2011-10-10 Trojan analyzed by the CCC was deployed by Bavarian authorities [Update 3]

According to Spiegel, the Bavarian minister of interior affairs Joachim Herrmann (CSU) has now confirmed that software recently analyzed by the Chaos Computer Club indeed originated from the police in the Southern German state. He was, however unable to confirm whether this exact model had been used. A spokesperson for Bavarian state police confirmed that online surveillance software had been used, but added that all potentially illegal system components had been removed beforehand. She was, however, unable to confirm that the exact specimen obtained by the CCC was used by her agency.

A lawyer acting for Digitask, a small company based in rural Hesse, stated that the software had "most likely" been produced by his client. He also added that the company had been in negotiations with Bavaria since 2007.

On its website, the company confirms to work for the authorities:

"Wir sind ein führendes Unternehmen für die systemintegrierte Realisierung von Datenerhebungs- und Bewertungssystemen im Bereich der Telekommunikation. Firmen und Sicherheitsbehörden aus dem In- und Ausland zählen zu unseren Kunden."

"We are a leading company for system integrated realization of data collection and (data) assessment in the field of telecommunications. Companies and security agencies, on a national and international level, are amongst our customers."

German federal police stated that they did not use this software, adding that the software was freely available on an international basis. Most state police agencies declined to comment; North Rhine Westphalia said they did not use this software; Lower Saxony stated they used a different type of software twice; Rhineland Palatinate said they used surveillance software in one instance, which had been supplied by another agency.

These new developments once again support the assumption that documents published by the Pirate Party in 2008 are in fact genuine. They contain an offer for surveillance software, along with a directive that the costs for this software (as supplied by Digitask) should be covered by the police, rather than the prosecutors.

Shortly after these documents appeared on the internet, the home of the spokesperson of the Pirate Party was raided, which, according to the Bavarian branch of the party, confirmed the authenticity of these documents.

UPDATE:

Fefe reports that a number of government agencies purchased Digitask products. He also hints at an old corruption case involving Digitask associate Reuter Electronic (the CEO of this company was sentenced to 21 months suspended sentence, and was fined 1,5 million Euro). Both companies are based in the same small town.

According to its company website, Reuter Electronic specializes in "Schweißtechnik, Regeltechnik, Sicherheitstechnik, Telekommunikation" - "welding, control technology, security technology and telecommunications".

UPDATE 2:

Wikileaks published a translation of the document obtained by the Pirate Party. See also this link.

UPDATE 3:

According to a lawyer acting for the person on whose computer the trojan was discovered, the software was placed there by Bavarian customs officials during a search at Munich airport.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer