Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×

Swiss to Use Spyware to Listen to VoIP 188

An anonymous reader writes "Heise Security is reporting that the Swiss Department of the Environment, Transport, Energy and Communications is entertaining the idea of utilizing the 'Superintendant Trojan', a spyware program designed to allow eavesdropping on VoIP conversations. According to ERA IT Solutions, the creator of the software, it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."
This discussion has been archived. No new comments can be posted.

Swiss to Use Spyware to Listen to VoIP

Comments Filter:
  • 4 words: (Score:3, Insightful)

    by creepynut ( 933825 ) <(teddy(slashdot)) (at) (teddybrown.ca)> on Monday October 09, 2006 @08:42PM (#16373219) Homepage
    Create it and they will get it.
  • yea right (Score:5, Insightful)

    by grapeape ( 137008 ) <mpope7@kBOHRc.rr.com minus physicist> on Monday October 09, 2006 @08:45PM (#16373255) Homepage
    If the trojan can be installed it can be sniffed out and discovered. I give it at tops a week of deployment before someone figures out what it is how it works and backwards engineers it into instant maymem for all the black hats.
    • Re:yea right (Score:5, Insightful)

      by whoever57 ( 658626 ) on Monday October 09, 2006 @08:51PM (#16373313) Journal
      If the trojan can be installed it can be sniffed out and discovered.
      Which then raises the interesting question: how will anti-spyware vendors (including MS) respond to this? There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement, which would be illegal in many jurisdictions.
      • Re:yea right (Score:5, Insightful)

        by Coldmoon ( 1010039 ) <mwsweden&yahoo,com> on Monday October 09, 2006 @09:27PM (#16373575)
        "There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement..."

        Actually it will turn out to be the exact opposite. Once the program is in the wild and the black hats get their hands on it, both the AV and AS vendors will have no other choice than to add it to their detections.

        Regardless of whether the detection is for the original Trojan or not, any subsequent black hat variations found would be added and the original would in all likelihood be flagged due to the particular (add your own term here) scanning technology.
        • > Hindering law enforcement...

          Just because it's allegedly for "Law Enforcement" doesn't change the fundamental principle.

          No third party is going to run anything on my PCs without me giving my express permission - which will consist of me deliberately choosing to install and run that software.

          Any anti virus/spyware vendor that doesn't detect and remove this scumware are incompetent.

          Still, as usual, if you don't use Windows there's probably nothing to worry about.
          • There's this thing called a "court order" you see. Sometimes its referred to as a "search warrant." Its scope can also apply to people's computers. So no, despite all your righteous indignation, your computer CAN be altered without your permission and even without your knowledge at the time it is altered.

            • Just because it's legal, doesn't make it right.

              • On the whole you are correct but there are exceptions. For instance, the sentiments of a geek regarding the "security" of his own computer systems pales in comparison to society's interests in solving crimes. You won't die and the government isn't going to put the contents of your boring hard drive on the 11 o'clock news so in cases like this your complaints will fall on many many deaf ears (and I'm not just counting the ears that are totally computer illiterate and thus won't care because they don't unders
                • You won't die and the government isn't going to put the contents of your boring hard drive on the 11 o'clock news

                  It has happened in the past, and will continue to happen in the future. A little fear goes a long way, it keeps the sheep in line.

      • Re: (Score:3, Interesting)

        by rolfwind ( 528248 )
        Um, if you are free/opensource hacker in the US, you don't have to care about the laws/law_enforcement in Switzerland, generally. You can circumvent this all you want.

        Now, if you were a corporation, there may be additional considerations, but only if you have a branch of your business operating there.
        • Re: (Score:3, Insightful)

          You know it's only a matter of time before one or more of the NSA, FBI, CIA, TSA, etc deploy their own version, and there'll be encryption involved somewhere so that defeating it will be a DMCA violation and/or an act of terrorism...

          Come to think of it, wouldn't it also be a DMCA violation if the government agency's version circumvented any VOIP encryption to eavesdrop?? Not that it really matters, because Bush will pencil-in a clause that makes it OK for his buddies to rape the DMCA all they like...

          Hmmm..

          • Anyone tried running a VOIP product in VMWare??


            No, but sound support is rather bad under VMWare. On every machine I've tried it's very choppy.
            • Even worse under Microsoft Virtual Server/Virtual PC, it emulates a Soundblaster 16 ISA card. Since Vista has no ISA support all I get while testing is the nasty system beep.

              Jonah HEX
          • Come to think of it, wouldn't it also be a DMCA violation if the government agency's version circumvented any VOIP encryption to eavesdrop?

            Not really, because the DMCA is about criminalizing circunvention of measures taken to protect copyright, not just circunvention of any kind of encryption.

      • Active outbound control firewalls like zone alarm already interfere with US (and I'm sure other jurisdictions) use of key loggers that publish to the net. I'm pretty sure they haven't caught any heat about that. In fact it was a US LEO that encouraged me to start using that kind of technology. Requiring anti-malware technology to skip over it would essentially be akin to law enforcement requiring back doors be put in their software, something I'm pretty sure wouldn't fly.
      • There's a category of "investigative" software marketed to suspicious spouses and the like that includes keystroke logging features. The antivirus/antispyware industry is split on how to handle them. In general, the less commercial an AS/AV product is, the more likely it is to detect a commercial spy package.
      • I suspect that plenty of spy agencies and police are using this approach, the Swiss are simply one of the few to acknowledge it.

        Also, it doesn't really have to be "malware", in that it tries to install itself after the fact, these people can simply do on-the-wire replacement of software updates with software updates that have been modified specifically for their purposes (getting around signing is work, but feasible). Unfortunately, Linux is as susceptible to that as Windows and MacOS.
      • by suv4x4 ( 956391 )
        There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement, which would be illegal in many jurisdictions.

        You could've said that for Sony's DRM too (DMCA law), but still antivirus companies reacted appropriately.

        I guess we need 20-30 more years until politicians who have a clue what the net is, come to power.
      • by iamacat ( 583406 )
        since detecting it could be considered as hindering law enforcement

        Didn't put much of a dent on Radio Shark radar detector sales.
      • It ain't my government using it. So my government won't prosecute me for finding this trojan. Actually, my guess would be that they don't really enjoy the idea that the Swiss might be tapping their conversations...

        Trojans rarely care what computers they're installed on. They don't discriminate between good and bad people.
    • Re:yea right (Score:5, Informative)

      by isometrick ( 817436 ) on Monday October 09, 2006 @10:05PM (#16373795)
      The omg-leak-to-blackhat bit isn't a big deal. Any blackhat worth his weight in RAM chips could cobble something together to record incoming/outgoing RTP traffic on a local network interface (in the case of SIP/RTP VoIP, and similar in IAX, H.323 and other protocols). It's just a few header fields and then pure Mu-law or A-law audio in most cases and other publicly available codecs in other cases.

      It'd probably be more work to reverse engineer this trojan as opposed to writing something to do it yourself. It definitely would be for me. And from some experience with other 'law enforcement'-type programs, it's probably shit anyway.

      The worrisome bit is utilizing trojans for law enforcement, even with some kind of judicial review (scoff).

      It will also only be really useful when Joe User starts using VoIP, because it'd be much harder to get your average power user to install something infected with the trojan.

      And end-to-end encryption renders it completely useless anyway, unless it actually reads pre-encrypted stuff from memory. Hopefully VoIP providers will get off their collective asses and get SRTP et al. working.

      Just my $0.02.
      • by mattr ( 78516 ) <`moc.ydobelet' `ta' `rttam'> on Monday October 09, 2006 @11:01PM (#16374119) Homepage Journal
        hacker: 100kg
        sd card: US$124 / 2 grams ($61/g)

        hacker's weight in ram chips: $610,000
      • by dodobh ( 65811 )
        Screw SRTP. IPv6 with mandatory crypto (AH and ESP) FTW.
      • Re: (Score:2, Informative)

        by kensan ( 682362 )

        And end-to-end encryption renders it completely useless anyway, unless it actually reads pre-encrypted stuff from memory.

        I read the original newspaper article and it contains some more information. Apparently the software is accessing the microphone directly, so encryption will not help. On top of that, the software will be able to record audio by turning on the Mic even if there is no VoIP-Software running, etc.

        The newspaper article also said that it was theoretically possible to do the same with Webca

  • OMG... (Score:4, Funny)

    by Pharmboy ( 216950 ) on Monday October 09, 2006 @08:45PM (#16373261) Journal
    I can't believe I just read that. They think they can use it and it won't get in the wild? This sounds as smart as the judge in the Spamhaus case, as in, totally clueless about "that there interweb spying softywear".
  • by Sensae ( 961755 )
    If that isn't a destruction of your privacy, I don't know what is. Although it'll probably be flagged by scanning software soon.
    • by JustNiz ( 692889 )
      ...or not...

      Probably the respective governments will tell all the scanning software companies to make a point of not identifying it. That is, if the virus doesn't already modify the scanning software directly.
  • by El Cubano ( 631386 ) on Monday October 09, 2006 @08:46PM (#16373271)

    ...it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers...

    Do they really think so?

    I mean, that completely ignores human nature. Come on.

    • radar detectors
    • traffic light remotes (the new ones that only emergency vehicles are supposed to have)
    • guns in countries where guns are illegal
    • police-band radios

    All these things have one thing in common: they are not supposed to be accessible to the general public (or at least initially were not supposed to be) and yet they are. Legality does not stop criminals.

    • Re: (Score:3, Informative)

      by wordsnyc ( 956034 )
      Actually, police-band radios have always been legal in the US (not in the UK, though). But with the rise of digital encrypted radio systems, those days may be fading fast, as it's a federal crime to even try to decrypt the transmissions.
      • Re: (Score:3, Informative)

        by roseblood ( 631824 )
        In the USA the FCC gives permission to specific persons or agencies to operate radios on specific frequencies. The frequencies vary depending on the availibity of spectrum and the needs of the agency. A metro agency with many sky-rises will have diffrent needs from those of a rural agency in the plains states. Thus some agencies use relatively low frequencies, some in the 400mhz bands (mostly because most of the radio gear available on the market works here), others in the 800mhz bands(because the remainder
        • Re: (Score:2, Insightful)

          by wordsnyc ( 956034 )
          Scanners that can track trunked digital systems are freely available in the US -- Uniden makes several. But once the digital signal is encrypted, it's illegal to decode it. The FBI and Secret Service use encrypted digital systems.
      • by jridley ( 9305 )
        It is not legal to have a police-band receiver in a car. No problem in a house.
        I'm not sure if this is a federal or state reg, but if state it's in a lot of states.
    • Re: (Score:3, Insightful)

      by jimicus ( 737525 )
      Legality does not stop criminals.

      No kidding. If it did, they wouldn't be criminals.

      (As an aside, I wrote to my MP pointing this one out a couple of years ago when they proposed making forging an ID card illegal (it already is anyway). The letter I received back said, in a nutshell, "We know criminals don't obey the law. We're trying to find a solution to that one and anyone who has any ideas is welcome to write to us".)
    • >Legality does not stop criminals.

      What if it did ?
      Would they still be criminals ?
  • I write all my secrets onto yellow stickies... Then make the person that reads it shred and eat...
  • Bad Idea.

    If there's a backdoor, crackers will find it and they will exploit it.
    Stop the idiotic Police/Spyware.
    • by sjs132 (631745) on Monday October 09, @09:47PM (#16373281)
      I write all my secrets onto yellow stickies... Then make the person that reads it shred and eat...

      by cybercobra (856248) on Monday October 09, @09:47PM (#16373285)
      Bad Idea.
      If there's a backdoor, crackers will find it and they will exploit it.
  • by Weaselmancer ( 533834 ) on Monday October 09, 2006 @08:48PM (#16373295)

    Two things stand out right away. Point one:

    the 'Superintendant Trojan', a spyware program designed to allow eavesdropping on VoIP conversations

    Ok, so it's spyware. It sneaks onto a system and installs itself. Gotcha. That moves us to point two:

    it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers

    Ok. Got it. So to sum up, what they're saying is that they don't want anyone to get it, but they need to install it on a target's system in order for it to work. And a target would be someone the law was interested in who was computer literate. Like, say....hackers, for instance.

    I love things that are broken by design.

    • With one-time pads, quantum computing, and the absolute encryption secrecy it offers, I think we're just going to have to live with the fact that criminals can be secure from electronic eavesdropping, for as long as the general public is allowed access to computers.
  • by iOsiris ( 944032 ) on Monday October 09, 2006 @08:48PM (#16373297)
    I wonder how they plan to install these things onto the target computers?
    • The Victim (Score:4, Insightful)

      by NevDull ( 170554 ) on Monday October 09, 2006 @09:10PM (#16373457) Homepage Journal
      Well, the thing about Trojans, is that the victim installs them.

      This article is complete and utter bullshit.

      "VoIP" is not a single computing platform or implementation.
    • by SeaFox ( 739806 )
      I wonder how they plan to install these things onto the target computers?
      Computers? I thought it would be like in Star Trek II where the bug would come over the phone line and crawl into you ear like poor Chekov.
    • I wonder how they plan to install these things onto the target computers?

      I saw an article yesterday that said ISPs are supposed to distribute the trojan to their customers under surveillance; no details on how this should work. Are they supposed to spoof windowsupdate.com and disguise it as a patch or what?!

      And yes, no I didn't RTFA.

  • by RM6f9 ( 825298 ) *
    Installwatch + a firewall with a solid logging facility might not present *problems* for this software, but should provide enough info to entertain folks for a while...
  • Me with my TA behind my router I think I have less to worry about.
    • Me with my TA behind my router I think I have less to worry about.

      Me with my terminal adapter which happens to be integrated with my router,
      I think I have plenty to worry about. Who says its firmware is not rigged?
      Who says they can't upload a patch to it or otherwise tamper with it??

      On the other hand, why do these shitheads need to tamper with someones
      machine if they can just pick off the conversation directly from the wires
      at the provider (unless they're using encryption)??!
  • There are dozens of commercial keyloggers and remote admin type apps out there. "Firewalls do not present a problem" to any of these, nor most of the other tools. I'm assuming here that they mean incoming firewalls, not restrictive bidirectional firewalls which block unknown outbound connections. The fact that this makes use of webcams and microphones is nothing new, Back Orifice did this a decade or so ago. None of the antispyware or antivirus vendors mark the commercial tools as malicious, because the
  • Thankfully... (Score:2, Interesting)

    by krray ( 605395 ) *
    Thankfully I have nothing to hide. But if I did:
    Thankfully my main GUI is a Mac. I wonder how LittleSnitch would handle a .EXE?
    Thankfully my networks are Linux and BSD based. They don't like .DLL's.
    Thankfully my VoIP is handled by a Sipure non-PC based box. It doesn't allow / nor has needed updates.
    Thankfully the one place I do use Windows for now (work) will be replaced with a Mac in short time.

    I do have to wonder if and how heuristic type scans and/or zonealarm tweaked all the way up would react to this t
    • Re: (Score:3, Funny)

      by icebike ( 68054 ) *
      Thankfully your packets do not travel on any public network...

      Oh, wait a minute...
  • According to ERA IT Solutions, the creator of the software, it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."


    HAHAHAHAHA!!!!!

    ROTFLMAO

    Thank you, that is all. Great plan, thumbs up to the Swiss!
  • by Mr_Tulip ( 639140 ) on Monday October 09, 2006 @10:06PM (#16373799) Homepage
    The only possible means by which a trojan can get around anti-virus tools, operating systems and firewalls is if the tools themselves have been modified to allow this trojan to work.

    I suspect that the software vendors / designers of these tools will be contacted, asked to participate and sign a ND agreement.

    All people running software by these vendors will then be susceptible to attacks from this trojan - a trojan which will undoubtedly be in the hands of black hat hackers by then.

    Additionally, if this sort of thing becomes common practice, it will result in anti-virus software becoming practically useless, as the virus writers will take advantage of these 'back doors' to create new malware that can mimick the behaviour of the trojans.
    • by jimicus ( 737525 )
      Actually, the only way things get stopped by anti-virus is if the AV has been modified to detect them. Essentially, most AV packages act as a glorified binary grep, searching for suspicious strings and flagging up any files that contain them. If the AV vedonr doesn't add this to their database, it won't be found.

      As regards firewalls - it's a bit curious to announce that it isn't stopped by any type of firewall unless it does something really obscure like take advantage of bugs in IE or Outlook to install
      • You're right, although I was thinking more of the scenario where 'harmful' viruses start using the same algorithms and signatures that ought to be ignored by AV software since they are part of this VOIP monitoring application. The AV vendors will be in a bind, since they will have to balance out finding 'harmful' viruses and ignoring the government sponsored stuff.

        As far as the 'black box' solution, it is indeed far more likely. I'd be surprised if this kind of network monitoring/logging technology isn't al
  • I wish someone would restart PGP Fone [mit.edu].
    • Me, too. Now that the RSA patents have expired, it shouldn't be as awkward to publish. Hosting the signatures is still a difficulty: an automoted key retrieval utility is vulnerable to fake keys being published and used for a man-in-the-middle monitor, much as Skype connections can be chained end-to-end by Skype and the audio traffic monitored in the middle, with Skype's cooperation.
    • I wish someone would restart PGP Fone.

      Encrypting the link is good against taps outside the machine.

      It doesn't help if the signals are tapped INSIDE the machine, on the unencrypted side of the process (like at the sound card).

      So whether it would help against the trojan would depend on where the trojan tapped the signal.

      And if the trojan taps the signal on the encrypted side, you can bet v2.0 of the trojan will get it on the unencrypted side.

  • I read TFA and I was a bit confused. First, I was not sure about where exactly this software is going to be installed

    The ISPs of the persons under investigation will then slip the program onto their computers.

    This seemed to be saying that it will be installed on the ISP's end which seemed like not such a big deal as ISPs monitor the network data to some extent anyway

    The wiretap has some additional functions. For example, the built in microphone on a laptop can be turned on to monitor a room or webcams

  • Dear Swiss People (Score:4, Insightful)

    by SQLz ( 564901 ) on Monday October 09, 2006 @11:02PM (#16374125) Homepage Journal
    Welcome to the USA!!!
    • Re:Dear Swiss People (Score:4, Informative)

      by elebeik ( 971483 ) on Tuesday October 10, 2006 @03:38AM (#16375409)
      Uhm, why exactly is this post insightful?
      Do you know the first thing about Switzerland anyway?
      FTA: "[...]is therefore examining the use of spy software to allow it to listen in on conversations on PCs[...]" I say: Yay for the Swiss government. They are examining this? Good, examining doesn't hurt. The press (ok, one newspaper... they might be misinformed) has heard about it and published it. People are being informed.
      The contrast to the USA?
      Well, firstly i'm sure somebody is examining the possible use of this or similar software in the US, too. But contrary to the US, Switzerland does not have a Patriot Act or similar stupid laws to allow wiretaps without a warrant.
      Secondly, Switzerland is a direct democracy. The Swiss people can actually oppose anything the government decides and put it up to a vote. Yes, you heard right: no president can decide 'let's take away some rights from the people' without the people having the last word (for that matter, our executive is made up of 7 'ministers' (Bundesrat), with all of them together not having as much power as the US president on his own!).
      So, to sum up my rant: I have no big fear of my government spying on me, while I am certain the NSA is spying on all of us. "Welcome to the USA!!!", indeed, for the world is your playground for all you care (and no, I don't hate Americans, just can's stand the current administration).
      • Many of the rest of us don't like the current administration, either. (Even those who think that the main candidate running against it in the last election would have been disastrously worse.)

        One of the downsides of the way the US government functions is that it tends to produce a choice between bad and worse - and one WILL be chosen.
  • I was just wondering.. I understand bittorrent engages a high-bandwidth conversation with a dynamic swarm of IPs. Has anyone worked on a tunnel over bittorrent? Would seem like the next escalation..
  • wrong (Score:2, Interesting)

    by george_e ( 961179 )
    1.intrusion of privacy
    2.administration of law outside legal jurisdiction
    3.stealing computing time
    4.stealing bandwidth from us who need it.
    5.intellectual property compromise

    wrong.fuckers.misguided.immoral.

    lets reverse engineer this and use it on them! see how they fucking like it.

    another bunch of politicians that decide our everyday freedoms.
  • Comment removed based on user account deletion
  • If this gets installed on a box with another trojan, I'd give it three days tops before it gets discovered and put into the wild by Black Hats.
  • by batbertus ( 1011187 ) on Tuesday October 10, 2006 @03:50AM (#16375467) Journal
    Fun facts about Switzerland: 1. Our army needs seven years and 40 billion Swiss Francs (about 30 billion US Dollars) to be ready for war. 2. It's illegal to flush the toilet after 10 pm. (Nobody seems to know, however) 3. My government believes they can bug the VOIP of the country the most Macs per capita.
  • When will people start to understand this? It's one of the most basic and fundamental statements when first learning about "the computer." Software is a set of instructions for the computer to execute. It has more in common with a book than with a wrench.

    Every time I read about how anyone, government or otherwise, wants to deploy some sort of software 'tool' to accomplish something, either to ensure security/privacy or to deny it, I invariable consider any means to defeat the measure or to use it for uni
  • to point out how utterly foolhearty "security through obscurity" is?

    it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."

    Last I checked, a hacker's main activity is finding things that you are trying to hide from them?
  • This is really a quantum leap in malware design. They apparently have a piece of software that can remotely infect an unknown operating system. It works on Windos, Linux, MacOSX, HP/UX, Symbian, Oracle Raw Iron and your TSR-80. It works on all VoIP-capable phones and equipment. It can penetrate all firewalls, regardless of make or ruleset. Your computer can be infect while it's turned off! The trojan will also adapt to new systems automatically and evolve to counter any security patches that might fix the h
  • From TFA:

    "supply it solely to investigation agencies. This should also prevent antivirus manufacturers from incorporating it into their databases and having their tools recognise it. According to the manufacturer, firewalls do not present a problem.

    Installation of the software wiretap is to be carried out on the instructions of a judge only. The ISPs of the persons under investigation will then slip the program onto their computers."

    It says that the software will be supplied solely to investigation agencies
  • The program will save overheard conversations and send them to a server in small, inconspicuous packets.
    Ah HA! Here is how they will keep ethereal from revealing their activities to me ... they plan to set the oft undocumented INCOSPICUOUS bit! My firewall really will be easily defeated, as I couldn't possible filter packets with the INCONSPICUOUS bit set!!!

God made the integers; all else is the work of Man. -- Kronecker

Working...