By John E. Dunn
25 October 2007
The Austrian Police has become the latest European agency to express its
intention to use specially-crafted Trojans to remotely monitor criminal
According to reports in Austrian media, the minister of justice Maria
Berger, and Interior Minister Gunther Plater, have drafted a proposal
that will be amended by legal experts and the cabinet with the intention
of allowing police to carry out such surveillance legally with a judges
There doesnt appear to be a defined timescale for such a law, and it is
not clear whether the move would face the legal challenges encountered
by the German authorities in the last year as they attempted to get a
similar law off the ground. According to Berger, Trojans would only be
used in cases of serious crime, such as terrorism and organised
The Swiss authorities have declared the intention of using the same
controversial technique, but only in cases of the most extreme nature,
such as terrorism.
One formidable hurdle is that opinion in the security software industry
is almost universally hostile to the idea. You dont have to dig far to
find negative reaction.
"I'm sure the Austrian Secret Service will develop some pretty ingenious
software to infect users' PCs, but there is a real danger that the
package could leak into the hacker community," said Geoff Sweeney of
security outfit Tier-3, which went to the bother of putting out a
release on the topic.
"That scenario would create a serious free-for-all on the industrial
espionage and identity theft fronts as legitimate Trojans are redirected
to create an even more hostile environment for organisations to defend
against," he said.
The authorities have been keen to portray the use of Trojans as similar
to phone-tapping, a long established police practise the world over.
However, Trojans are different on one important respect from phones, and
this is where the anti-malware companies sense trouble.
"How should anti-virus companies react to the existence of such malware?
Detect it? Avoid detecting it on purpose? Avoid detecting hacking
software used by governments of which country? Germany? USA? Israel?
Egypt? Iran?," commented F-Secures Mikko Hypponen in a blog earlier this
The Austrian, German and Swiss governments have yet to explain how they
would circumvent security programs that might be used by criminals to
protect themselves, whether this would involve collusion with security
software companies, and what would happen if such software-busting
Trojans were subsequently reverse engineered and deployed by criminals
"The anti-virus companies aren't going to turn a blind eye to
state-endorsed Trojan horses," said Graham Cluley of Sophos, himself a
good barometer of likely industry opinion.
"We're going to add detection for them just like any other spyware. So,
if the cybercops think they can give us a funny handshake, a wink and
buy us a pint for not adding detection for the Trojan they're using to
spy on their suspect they're mistaken.
"The reason why we take that policy is that we can't know if the Trojan
has been placed there by the cops or a criminal. It's unlikely that the
Trojan will say Copyright (c) FBI 2007," he said.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com