Last July’s shutdown of a GPS vehicle tracking system used by German police to monitor suspects has apparently been traced back to an officer’s incompetent attempt to monitor his daughter’s Internet use with a spy Trojan.
As reported by German magazine Der Spiegel, the policeman from Frankfurt am Main planted the Trojan which was then detected by one of his daughter’s friends who had the hacking skills to return the compliment.
Hacking the father’s PC back, the man discovered emails redirected from a work computer that gave him access to the ‘Patras’ GPS surveillance system. This system was - very probably not coincidentally - subsequently broken into by a hacking group called 'n0n4m3 cr3w' (No Name Crew), two members of which were later arrested.
Discovering the break-in, police shut down the system. Although only temporary this was still hugely embarrassing.
As usual, the revelations offer only partial details of the breach. Why was such a critical system not secured more comprehensively? And why would a policeman use Trojan software to carry out a domestic task that could be accomplished with much simpler (and probably more legal) software?
The German authorities were discovered using surveillance Trojans or ‘Bundertrojaner’ some months ago, notably the so-called R2D2 program designed to intercept Skype calls first analysed by the German Chaos Computer Club (CCC).
The origins of this type of state-sponsored program go back a lot further to their use by Austrian, German and Swiss police forces up to a decade ago.