I do not want to get into to many details at this point in time and suggest you read the long post over at the club’s website to get a better understanding of what it can and cannot do. A binary version of the program has been uploaded to the club’s website as well.

Only that much. The so called Bundestrojaner (federal trojan) works in its detected form on 32-bit Windows operating systems. The trojan targets software used for communication. This includes Skype, ICQ or the MSN Messenger but also web browsers. It acts as a keylogger and contains functionality to download and execute code from remote locations. It can furthermore take screenshots, record audio and supports remote updating.

The core issue here is not that such a trojan exists as it was openly discussed in Germany, but that the trojan is capable of going beyond what the German Federal Constitutional Court allowed police forces to do with it.

While it appears to be more of a local German issue, it is not completely out of the question that the trojan was planted on computer systems of foreign nationals.

Security company Steganos has released a first version of the – German only – Anti-Bundestrojaner, a software to detect the trojan on 32-bit Windows systems. The software is free and portable, and can be downloaded from the Steganos website with a click on the Jetzt Herunterladen button.

All that you need to do is to run the program and click on the Analyse starten… button in the interface. This starts the system scan.

The security software scans the system and will display findings in the interface. It will scan the system for drivers and libraries, and try to make a connection to the remote servers of the trojan. A red icon in front of a line followed by the word Kritisch (critical) means that it has detected a file belonging to the trojan.

If that is the case a popup will be displayed prompting the user to either selected Ja (yes) to delete the identified files or Nein (no) to leave them on the system.

If you select yes you are asked to reboot the system after the deletion completes. Select ja to reboot right away or nein to reboot at a later time.

Germany is on the brink of introducing new biometric identification cards. Those new IDs not only replace the old cards, but can also be used for identification online, for instance to contact public authorities.

That sounds great on paper. The system uses a similar concept as the well known banking standard HBCI. Users get a chip reader with their cards for online use. They put the chip into the card and need to enter a pin for security reasons whenever they sign an application or need to identify themselves online.

Members of the German Chaos Computer Club, in cooperation with Swiss security experts, have demonstrated that the security on the new ID cards is not hack-proof.

They have identified several weaknesses, including:

• Attacking computers with trojans or man in the middle attacks. Card owners with basic card readers (without a physical numpad to enter the pin) are affected by this. More advanced card readers are still prone for other attacks, including man in the middle. A million of those basic kits were ordered by the German authorities.
• Card contents and identities can be copied.
• No application standards for signing legal documents. The experts demonstrated that with a PDF and JavaScript contents. The JavaScript contents were not displayed to the signer of the contract, while they were displayed in Adobe’s PDF reader. This means that legally binding contracts can be signed by ID card owners without them seeing all contents on the contracts.

What can users do to protect their cards against abuse? Germans can get an old identification card until October this year. If a new ID card is the only option, users should make sure to either get a more advanced card reader with numpad to protect against the most basic attack forms, or make the chip on the card invalid.

How this can be done was demonstrated by a ninth grade school class some weeks ago. Brave new world, here we come..

The Chaos Computer Club, a renowned and popular club of hackers and privacy advocates, decided to let the minister taste some of his own medicine by replicating the fingerprint of the minister and publishing that fingerprint in their magazine.

The fingerprint was available as a print in the magazine and on transparency slide ready to be put on the fingers of the readers of it. The sample was apparently taken from a glass that Schäuble was drinking at a panel discussion in Berlin.

The club also published a step by step instruction on how they managed to replicate the fingerprints. The process itself requires only a handful of common materials, a computer and laser printer, nothing that can’t be acquired in a regular tools store.