“Du sollst dich nicht erwischen lassen”  9.10.11

Margarita Mathiopoulos, “Ein Liberales Manifest”:

Es muss daher vordringliche Aufgabe freidemokratischer Politik sein, einen liberalen Wertekodex der vom Verfall bedrohten bürgerlichen Tugenden – Anstand, Sittlichkeit, Ehrlichkeit, Pflichtgefühl, Großzügigkeit, Disziplin, Fleiß – aufrechtzuhalten, um den Vormarsch der Sünden – Wollust, Gewalt, Betrug, Lüge, Laster, Selbstsucht (das 11. Gebot „du sollst dich nicht erwischen lassen“) Einhalt zu gebieten.

(Gefunden von einem eifrigen VroniPlager)

Sovereign’s code  9.10.11

Chaos Computer Club published an analysis and the binaries of the German lawful interception malware intended to intercept computer-based phone calls.

They discovered some unlawful feature bloat, potentially turning the legal eavesdropping malware into an extra-legal full-blown surveillance tool:

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. (…) [I]t is possible to watch screenshots of the web browser on the infected PC – including private notices, emails or texts in web based cloud services.

As so often with malware out there, communication between the malware and the command layer is poorly designed and leaves opportunities for third parties to take over the malware.

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected.

CCC’s 20-pages analysis concludes (translated, orig. German):

“We are highly delighted that no apt expert could be won over for this morally questionable operation…”

Merkel might want to ask Putin next time.

FAZ, “Der deutsche Staatstrojaner wurde geknackt

CCC, “Analyse einer Regierungs-Malware

Frank Rieger, FAZ, “Anatomie eines digitalen Ungeziefers

Merkel’s Moment, a Schmittian emergency  28.9.11

Margarita Mathiopoulos is with her back to the wall because of her ongoing plagiarism investigation. I guess she’s first among the Transatlanticist wing of the German foreign policy elite to put it that bluntly:

If it fails, the blame will be on Germany. … All eyes are on Berlin. There is a strong, if silent, expectation in European capitals — as in Washington — that Germany will not forget its historic obligation to those who helped it rise out of the ashes of World War II and reunite.

… and pulls a Schmitt (Carl, that is):

First and foremost, Merkel and Sarkozy can and should declare that the euro zone is in a “state of emergency.” This would allow them (…) Although this would require revising the Lisbon Treaty, a state of emergency would make it possible to take action immediately.

…and asks to give the Germans some boots that are not made for walking:

Germany will only agree to the introduction of eurobonds to spread the responsibility for government debt across the euro zone if sinning countries can be punished.

Dr .de  22.5.11

In Germany, there appears to be a hidden, implicit, rarely outspoken two-track system:

  1. the show-off doctorate with little scientific value and
  2. the real scientific doctorate based on dissertations that actually contribute to scientific knowledge.

The show-off doctorate is the product of the high social value of a doctorate in Germany, incompetence, co-optation or naiveté (in dubio pro latter) of supervisors and university bodies conferring doctorates, combined with some trickery of eager climbers. […]

The uber-CERT: Germany’s new cyber-defense centre  2.4.11

I guess when average media consumer hears “cyber-defense centre”, she likely has Star-War-ish control rooms in mind,. Now, starting today, Germany has its National Cyber Defense Centre. It is located in the offices of the Federal Office for Information Security (BSI), which reports to the Federal Minister of the Interior. Not much of a surprise, any Quite some headlines in national media for a 10-persons task-force. (Sources: FAZ, Ministry of the Interior, both in German)


1&1, Gamballa, botnets, and quantitave internet security research  28.10.10

As mentioned the other day, security provider Gamballa released a study stating that some 11% of global botnet command&control servers were hosted by 1&1 Internet AG. Heise, presumably Germany’s most influential IT related news portal, brought the story, mostly citing the findings of the study. 1&1 was not amused about the journalistic performance. The flaws (de) in Gamballa’s study have been quickly uncovered by Thorsten Kraft of 1&1‘s Anti-Abuse team, which is closely linked to the consumer-focussed German Anti-Botnet advisory centre. Heise released another article explaining the flaws in the Gamballa report, and Gamballa has rightly taken its analysis down. The underlying lapse, according the reports linked above, was that Gamballa had allegedly added both ordinary, non-infected infrastructure servers and sinkhole and honeypot machines to the list of C&C server.


A follow-up on the German botnet-center  18.12.09

I’ve written a quick analysis of the recent anti-botnet politics in Germany. Kind crew behind netzpolitik.org has published it on this blockbuster blog. It’s written in German, though, but you could alternatively give Google Translator a moment of embarrassment.

Germany will get a private-public botnet center  9.12.09

Yersterday, press reports about an alleged joint venture of national ISPs and the national IT security agency to build a national botnet center stirred some scepticism and perplexety in Germany. After heise online brougth the news, the hacker association CCC informed that this rather is a hoax.

However, the German national ICT security agency (Bundesamt für Sicherheit in der Informationstechnik, BSI) and the association of the German internet business, eco (Verband der deutschen Internetwirtschaft), have cooperated on botnet issues at least since October 2008.

A workshop on botnets in early February 2009 addressed topics such as data-exchange between ISP regarding information from systems such as honeypots, abuse systems, spam traps (email analysis), DNS analysis, IDS/IAS (anomalie detection) or harmful websites. This information provided by ISPs could then be complemented with external data sources. Given the lack of published data, it is not clear which techniques ISPs actually use to exchange data today.

Another workshop on botnets, obviously organized by eco, took place in early February 2009. One of the speakers was Frank Ackermann, senior legal counsel to eco, who talked about judicial aspects of botnet fighting. According to Ackermann, “ISPs are interested in moderate filtering” of spam. Thus, politics should be discouraged from strict anti-spam regulation.

The programme of another joint eco-BSI workshop, the 7th German Anti Spam Summit mid-September 2009 on conficker, has sessions like “Status Quo central botnet disinfection call center DE” and “Legal Guide on Technical Approaches against Botnets” listed. According to the programme, Dr. Lothar Eßer, Head of Division Internet Security of BSI, also attended this session.

In late November 2009, eco mentioned in a summary of their IGF09 activities that it is going to build a “Botnet Disinfection Center” in a joint effort with BIS and several providers.

So, Germany will get it’s public-private anti-botnet center. According to eco’s press release, eco and BSI will establish a user-support center. ISPs will forward customers with infected machines to a website which provides tools and descriptions for removing malicious software from their machines. In addition, users with infected computers can call a special hotline with experts assisting users in removing harmful software.


Upd. 9.12.; 16.12: changed headline, added the paragraph with eco’s press release; corrected typos