Germany caught spying on other countries with Trojans

Let take a trip back in time. In September, Germany accused China of cyberespionage. Now it seems that Germany was also using Trojans to eavesdrop on the communication of other countries. It's excuse? The war on terror!

Eight months after the nation's chancellor accused China of information attacks, Germany now faces criticism over its intelligence agency's use of software designed to spy on other countries' officials.

The latest incident, which began in June 2006, involved Germany's intelligence agency -- the Bundesnachrichtendienst (BND) -- launching an information attack against the Ministry of Commerce and Industry of Afghanistan, ostensibly an ally, according to media reports. Using a Trojan horse, the intelligence agents were able to read an Afghan government official's e-mail, including his correspondence with a reporter working for the German news magazine Der Spiegel, and data stored on the compromised PC's hard drive. The German Constitution protects the secrecy of telecommunications, but BND's legal counsel concluded that, because the messages were stored communications, they did not fall under the constitutional protection, Der Spiegel reported.

The operation ended on November 2006, when a whistleblower sent a letter to his superiors warning of the surveillance, the magazine reported. In February 2008, an anonymous BND employee notified two members of Germany's parliament of the intelligence agency's wiretapping activities. The incident only recently came to light during a Parliament hearing two weeks ago.

German's Interior Minister Wolfgang Schaeuble raised the specter of terrorism during a TV interview to defend the cyber-espionage tactics as necessary. "It's about a few isolated cases," he said, according to an Associated Press report. (Source: Securityfocus)

The article from The Spiegel mentioned some interesting parts
It all began in a small unit in the BND's Division 2. The department is responsible for "technical procurement" -- in other words, obtaining information with technical means, which mainly involves the wiretapping of telecommunications, called "signals intelligence" in industry jargon. In 2006, Division 2 consisted of 13 specialist departments and a management team (Department 20A), employing about 1,000 people. The departments are known by their German acronyms, like MOFA (mobile and operational telecommunications intelligence gathering), FAKT (cable telecommunications intelligence gathering) and OPUS (operational support and wiretapping technology).

In early June 2006, the OPUS team in department 26E launched an intelligence attack against Afghanistan. The details could have been taken from a Hollywood thriller, and the scope of the operation was far greater than has been revealed to date. According to the BND's secret allocation of responsibilities, OPUS is in charge of "technical and operational attacks on IT systems," a more or less accurate description of its agents' work.

So you see, not only China has a cyberintelligence division.

Related articles:

No comments: