Coder of Swiss Wiretapping Trojan Speaks Out 114
Lars Sobiraj writes "Ruben Unteregger has worked for a long time as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would invade PCs of private users, and allow the wiretapping of VoIP calls — in particular, calls made through Skype. In the German-speaking areas of the country, the Trojans were called 'Bundestrojaner' because the Swiss government was involved with their development and use. Unfortunately, Unteregger has to remain silent about the customers of the company. Last night, he published the source code of his Skype-Trojan under the GPL."
we (Score:2, Interesting)
Only a matter of time (Score:3, Interesting)
I don't think that a reasonably informed person could expect that this sort of thing could be kept bottled up for very long.
Government Support Malware... Great... (Score:3, Interesting)
Government supported malware...
I guess he's trying to vindicate himself by publishing the source code, but the reality is that there is a risk some idiot out there is going to misuse this information.
Seriously, do we want open source malware?
Not helpful? (Score:3, Interesting)
Isn't the idea of full disclosure meant to help security by bringing to light flaws in ...whatever? thus forcing companies/governments to deal the the problem rather than simply ignore them. Altho in this case a government (Swiss) is playing on one side, and a company (Skype) is on the other.
Re:Government Support Malware... Great... (Score:1, Interesting)
The big question is if Skype was ever secure. They've sure got something they're trying to hide, with all the anti-debugging measures they've built in to their software.
Re:GPL ? (Score:5, Interesting)
About the details, why I keep the copyright on this, I can't offer a statement.
My guess would be liability. If Skype want to sue the "owner" of the trojan, the company is safe. If a "victim" of the trojan wants to sue the "owner", the company is safe. In any court case, the company can turn around and say "Ah, but we just provide advice and consultancy services. The creator and owner of the trojan code is Ruben Unteregger, and he is a completely different legal entity."
Why the heck (Score:4, Interesting)
Why haven't the police already busted down the door of ERA IT Solutions and taken all their servers away? Why aren't there tons of class action lawsuits against ERA IT from people that got infected and spied on?
Doesn't (Score:1, Interesting)
Vista support DRM on the hardware level?? Could this not be used to encrypt any communications to and from your machine? Isn't it illegal in the US to try to decrypt such messages under the DCMA?