Friday, October 14, 2011

Germany Sought Info About FBI Spy Tool in 2007

Wired - Two years before the Bavarian state in Germany began using a controversial spy tool to gather evidence from suspect computers, German authorities approached the Federal Bureau of Investigation to discuss a similar tool the U.S. law enforcement agency was using.

The information is interesting in light of recent questions raised about the legality and security of spyware that German authorities have been using to gather evidence from criminal suspects.
Bavarian authorities reportedly began using their spyware in 2009. It’s not known if that spyware is based on the FBI’s, but in July 2007, German authorities contacted the FBI seeking information about its tool.

The request came just days after Threat Level first reported that the FBI had used its so-called “computer and internet protocol address verifier,” or CIPAV, tool to track bomb threats that a 15-year-old student had e-mailed to a Washington state high school. It was the first time the FBI’s use of an internet spy tool was publicly disclosed in connection to a specific case.

The FBI’s assistant legal attache in Frankfurt, Germany, sent an email to Bureau colleagues(.pdf) on July 24, 2007, writing, “I am embarrassed to be approaching you again with a request from the Germans . . . but they now have asked us about CIPAV (Computer Internet Protocol Address Verifier) software, allegedly used by the Bu[reau].”

The email was among a trove of documents that the Electronic Frontier Foundation received this year in response to a 2007 Freedom of Information Act the organization filed to request more information about CIPAV. There are no e-mails in the documents to indicate how the FBI responded to the German government’s request.

Under German law, authorities can use spyware to monitor criminals, but its use is supposed to be limited to the interception of internet telephony and to serious criminal cases.

Members of the Berlin-based Chaos Computer Club, however, examined the so-called R2D2 keylogging Trojan after getting hold of a copy of it, and discovered that it was doing much more than it was legally supposed to do. In addition to monitoring Skype calls and recording keystrokes to capture e-mail and instant messaging communications, the Trojan had the ability to take screenshots and activate a computer’s microphone and webcam to allow someone to remotely spy on activities in a room. Furthermore, the program includes a backdoor that would allow authorities to remotely update the program with additional functionality.               More