Swiss to Use Spyware to Listen to VoIP

An anonymous reader writes "Heise Security is reporting that the Swiss Department of the Environment, Transport, Energy and Communications is entertaining the idea of utilizing the 'Superintendant Trojan', a spyware program designed to allow eavesdropping on VoIP conversations. According to ERA IT Solutions, the creator of the software, it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."

4 words:

[creepynut]

Create it and they will get it.

Re:4 words:

[creepynut]

Haha... 4 words. Make that 7, because I don't know how to count.

Re:

[creepynut]

Funny ratings do not count towards karma. Combine that with the -1 Overrated and -1 Offtopic, I didn't get much Karma out of the 2 posts :)

Re:

[Myopic]

mod parent +5 Informative!

/ -1 Not Funny

Re:

[couchslug]

Good, make sure they get it and distribute it thoroughly.
Saying that this sort of trojan is bad means nothing to the clueless. Proving that it is bad is the only way to wield a cluebat with sufficient force for effect. Nothing proves a point like public failure.

Re:

[mikesd81]

Are you 100% sure? Maybe not via this but IP packets can always be intercepted somehow. On the other hand, if Skype doesn't like this idea, I'm sure they can fix it.

yea right

[grapeape]

If the trojan can be installed it can be sniffed out and discovered. I give it at tops a week of deployment before someone figures out what it is how it works and backwards engineers it into instant maymem for all the black hats.

Re:yea right

[whoever57]

If the trojan can be installed it can be sniffed out and discovered.

Which then raises the interesting question: how will anti-spyware vendors (including MS) respond to this? There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement, which would be illegal in many jurisdictions.

Re:yea right

[Coldmoon]

"There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement..."

Actually it will turn out to be the exact opposite. Once the program is in the wild and the black hats get their hands on it, both the AV and AS vendors will have no other choice than to add it to their detections.

Regardless of whether the detection is for the original Trojan or not, any subsequent black hat variations found would be added and the original would in all likelihood be flagged due to the particular (add your own term here) scanning technology.

Re:

[TractorBarry]

> Hindering law enforcement...

Just because it's allegedly for "Law Enforcement" doesn't change the fundamental principle.

No third party is going to run anything on my PCs without me giving my express permission - which will consist of me deliberately choosing to install and run that software.

Any anti virus/spyware vendor that doesn't detect and remove this scumware are incompetent.

Still, as usual, if you don't use Windows there's probably nothing to worry about.

Re:

[NDPTAL85]

There's this thing called a "court order" you see. Sometimes its referred to as a "search warrant." Its scope can also apply to people's computers. So no, despite all your righteous indignation, your computer CAN be altered without your permission and even without your knowledge at the time it is altered.

Re:

[CreatureComfort]

Just because it's legal, doesn't make it right.

Re:

[NDPTAL85]

On the whole you are correct but there are exceptions. For instance, the sentiments of a geek regarding the "security" of his own computer systems pales in comparison to society's interests in solving crimes. You won't die and the government isn't going to put the contents of your boring hard drive on the 11 o'clock news so in cases like this your complaints will fall on many many deaf ears (and I'm not just counting the ears that are totally computer illiterate and thus won't care because they don't unders

Re:

[PlusFiveTroll]

You won't die and the government isn't going to put the contents of your boring hard drive on the 11 o'clock news

It has happened in the past, and will continue to happen in the future. A little fear goes a long way, it keeps the sheep in line.

Re:

[ArsenneLupin]

No third party is going to enter your house without your express permission, either, but the police can and will, and there's nothing you can do to stop them.

But that doesn't mean that it is illegal to make locks. So, yes, antivirus and antispyware companies are in their rights to add this to their lists.

Re:

[MikeBabcock]

In lots of countries, sure there is -- its called judicial oversight.

The police don't get to walk into my house for almost any reason and if they do, I have recourse against them.

Sorry if you live in the USA though.

Re:

[rolfwind]

Um, if you are free/opensource hacker in the US, you don't have to care about the laws/law_enforcement in Switzerland, generally. You can circumvent this all you want.

Now, if you were a corporation, there may be additional considerations, but only if you have a branch of your business operating there.

Re:

[surprise_audit]

You know it's only a matter of time before one or more of the NSA, FBI, CIA, TSA, etc deploy their own version, and there'll be encryption involved somewhere so that defeating it will be a DMCA violation and/or an act of terrorism...

Come to think of it, wouldn't it also be a DMCA violation if the government agency's version circumvented any VOIP encryption to eavesdrop?? Not that it really matters, because Bush will pencil-in a clause that makes it OK for his buddies to rape the DMCA all they like...

Hmmm..

Re:

[Shawn is an Asshole]

Anyone tried running a VOIP product in VMWare??

No, but sound support is rather bad under VMWare. On every machine I've tried it's very choppy.

Re:

[Jonah Hex]

Even worse under Microsoft Virtual Server/Virtual PC, it emulates a Soundblaster 16 ISA card. Since Vista has no ISA support all I get while testing is the nasty system beep.

Jonah HEX

Re:

[Garabito]

Come to think of it, wouldn't it also be a DMCA violation if the government agency's version circumvented any VOIP encryption to eavesdrop?

Not really, because the DMCA is about criminalizing circunvention of measures taken to protect copyright, not just circunvention of any kind of encryption.

Re:

[sleeper0]

Active outbound control firewalls like zone alarm already interfere with US (and I'm sure other jurisdictions) use of key loggers that publish to the net. I'm pretty sure they haven't caught any heat about that. In fact it was a US LEO that encouraged me to start using that kind of technology. Requiring anti-malware technology to skip over it would essentially be akin to law enforcement requiring back doors be put in their software, something I'm pretty sure wouldn't fly.

Not a new issue

[Beryllium Sphere(tm)]

There's a category of "investigative" software marketed to suspicious spouses and the like that includes keystroke logging features. The antivirus/antispyware industry is split on how to handle them. In general, the less commercial an AS/AV product is, the more likely it is to detect a commercial spy package.

probably already doing it

[oohshiny]

I suspect that plenty of spy agencies and police are using this approach, the Swiss are simply one of the few to acknowledge it.

Also, it doesn't really have to be "malware", in that it tries to install itself after the fact, these people can simply do on-the-wire replacement of software updates with software updates that have been modified specifically for their purposes (getting around signing is work, but feasible). Unfortunately, Linux is as susceptible to that as Windows and MacOS.

Re:

[suv4x4]

There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement, which would be illegal in many jurisdictions.

You could've said that for Sony's DRM too (DMCA law), but still antivirus companies reacted appropriately.

I guess we need 20-30 more years until politicians who have a clue what the net is, come to power.

Re:

[iamacat]

since detecting it could be considered as hindering law enforcement

Didn't put much of a dent on Radio Shark radar detector sales.

Re:

[Opportunist]

It ain't my government using it. So my government won't prosecute me for finding this trojan. Actually, my guess would be that they don't really enjoy the idea that the Swiss might be tapping their conversations...

Trojans rarely care what computers they're installed on. They don't discriminate between good and bad people.

Re:yea right

[isometrick]

The omg-leak-to-blackhat bit isn't a big deal. Any blackhat worth his weight in RAM chips could cobble something together to record incoming/outgoing RTP traffic on a local network interface (in the case of SIP/RTP VoIP, and similar in IAX, H.323 and other protocols). It's just a few header fields and then pure Mu-law or A-law audio in most cases and other publicly available codecs in other cases.

It'd probably be more work to reverse engineer this trojan as opposed to writing something to do it yourself. It definitely would be for me. And from some experience with other 'law enforcement'-type programs, it's probably shit anyway.

The worrisome bit is utilizing trojans for law enforcement, even with some kind of judicial review (scoff).

It will also only be really useful when Joe User starts using VoIP, because it'd be much harder to get your average power user to install something infected with the trojan.

And end-to-end encryption renders it completely useless anyway, unless it actually reads pre-encrypted stuff from memory. Hopefully VoIP providers will get off their collective asses and get SRTP et al. working.

Just my $0.02.

Re:yea right

[mattr]

hacker: 100kg
sd card: US$124 / 2 grams ($61/g)

hacker's weight in ram chips: $610,000

Re:

[dodobh]

Screw SRTP. IPv6 with mandatory crypto (AH and ESP) FTW.

Would be awesome if everybody had it.

[isometrick]

Definitely a more elegant solution, and I'd love to have it! But in the near-term, any crypto would be better than none.

Check out ZRTP [wikipedia.org] if you want a real head-scratcher.

Re:

[kensan]

And end-to-end encryption renders it completely useless anyway, unless it actually reads pre-encrypted stuff from memory.

I read the original newspaper article and it contains some more information. Apparently the software is accessing the microphone directly, so encryption will not help. On top of that, the software will be able to record audio by turning on the Mic even if there is no VoIP-Software running, etc.

The newspaper article also said that it was theoretically possible to do the same with Webca

OMG...

[Pharmboy]

I can't believe I just read that. They think they can use it and it won't get in the wild? This sounds as smart as the judge in the Spamhaus case, as in, totally clueless about "that there interweb spying softywear".

Re:

[Pharmboy]

What a lot of people aren't spotting is that we're talking about Switzerland. In Switzerland it's a relatively common assumption that people will obey the law.

And the whole country is firewalled from the rest of the world? Swiss are "special", not like other nasty Europeans and Americans who always break the law? That isn't a strong arguement. Hell, it doesn't even make sense.

Anything you install on a bunch of people's computers will get in the wild. It doesn't require a rocket scientist to figure out h

Wow.

[Sensae]

If that isn't a destruction of your privacy, I don't know what is. Although it'll probably be flagged by scanning software soon.

Re:

[JustNiz]

...or not...

Probably the respective governments will tell all the scanning software companies to make a point of not identifying it. That is, if the virus doesn't already modify the scanning software directly.

I really don't believe this

[El Cubano]

...it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers...

Do they really think so?

I mean, that completely ignores human nature. Come on.

• radar detectors
• traffic light remotes (the new ones that only emergency vehicles are supposed to have)
• guns in countries where guns are illegal
• police-band radios

All these things have one thing in common: they are not supposed to be accessible to the general public (or at least initially were not supposed to be) and yet they are. Legality does not stop criminals.

Re:

[wordsnyc]

Actually, police-band radios have always been legal in the US (not in the UK, though). But with the rise of digital encrypted radio systems, those days may be fading fast, as it's a federal crime to even try to decrypt the transmissions.

Re:

[roseblood]

In the USA the FCC gives permission to specific persons or agencies to operate radios on specific frequencies. The frequencies vary depending on the availibity of spectrum and the needs of the agency. A metro agency with many sky-rises will have diffrent needs from those of a rural agency in the plains states. Thus some agencies use relatively low frequencies, some in the 400mhz bands (mostly because most of the radio gear available on the market works here), others in the 800mhz bands(because the remainder

Re:

[wordsnyc]

Scanners that can track trunked digital systems are freely available in the US -- Uniden makes several. But once the digital signal is encrypted, it's illegal to decode it. The FBI and Secret Service use encrypted digital systems.

Re:

[jridley]

It is not legal to have a police-band receiver in a car. No problem in a house.
I'm not sure if this is a federal or state reg, but if state it's in a lot of states.

Re:

[jimicus]

Legality does not stop criminals.

No kidding. If it did, they wouldn't be criminals.

(As an aside, I wrote to my MP pointing this one out a couple of years ago when they proposed making forging an ID card illegal (it already is anyway). The letter I received back said, in a nutshell, "We know criminals don't obey the law. We're trying to find a solution to that one and anyone who has any ideas is welcome to write to us".)

Re:

[MickDownUnder]

>Legality does not stop criminals.

What if it did ?
Would they still be criminals ?

Re:

[iamacat]

And why do you think of it as an unreasonable assumption without knowing the real story? This technology is feasible and would be less prone to abuse than remotes - a cop can easily spot a Corolla with a glued on siren or flashing high beams.

This is why...

[sjs132]

I write all my secrets onto yellow stickies... Then make the person that reads it shred and eat...

2 Words

[cybercobra]

Bad Idea.

If there's a backdoor, crackers will find it and they will exploit it.
Stop the idiotic Police/Spyware.

Scary thoughts

[iamacat]

by sjs132 (631745) on Monday October 09, @09:47PM (#16373281)
I write all my secrets onto yellow stickies... Then make the person that reads it shred and eat...

by cybercobra (856248) on Monday October 09, @09:47PM (#16373285)
Bad Idea.
If there's a backdoor, crackers will find it and they will exploit it.

Ok, let's analyze this a bit, shall we?

[Weaselmancer]

Two things stand out right away. Point one:

the 'Superintendant Trojan', a spyware program designed to allow eavesdropping on VoIP conversations

Ok, so it's spyware. It sneaks onto a system and installs itself. Gotcha. That moves us to point two:

it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers

Ok. Got it. So to sum up, what they're saying is that they don't want anyone to get it, but they need to install it on a target's system in order for it to work. And a target would be someone the law was interested in who was computer literate. Like, say....hackers, for instance.

I love things that are broken by design.

Re:

[TheMeuge]

With one-time pads, quantum computing, and the absolute encryption secrecy it offers, I think we're just going to have to live with the fact that criminals can be secure from electronic eavesdropping, for as long as the general public is allowed access to computers.

Re:

[RM6f9]

When has judicial oversight ever been sufficient to protecting citizen's rights?

Re:

[kent_eh]

Provided that there is sufficient judicial oversight,

Uh huh.

That's exactly the way things are going these days, isn't it.

Ok, I could clarify a bit, sure.

[Weaselmancer]

And the better question is why not? Provided that there is sufficient judicial oversight, why shouldn't VOIP coversations of suspected criminals be monitored?

Well, I haven't argued anywhere that they shouldn't be monitored. It's not the judicial oversight that worries me. It's the technical oversight.

Let me clarify my objections a bit. In order for this hack to work, some authorized person has to sneak something onto your system. And as soon as it's on your system....it's on your system. You have

Re:

[ultranova]

To summarize the summary, this is wildly irresponsible. I can't believe people smart enough to write this software are dumb enough to think they can contain it. Absolute morons, I'd call them.

On the contrary, they are pure genius... marketers, that is. "This program is so efficient we can't let it fall into wrong hands. It's strictly for government." It's the same trick makers of Z-class horror movies used to use - demand that everyone going to the cinema takes a life insurance in case they'll be scared

Installation?!?

[iOsiris]

I wonder how they plan to install these things onto the target computers?

The Victim

[NevDull]

Well, the thing about Trojans, is that the victim installs them.

This article is complete and utter bullshit.

"VoIP" is not a single computing platform or implementation.

Re:

[SeaFox]

I wonder how they plan to install these things onto the target computers?

Computers? I thought it would be like in Star Trek II where the bug would come over the phone line and crawl into you ear like poor Chekov.

Re:

[whathappenedtomonday]

I wonder how they plan to install these things onto the target computers?

I saw an article yesterday that said ISPs are supposed to distribute the trojan to their customers under surveillance; no details on how this should work. Are they supposed to spoof windowsupdate.com and disguise it as a patch or what?!

And yes, no I didn't RTFA.

hunh?

[RM6f9]

Installwatch + a firewall with a solid logging facility might not present *problems* for this software, but should provide enough info to entertain folks for a while...

It's on;y important to softphone

[gelfling]

Me with my TA behind my router I think I have less to worry about.

maybe but you still have plenty to worry about

[gd23ka]

Me with my TA behind my router I think I have less to worry about.

Me with my terminal adapter which happens to be integrated with my router,
I think I have plenty to worry about. Who says its firmware is not rigged?
Who says they can't upload a patch to it or otherwise tamper with it??

On the other hand, why do these shitheads need to tamper with someones
machine if they can just pick off the conversation directly from the wires
at the provider (unless they're using encryption)??!

Move along, nothing to see here.

[foQ]

There are dozens of commercial keyloggers and remote admin type apps out there. "Firewalls do not present a problem" to any of these, nor most of the other tools. I'm assuming here that they mean incoming firewalls, not restrictive bidirectional firewalls which block unknown outbound connections. The fact that this makes use of webcams and microphones is nothing new, Back Orifice did this a decade or so ago. None of the antispyware or antivirus vendors mark the commercial tools as malicious, because the

Thankfully...

[krray]

Thankfully I have nothing to hide. But if I did:
Thankfully my main GUI is a Mac. I wonder how LittleSnitch would handle a .EXE?
Thankfully my networks are Linux and BSD based. They don't like .DLL's.
Thankfully my VoIP is handled by a Sipure non-PC based box. It doesn't allow / nor has needed updates.
Thankfully the one place I do use Windows for now (work) will be replaced with a Mac in short time.

I do have to wonder if and how heuristic type scans and/or zonealarm tweaked all the way up would react to this t

Re:

[icebike]

Thankfully your packets do not travel on any public network...

Oh, wait a minute...

Let me take this opportunity to say

[rolfwind]

According to ERA IT Solutions, the creator of the software, it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."

HAHAHAHAHA!!!!!

ROTFLMAO

Thank you, that is all. Great plan, thumbs up to the Swiss!

Black hats rejoice!

[Mr_Tulip]

The only possible means by which a trojan can get around anti-virus tools, operating systems and firewalls is if the tools themselves have been modified to allow this trojan to work.

I suspect that the software vendors / designers of these tools will be contacted, asked to participate and sign a ND agreement.

All people running software by these vendors will then be susceptible to attacks from this trojan - a trojan which will undoubtedly be in the hands of black hat hackers by then.

Additionally, if this sort of thing becomes common practice, it will result in anti-virus software becoming practically useless, as the virus writers will take advantage of these 'back doors' to create new malware that can mimick the behaviour of the trojans.

Re:

[jimicus]

Actually, the only way things get stopped by anti-virus is if the AV has been modified to detect them. Essentially, most AV packages act as a glorified binary grep, searching for suspicious strings and flagging up any files that contain them. If the AV vedonr doesn't add this to their database, it won't be found.

As regards firewalls - it's a bit curious to announce that it isn't stopped by any type of firewall unless it does something really obscure like take advantage of bugs in IE or Outlook to install

Re:

[Mr_Tulip]

You're right, although I was thinking more of the scenario where 'harmful' viruses start using the same algorithms and signatures that ought to be ignored by AV software since they are part of this VOIP monitoring application. The AV vendors will be in a bind, since they will have to balance out finding 'harmful' viruses and ignoring the government sponsored stuff.

As far as the 'black box' solution, it is indeed far more likely. I'd be surprised if this kind of network monitoring/logging technology isn't al

PGP Fone

[Hoi Polloi]

I wish someone would restart PGP Fone [mit.edu].

Re:

[Antique Geekmeister]

Me, too. Now that the RSA patents have expired, it shouldn't be as awkward to publish. Hosting the signatures is still a difficulty: an automoted key retrieval utility is vulnerable to fake keys being published and used for a man-in-the-middle monitor, much as Skype connections can be chained end-to-end by Skype and the audio traffic monitored in the middle, with Skype's cooperation.

Re:

[Ungrounded Lightning]

I wish someone would restart PGP Fone.

Encrypting the link is good against taps outside the machine.

It doesn't help if the signals are tapped INSIDE the machine, on the unencrypted side of the process (like at the sound card).

So whether it would help against the trojan would depend on where the trojan tapped the signal.

And if the trojan taps the signal on the encrypted side, you can bet v2.0 of the trojan will get it on the unencrypted side.

Am I missing something ?

[l0cust]

I read TFA and I was a bit confused. First, I was not sure about where exactly this software is going to be installed

The ISPs of the persons under investigation will then slip the program onto their computers.

This seemed to be saying that it will be installed on the ISP's end which seemed like not such a big deal as ISPs monitor the network data to some extent anyway

The wiretap has some additional functions. For example, the built in microphone on a laptop can be turned on to monitor a room or webcams

Dear Swiss People

[SQLz]

Welcome to the USA!!!

Re:Dear Swiss People

[elebeik]

Uhm, why exactly is this post insightful?
Do you know the first thing about Switzerland anyway?
FTA: "[...]is therefore examining the use of spy software to allow it to listen in on conversations on PCs[...]" I say: Yay for the Swiss government. They are examining this? Good, examining doesn't hurt. The press (ok, one newspaper... they might be misinformed) has heard about it and published it. People are being informed.
The contrast to the USA?
Well, firstly i'm sure somebody is examining the possible use of this or similar software in the US, too. But contrary to the US, Switzerland does not have a Patriot Act or similar stupid laws to allow wiretaps without a warrant.
Secondly, Switzerland is a direct democracy. The Swiss people can actually oppose anything the government decides and put it up to a vote. Yes, you heard right: no president can decide 'let's take away some rights from the people' without the people having the last word (for that matter, our executive is made up of 7 'ministers' (Bundesrat), with all of them together not having as much power as the US president on his own!).
So, to sum up my rant: I have no big fear of my government spying on me, while I am certain the NSA is spying on all of us. "Welcome to the USA!!!", indeed, for the world is your playground for all you care (and no, I don't hate Americans, just can's stand the current administration).

Re:

[Ungrounded Lightning]

Many of the rest of us don't like the current administration, either. (Even those who think that the main candidate running against it in the last election would have been disastrously worse.)

One of the downsides of the way the US government functions is that it tends to produce a choice between bad and worse - and one WILL be chosen.

VOIP over Torrent

[mattr]

I was just wondering.. I understand bittorrent engages a high-bandwidth conversation with a dynamic swarm of IPs. Has anyone worked on a tunnel over bittorrent? Would seem like the next escalation..

Re:

[RKBA]

It would work only if you talked exceedingly slowly. ;-)

Re:

[mattr]

Yes! Could usher in a new artform of rapidly accelerating discourse! :)

wrong

[george_e]

1.intrusion of privacy
2.administration of law outside legal jurisdiction
3.stealing computing time
4.stealing bandwidth from us who need it.
5.intellectual property compromise

wrong.fuckers.misguided.immoral.

lets reverse engineer this and use it on them! see how they fucking like it.

another bunch of politicians that decide our everyday freedoms.

Re:

[account_deleted]

Comment removed based on user account deletion

And this gets installed on...

[Tavor]

If this gets installed on a box with another trojan, I'd give it three days tops before it gets discovered and put into the wild by Black Hats.

A Swiss perspective

[batbertus]

Fun facts about Switzerland: 1. Our army needs seven years and 40 billion Swiss Francs (about 30 billion US Dollars) to be ready for war. 2. It's illegal to flush the toilet after 10 pm. (Nobody seems to know, however) 3. My government believes they can bug the VOIP of the country the most Macs per capita.

Re:

[Myopic]

who are you going to war with?

Software != THING

[erroneus]

When will people start to understand this? It's one of the most basic and fundamental statements when first learning about "the computer." Software is a set of instructions for the computer to execute. It has more in common with a book than with a wrench.

Every time I read about how anyone, government or otherwise, wants to deploy some sort of software 'tool' to accomplish something, either to ensure security/privacy or to deny it, I invariable consider any means to defeat the measure or to use it for uni

why wants to be first

[v1]

to point out how utterly foolhearty "security through obscurity" is?

it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."

Last I checked, a hacker's main activity is finding things that you are trying to hide from them?

quantum leap

[Tom]

This is really a quantum leap in malware design. They apparently have a piece of software that can remotely infect an unknown operating system. It works on Windos, Linux, MacOSX, HP/UX, Symbian, Oracle Raw Iron and your TSR-80. It works on all VoIP-capable phones and equipment. It can penetrate all firewalls, regardless of make or ruleset. Your computer can be infect while it's turned off! The trojan will also adapt to new systems automatically and evolve to counter any security patches that might fix the h

... Profit!

[Secrity]

From TFA:

"supply it solely to investigation agencies. This should also prevent antivirus manufacturers from incorporating it into their databases and having their tools recognise it. According to the manufacturer, firewalls do not present a problem.

Installation of the software wiretap is to be carried out on the instructions of a judge only. The ISPs of the persons under investigation will then slip the program onto their computers."

It says that the software will be supplied solely to investigation agencies

Re:

[Secrity]

I DO hope that the same people who thought up this little trojan idea are not the same people who designed the Swiss internet voting system.

The oft undocumented INCONSPICUOUS field ....

[Zero__Kelvin]

The program will save overheard conversations and send them to a server in small, inconspicuous packets.

Ah HA! Here is how they will keep ethereal from revealing their activities to me ... they plan to set the oft undocumented INCOSPICUOUS bit! My firewall really will be easily defeated, as I couldn't possible filter packets with the INCONSPICUOUS bit set!!!

Re:

[SanityInAnarchy]

I wonder why they don't just do it all on the ISP's end if they are going to be responcable for infecting users anyway.

Because people can easily encrypt voice communications. This software, being on the client side, can get around encryption. Of course, all this assumes that they know what they're looking for -- I doubt they would know what to do with Asterix, even if it existed for Windows.

As for switching to a new OS, you're right, I do feel a lot safer on Linux.

Re:

[Burz]

As it happens, its relatively easy to setup SuSE with an encrypted root filesystem. [opensuse.org] That protects you from malware being physically placed on your system.

Preventing malware from being remotely placed on your system boils down to the usual Internet security measures (firewall, running only needed services, Firefox with NoScript, etc).

Re:

[SanityInAnarchy]

You might try Ubuntu instead of Suse, but regardless, if you're at all worried about things like this, you should either already have your own computer, or use one that's only shared with trusted friends. And while I trust my friends to be honest, I don't trust them to be competent -- they might delete something or install malware, etc, by accident.

I'd much rather have my own computer running Windows then have to share the root account on a Linux computer.

Depends.

[SanityInAnarchy]

First off, most places allow some sort of outbound port 80, even if it is heavily restricted. The last place I worked at allowed outbound connections to the Debian update servers, and only through a proxy, but the principle is the same. And if you allow web browsing of any normal sort, it can be very difficult to differentiate between legit web browsing and something like this.

Now, it could be more complex, but to suggest that firewalls don't present a problem is to display an absurd amount of arrogance.

Re:

[grahamsz]

Virtually everywhere i've worked has forced you to proxy port 80 traffic, which essentially means that they've got to use HTTP or their requests just wont go through. A connection that was streaming VOIP audio out via http posts would probably look pretty damn suspicious to any network administrator that actually paid attention.

Re:

[Captin Shmit]

"The ISPs of the persons under investigation will then slip the program onto their computers."

How do they plan on doing that, exactly?

Re:

[TCM]

Well, the ISP basically controls how you view the Internet. The next .exe you download via HTTP could be modified.

Re:

[mibus]

Well, the ISP basically controls how you view the Internet. The next .exe you download via HTTP could be modified.

Have fun with Debian users, then :)

Modern Apt uses GPG signatures to verify package lists, and contains MD5 and SHA1 *and* SHA256 hashes in the lists for the individual packages.

Re:

[SanityInAnarchy]

While that would be possible, where did you get that quote? It certainly wasn't in my own post.

Re:

[pla]

Firewalls dont present a problem...........i read this as.....the software connects back to home by connecting to TCP port 80.

You done with that strawman yet? I'd like a whack at it...

If you use VoIP, you must have firewall rules allowing VoIP traffic out (and probably back in, but not neccessary for spying on the user).

Thus, this trojan would only need to connect the same way as your legitimate VoIP client. It could even act more-or-less like real VoIP traffic, since it basically needs to duplicat

Re:

[mikesd81]

Now if this were applied in the US and could be installed without a judge's consent (a la the Patriot Act), your standard privacy concerns would apply, but the impression I get is that this is a case of the Swiss authorities catching up with today's technology.

Now there's an interesting thought. US and Patriot Act.....maybe I'm paranoid, but it's all a matter of time.

Re:

[Random Guru 42]

I agree that it'll be easy to catch. But even if it isn't, I'm sure someone will likely break into the company (physically or electronically) and walk out with a copy. Then it'll be blocked.