, , , , , , , , ,

It seems the German government was responsible for the Trojan I posted about a few days ago. Not only does it resemble DigiTask’s ‘Remote Forensic Software’ provided to that government, which was exposed back in 2008, the local authorities have admitted to installing it on more than one occasion. F-Secure had also discovered the installation file (scuinst.exe) which was developed by DigiTask, alongside the malware.

A presentation file was recently posted to cryptome.org, in which DigiTask identified a problem – that people are (rightfully) improving the security of their computers. The ‘solution’, according to DigiTask, was to install a Trojan on peoples’ computers without their knowledge or consent. It’s an act that was unethical, unprofessional and criminal. For all intents and purposes, the ‘Remote Forensic’ tool is essentially Trojan malware, and is identified as such by common anti-virus systems.

This malware would do far more harm than good in a couple of ways. It means criminals being acquitted because the digital evidence against them, however horrific, bizarre or compelling, was invalidated by the very presence of DigiTask’s malware, which exchanges data with common web hosting proxies just like any other Trojan. And nobody in the German government appears to have considered that, or how it conflicts with accepted digital forensics practice. As a CCC hacker quoted: “The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,”. It means other criminals finding and manipulating the Trojan, as the Chaos Computer Club demonstrated was entirely possible.