Legal spyware

12 Oct 2006

minute read

Authors

Magnus Kalkuhl

The Swiss newspaper “Schweizer Sonntagszeitung” recently published an article on malware experiments conducted by the Swiss Department of the Environment, Transport, Energy and Communications. The full article, in German, can be found here.

The department is clearly considering the use of spyware that has been specifically developed for tapping into encrypted Voice-over-IP connections (e.g. Skype). It is still unclear whether using such a tool could be made legal. In any event, a judge would have to approve each case in advance, similar to the procedure for monitoring normal telephone calls.

The Swiss company that develops the program (and rather ironically offers installation services for antivirus software on their website) has made some interesting statements. They say that the spyware would only be given directly to the Swiss authorities, and that their program would be undetectable by any firewall or antivirus solution. Of course, the latter statement cannot be verified without a sample, but personally I don’t believe it anyway. We all know, that not only signature-based methods can detect malware, but also heuristic and proactive technologies, which antivirus vendors are continuously improving.

On the other hand, even if the spyware could fool all antivirus solutions, it would be highly irresponsible to use such software “in the wild”, no matter what the reason. Sooner or later it would be discovered by other malware developers, and be modified and abused for illegal purposes.

So far this spyware is not in use, and hopefully, that will not change any time soon.

Authors

Magnus Kalkuhl

Legal spyware

Latest Posts

Latest Webinars

Reports

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Legal spyware

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

On the way to better testing

mwcollectd released

Happy birthday, Mac!

Wardriving in Copenhagen, Denmark

Online surveillance still under discussion

How much security is enough?

TOP 10 unattributed APT mysteries

The future of cyberconflicts

Researchers call for a determined path to cybersecurity

What does it take to become a good reverse engineer?

Latest Posts

From Caribbean shores to your devices: analyzing Cuba ransomware

Evil Telegram doppelganger attacks Chinese users

IT threat evolution in Q2 2023. Non-mobile statistics

IT threat evolution in Q2 2023. Mobile statistics

Latest Webinars

2023 APT Landscape Unveiled: Trends, Challenges, Solutions

Cybersecurity risks in alternative energy sources

Securing ICS Workstations: Vulnerability Identification with OVAL

Unveiling the Darknet’s Malware-as-a-Service model

Reports

Focus on DroxiDat/SystemBC

APT trends report Q2 2023

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

Subscribe to our weekly e-mails