Home » Topics » Cybersecurity » German minister calls for Internet snooping probe

German minister calls for Internet snooping probe

Avatar photoby Ben Rossi

Germany’s Minister for Justice has called for an investigation into Internet surveillance by the country’s state governments, after a tool used for legitimate surveillance has been found to open the door for a greater degree of snooping than is legally permitted.

Last week, hacking group the Chaos Computer Club (CCC) claimed that a "lawful interception" program used by the German police to tap VoIP calls could be used to install and execute code on a target device remotely.

The group concluded that "the Trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping Internet telephony, as set forth by the constitution court".

Independent security firms said that that there was no reason to doubt CCC’s findings, with Mikko Hypponen of F-Secure saying that CCC has a long history of trustworthy research.

The topic of state surveillance is of particular sensitivty in Germany, and the CCC’s announcement has brought the interception of Internet communications into the public eye. So far the states of Bavaria, Baden-Wurttemberg, Brandenburg and Lower Saxony have admitted to using some form of spyware, although they may not have all used the same program.

Justice minister Sabine Leutheusser-Schnarrenberger told German newspaper Deutsche Welle that "trying to play down or trivialise the matter won’t do. The citizen, in both the public and private spheres, must be protected from snooping through strict state control mechanisms".

In 2008, transparency group WikiLeaks published documents revealing that the Bavarian goverment was trying to find a way to eavesdrop on calls made through VoIP service Skype. Messages were exchanged between the Bavarian bureau of investigation to Düsseldorf-based software maker DigiTask.

According to Graham Cluley, chief researcher at security company Sophos, the details of the system discussed in that exchange match those of the system described by CCC. "It is possible that DigiTask did not write the malware – but the functionality does match," Cluley said.

In July this year, a Microsoft patient for "legal intercept" was made public, just months after the company bought Skype, the popular VOIP software.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise