Vulnerabilities Found in German ‘Spying’ Trojan

A German hacker group called ‘Chaos Computer Club’ or CCC for short, recently found a vulnerability in a program that is used by German authorities to lawfully spy on computer activity of suspected criminals.

The program used was developed to spy on IM activity, monitor VOIP activity, take screenshots, and log keystrokes. While working for a client, the CCC found that traffic between the infected computer and the control software on authorities computers was unencrypted. The group therefore makes the conclusion that it would be possible for a hacker with mediocre skills could control the infected computer and upload fake data to the German authorities. Its also believed that the law enforcement’s IT infrastructure could be compromised through the control software.

What do you guys think? Should law enforcement agencies be allowed to lawfully install software on suspected criminals computers? It is my belief that they should be able to, however it also makes them also responsible for any back doors that may be opened. It seems like the software was just poorly written. I’m not sure if law enforcement in the States goes to the extreme of installing trojan software on suspected criminals computers. I would suspect that its done in the same manor but it is my hope that the traffic between the suspects computer and the law enforcements computers are encrypted and in general better implemented. Thoughts?

Original article found here:;title