic intelligence agency, has done so four times, and the federal police have done so once.
The Shady Past of Germany's Spyware
By Marcel Rosenbach, Holger Stark and Steffen Winter
DPA
Details continue to emerge about the potentially unconstitutional use of spyware by German investigators, including indications they used the controversial Trojan horse program on suspects some 50 times. The future of online surveillance is now in question, and court appeals could also follow.
[B]Among friends, Dimitry A. was known as "the Diminator." He was riding a wave of success. Whether it was money, friends or muscles, everything in his life seemed to be moving in one direction -- they were all growing.
At first, the 110-kilogram (243-pound) German of Russian descent was a champion junior bodybuilder. But then he got involved in the anabolic-steroid business. Using "Hushmail," a supposedly secure e-mail service provider, he wrote to his Chinese suppliers at their telling email address: anabolicsteroid@hotmail.com. The Diminator also communicated with his own clients via "SAFe-Mail," another encrypted email service. On January 21, 2010, Dimitry's use of these services led a Nuremberg court to approve the use of computer surveillance "in the context of remote control." Federal prosecutors had asked for permission to employ a Trojan horse and, by way of precaution, they noted that issues surrounding the legality of using such software were "not yet viewed in a uniform way at the national level."[/B]Investigators then smuggled the software onto the Diminator's hard drive, presumably via an e-mail attachment. They read e-mails he had sent in encrypted form, they recorded his telephone conversations via Skype and they took "application shots" that allowed them to monitor what the weight lifter was doing on his computer in real time.
After 13 days, investigators had enough evidence to arrest Dimitry A., who had apparently not anticipated that his pursuers would possess such technical finesse.
In Violation of High Court Ruling?
The Nuremberg case is fuelling a debate that has been raging in Germany in recent weeks about the fundamental rights of citizens in a constitutional state. The debate centers around two main questions: First, which technologies are German law-enforcement officials allowed to employ while investigating suspected criminals? And, second, in using such technologies, are they undermining the guidelines set in place by a February 2008 ruling by the Federal Constitutional Court, Germany's highest court, which placed narrow limits on the permissible use of programs known as Trojan horses?
The debate was triggered by an analysis conducted by the Chaos Computer Club (CCC), a famous hacker organization that dissected a spyware program known as a Trojan horse used by Bavarian law-enforcement officials. The group's recently published analysis not only found that the software was full of technical defects; it also said that it was in possible violation of German law. Since the report's release, there has been growing outrage at the apparently unconstitutional use of the surveillance software.
Officials allegedly use the Trojan horses only when they have run out of other options. They are only allowed to use them when suspected criminals engage in clandestine communication, whether by using scrambled chat software, telephoning via Skype or employing encrypted e-mail services. The spyware parks itself on the target individual's computer, from where it relays information to the investigators' server. For this reason, the method has been dubbed "source telecommunication surveillance."
In its precedent-setting 2008 ruling, the Federal Constitutional Court declared that the "integrity in information-technology systems" -- that is, of computers -- was a "fundamental right" comparable to the inviolability of the home, and that encroachments would first require a court order.
Spyware Use Suspended
Indeed, courts have approved requests from officials to employ such Trojan horse programs well over 50 times. The Federal Criminal Police Office (BKA) has smuggled the spyware onto the hard drives of suspected criminals 20 times, the Federal Office for the Protection of the Constitution, the country's domestic intelligence agency, has done so four times, and the federal police have done so once.
Comment