Hacking in the name of the law

A couple of days ago the Suddeutsche Zeitung (a German newspaper) reported on a new type of search tool which the German Federal Office of Criminal Investigation would like to make use of it in the future. Instead of having to go through the tedious formalities of requesting access to a suspect’s house and confiscating any computers there, a law enforcement agency will be able to remotely access and monitor a suspect’s machine.

Of course, there aren’t any details given about how this will be done. How exactly access to data will be realized hasn’t been detailed. But regular readers of this blog might remember my post about its Swiss counterpart: spyware written for use by the authorities to track suspects. There wasn’t any further information given about how this software would be installed, either. Two possible methods would either be installation via unpatched vulnerabilities in operating systems or other software; or using the classic method of sending the program as an attachment to email, and banking on the user opening and launching the program.

So the Suddeutsche Zeitung article isn’t the first report we’ve seen about malware financed by the authorities, and it certainly won’t be the last. If we assume that every country of a reasonable size is currently developing (or using) its own Trojan program, then it’s only a matter of time before we get a sample of one of these things. And who knows – it could be that we’ve already got one without knowing exactly what it is. After all, a Trojan used by the authorities is hardly likely to send data it harvests to an easily identifiable police server…

Hacking in the name of the law

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox