Archive

Author Archive

Chaos Computer Club analyses newer version of the “Staatstrojaner”

October 29th, 2011 No comments

(English translation of the original german version)

Lately the Chaos Computer Club (CCC) has recently received a newer version of the “Staatstrojaner”. The comparison with the older version, already analysed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the trojan can still be captured, loaded with any code and also the allegedly “audit trail” can be manipulated. The CCC is calling for a complete waiver of Trojans in pre-trial applications.

On October 8th 2011, the CCC published the documentation and binary data regarding a german “Staatstrojaner”. [0] This was used for the officially called computer infiltrations, trivially called “source-telecommunication surveillance”. Its application in pre-trials and law enforcement meanwhile was admitted by many states.

Despite the CCC has published solid technical evidence, the authorities responsible for internal affairs, as well as the manufacturer DigiTask, denied the existence of any illegal functionalities [1],[2],[10], and pleaded that the analysed Trojan was allegedly an outdated software version.

The excuses vary from “trial” to “prototype”, DigiTask still insisted on October 11th 2011 to its governmental customers, that almost all problems are being solved in newer versions. The manufacturer DigiTask and the authorities view the functionality of code-reloading as a “natural need”, for which the implication of fundamental rights violation is relative in any way. It serves a purpose, and therefore the aim justifies the means.

Therefore, the CCC now presents a more detailed technical documentation of a newer version of the “Staatstrojaner” from the year 2010.[3] The testimony of DigiTask[11] is the basis of a detailed report that serves as a euphemistic attempt to conceal its illegal nature. At the same time, both disassembled versions of the Trojan, commented by the CCC, were made publicly available in order to ensure the traceability of the findings and to facilitate further research by interested parties. [4]

„Even during the last three years, the authorities and their providers were clearly not capable of developing a “Staatstrojaner” ehich would meet the minimum of requirements for juridical evidence, basic law compliance and security against manipulation”, a CCC spokesman summed up about the new findings. “By these concrete and principal reasons, it is logical not to expected that this would succeed in the future.”

The diagnosis of the new CCC report presents a strong contrast to the claims by the Interior Secretary Ole Schröder, who was the one who apparently had drawn the short straw and be the one to justify and answer questions of the parliament. There, he claimed: “The software is designed for each individual case and previously checked, so that it can’t do more than it is allowed to.” [8] Under the previously mentioned conditions, it is evident that the test wasn’t very intense – how could it, without available source code.

[0] The first press release regarding the “Staatstrojaner”
[1] http://netzpolitik.org/wp-upload/174366-Bericht-BKA-Prasident-Ziercke_TOP-24a-24c_53.-InnenA-Sitzug.pdf
[2] http://www.bundestag.de/dokumente/protokolle/plenarprotokolle/17132.pdf
[3] Technical report
[4] commented disassemblance of both versions of the trojan and here both binaries
[5] Videos: http://haha.kaputte.li/0zapftis-2_lowres-final.mov
http://haha.kaputte.li/0zapftis-2_922x578-final.mov (medium resolution)
http://haha.kaputte.li/0zapftis-2_1230x770-final.mov (high resolution)
[6] Frank Braun: „0zapftis – (Un)Zulässigkeit von ,Staatstrojanern‘“. In: Kommunikation & Recht 11/2011, S. 681-686
[7] FAQ zum Staatstrojaner
[8] Plenarprotokoll 17/132 des Deutschen Bundestages, 19. Oktober 2011, S. 15604,
[9] Ulf Buermeyer, Matthias Bäcker: Zur Rechtswidrigkeit der Quellen-Telekommunikationsüberwachung auf Grundlage des § 100a StPO, HRRS
[10] Dem CCC zugespielte Stellungnahme der Firma DigiTask an ihre Behördenkunden

Working with Linux

October 8th, 2011 No comments

I”ve been now several weeks immersed in my sea of Linux and everything was running smoothly until I encountered my first conundrum: can I actually work with it? From what I’ve read, this seems to be the key issue holding people from closing their Windows forever. “Personally the lack of certain pieces of commercial software on Linux is the reason I still keep a copy of Windows”. So I started off skeptical about the actual possibilities of operating “more complex” software on Linux. Sure there are plenty of free solutions, but are they enough developed yet? Or are we enough developed yet to use these and understand the importance of contributing to the growth of the free software movement? If you answered both this questions with a “not yet”, like I did, then don’t worry cause is not all lost. You can still get the programs you need/love/are used to on Linux. Me, I can’t live in a photoshopless environment. Which is why I started trying to figure out a workaround for it (Note: if there’s something any average computer user like me should be certain of, is that when it comes to computers, there’s always a way of tweaking things for satisfying our needs (unlike with people). Having this in mind, I just refused to accept that if I’m on Linux, I just can’t have Photoshop. So after understanding what Wine is, how it works and how it’s to be used, I could finally get PSCS5 to work (although if you are running on a 64-bit Linux environment, I suggest you to read this). It wasn’t difficult to get it and now I have that feeling of really owning my computer, as I need it to be. And yet not having to return to the notion of enduring Windows weaknesses only because “better the devil you know”.

I would like to finish this post by reflecting upon a quote from one of Adobe’s employees when asked about a commercial release of Adobe for Linux users. He writes: “Linux is not a single OS, but a kernel used in many fragmented OSes with few standards.” These are the kind of opinions that give people the feeling that high quality or high value can only happen on a commercial environment. I couldn’t disagree more with it, and hopefully more people will soon realize how superficial this thinking is. But don’t take someone’s word for it, you need to try it yourself.

Categories: Art Tags:

The looks

September 17th, 2011 No comments

In the past week I practically bullied all my friends into reading the first post about the Linux experience and to my surprise, it did trigger a certain wonder in the non-nerd community that I know. The biggest curiosity had to do with its looks. I felt like trying to describe someone for a blind date… “Is not so boring! Seriously, it looks really good”, “No, I know you are not a computer person but I’m telling you, it changed its appearance completely and it looks amazing now”. This was actually the thing I was most surprised about when I first interacted with my Ubuntu interface, cause it’s really intuitive and friendly to the eye. Almost all of its software has a resemblance to one that we are familiar with already (Libre Office to Word, Banshee to iTunes, GIMP to Photoshop and so on). Most people think of Linux in the same way I did: is not for me cause I’m an “average” user, it’s the OS for programmers. That may have been the case some years ago, but now even a blond girl (hey that’s me!) can find her way around it without feeling hopeless or lost in an unfamiliar environment. However, the success of a blind date doesn’t have to do only with looks, because the important things usually transcend the limits of what’s visible to the eye. The open nature of this operating system makes all the difference in the world, and even if we are not familiar with the technicalities of it, even if we don’t understand how Linux is better than other OS because on the surface it “looks” the same and we are not particularly turned on by the cleanliness of the processes running in the back-end, we should try to be aware of the social and political implications of our daily choices and own those choices rather than let others decide for us.

 

My GNU/Linux experience

September 7th, 2011 No comments

It all started as a discussion on security. I’ve never considered this an issue of importance before, even as an avid computer user. But it was made clear to me that the world is changing and apparently not in the “right” direction. Eager to get out of my shell of microsoftian comfort, I decided to try GNU/Linux, when Lx kindly offered to install it for me. He guided me through the process like the patient “older brother” (note that I purposely didn’t use “big brother”) teaching the younger sister how to ride a bike. Which is why my old windows OS was kept intact in a different hard drive. Kind of giving me a “safety” feeling, like those little wheels on kid’s bikes. I needed the reassurance that my computer world as I knew it, was still going to be available for me, two clicks away. It wasn’t difficult to get on the road of open software this way. And the curious thing is that I haven’t accessed my “little wheels” (the windows hard drive) ever since I got the new one cause I don’t seem to need it. I can ride smoothly on the GNU/Linux and it has that “cool toy” aura to it. But it is important that I could do everything I needed to, and remarked that some things work even better now! (like video chatting and the general performance of my computer). So far, I don’t miss anything (beyond some unimportant shortcut and some spanish character) and I’m overall quite happy with the change. I had prejudices, like most people, because we tend to think that things are to be valued by their price, rather than by their nature. Like most people, I too thought that open software “can’t” offer enough because it’s free. As if there was an intrinsic correlation between high price and high quality. Reality dictates this is a fallacy that we choose to ignore.

That’s all for now. I’ll continue my quest of riding GNU/Linux and sharing my experiences with all of you who want to read about it.

Links:
GNU/Linux Ubuntu
GNU Project
Linux Newbie Guide
GNU/Linux Ubuntu Forum

Categories: Art Tags: , , ,