Online surveillance still under discussion

Today, on Wednesday 27th February at 10am, the German Federal Constitutional Court in Karlsruhe made an official statement regarding its verdict on online surveillance.

The final verdict: although online surveillance is permitted, this is only in cases where a overwhelming threat to the existence of extremely important legally protected interests exists, and certain specific criteria will have to be met. Additionally, a new basic right will be introduced, for the first time since 1983, when a basic right was introduced regarding the capacity of the individual to determine in principle the disclosure and use of his/her personal data. This new basic right is intended to guarantee the integrity of IT systems and the confidentiality of data held on these systems.

The catalyst for these proceedings was a collective complaint brought against a law in the German state of Nordrhein-Westfalen designed to protect the constitution. This law permits the installation of spy programs on the computers of alleged criminals and terrorists. Such software, designed to intercept passwords, read the contents of disks, intercept encrypted conversations and transmit all of this via the Internet to the investigating authorities, gave rise to the term ‘online surveillance’.

Exactly what the practical results of today’s verdict will be remain to be seen. It’s clear that the Nordrhein-Westfalen law protecting the constitution will have to be amended. Meanwhile, discussions about the software – nicknamed the ‘Bundestrojan’ – will continue.

This won’t have any effect on our work as an antivirus company. As has already been said, in spite of the fact that it’s financed by the government, a Trojan which uses the same methods as spyware created by virus writers (which will very probably be detected by our proactive detection methods, such as heuristics, behavior analysis etc) has to be viewed as being potentially malicious. And although we will probably be able to detect the program, we wouldn’t be able to classify it as the ‘Bundestrojan’; it’s very unlikely that the authorities will provide AV companies with samples, so we would simply have to classify it on the basis of its behaviour, just as we do any potentially unwanted program.

Online surveillance still under discussion

Your email address will not be published. Required fields are marked *



LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox