Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

News & Supplemental  

Deutsche Telekom Uber Alles (Bormann in Your Ear)

COMMENT: The recent sale of  T Mobile to AT & T  involved the trans­fer of slight­ly over 5 per­cent of A T & T’s stock to Deutsche Telekom. (Deutsche Telekom, con­trolled by the Ger­man gov­ern­ment, is the for­mer par­ent com­pa­ny of T Mobile.)

It is not clear if this will give DT access to A T & T’s data­base. With Deutsche Telekom being an annex of the Ger­man gov­ern­ment, the impli­ca­tions of this deal are sig­nif­i­cant, for espi­onage as well as com­mer­cial rea­sons.

Like all the Ger­man core cor­po­ra­tions, DT is effec­tive­ly con­trolled by the Bor­mann cap­i­tal net­work, evolved from the Third Reich. FTR #152 high­lights Deutsche Telekom’s entry into the U.S. mobile phone mar­ket.

A recent New York Times arti­cle should give pause for reflec­tion for those con­cerned with civ­il lib­er­ties and pri­va­cy in the brave new world of high tech.

“It’s Track­ing Your Every Move and You May Not Even Know” by Noam Cohen; The New York Times; 3/26/2011.

EXCERPT: A favorite pas­time of Inter­net users is to share their loca­tion: ser­vices like Google Lat­i­tude can inform friends when you are near­by; anoth­er, Foursquare, has turned report­ing these updates into a game.

But as a Ger­man Green par­ty politi­cian, Malte Spitz, recent­ly learned, we are already con­tin­u­al­ly being tracked whether we vol­un­teer to be or not. Cell­phone com­pa­nies do not typ­i­cal­ly divulge how much infor­ma­tion they col­lect, so Mr. Spitz went to court to find out exact­ly what his cell­phone com­pa­ny, Deutsche Telekom, knew about his where­abouts.

The results were astound­ing. In a six-month peri­od — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had record­ed and saved his lon­gi­tude and lat­i­tude coor­di­nates more than 35,000 times. It traced him from a train on the way to Erlan­gen at the start through to that last night, when he was home in Berlin.

Mr. Spitz has pro­vid­ed a rare glimpse — an unprece­dent­ed one, pri­va­cy experts say — of what is being col­lect­ed as we walk around with our phones. Unlike many online ser­vices and Web sites that must send “cook­ies” to a user’s com­put­er to try to link its traf­fic to a spe­cif­ic per­son, cell­phone com­pa­nies sim­ply have to sit back and hit “record.”

“We are all walk­ing around with lit­tle tags, and our tag has a phone num­ber asso­ci­at­ed with it, who we called and what we do with the phone,” said Sarah E. Williams, an expert on graph­ic infor­ma­tion at Colum­bia University’s archi­tec­ture school. “We don’t even know we are giv­ing up that data.”

Track­ing a customer’s where­abouts is part and par­cel of what phone com­pa­nies do for a liv­ing. Every sev­en sec­onds or so, the phone com­pa­ny of some­one with a work­ing cell­phone is deter­min­ing the near­est tow­er, so as to most effi­cient­ly route calls. And for billing rea­sons, they track where the call is com­ing from and how long it has last­ed.

“At any giv­en instant, a cell com­pa­ny has to know where you are; it is con­stant­ly reg­is­ter­ing with the tow­er with the strongest sig­nal,” said Matthew Blaze, a pro­fes­sor of com­put­er and infor­ma­tion sci­ence at the Uni­ver­si­ty of Penn­syl­va­nia who has tes­ti­fied before Con­gress on the issue.

Mr. Spitz’s infor­ma­tion, Mr. Blaze point­ed out, was not based on those fre­quent updates, but on how often Mr. Spitz checked his e‑mail. . . .

Discussion

One comment for “Deutsche Telekom Uber Alles (Bormann in Your Ear)”

  1. http://redtape.msnbc.msn.com/_news/2011/10/08/8228095-chaos-computer-club-german-govt-software-can-spy-on-citizens

    Chaos Com­put­er Club: Ger­man gov­’t soft­ware can spy on cit­i­zens

    A well-regard­ed Ger­many-based hack­er group claims a Ger­man gov­ern­ment-cre­at­ed Tro­jan horse pro­gram is capa­ble of secret­ly spy­ing on Web users with­out their con­sent.

    The group says on its web­site that it obtained and ana­lyzed a piece of soft­ware that is sup­posed to be a “law­ful inter­cep­tion” pro­gram designed to lis­ten in on Inter­net-based phone calls as part of a legal wire­tap, but its capa­bil­i­ties go far beyond legal bounds.

    The pro­gram is capa­ble of log­ging key­strokes, acti­vat­ing Web­cams, mon­i­tor­ing Web users’ activ­i­ties and send­ing moun­tains of data to gov­ern­ment offi­cials, the club said.

    To cov­er its tracks, the data is rout­ed through rent­ed servers locat­ed in the Unit­ed States, the club alleges.
    “To avoid reveal­ing the loca­tion of the com­mand and con­trol serv­er, all data is redi­rect­ed through a rent­ed ded­i­cat­ed serv­er in a data cen­ter in the USA,” the Club said on its web­site.

    The Ger­man gov­ern­ment has yet to com­ment on the find­ings, but already, antivirus com­pa­nies are react­ing to them. Secu­ri­ty firm F‑Secure will detect and dis­able the alleged gov­ern­ment mon­i­tor­ing soft­ware if found on clients’ com­put­ers, it announced on Sat­ur­day.

    “Yes, it is pos­si­ble the Tro­jan found by CCC is writ­ten by the Ger­man gov­ern­ment. We just can’t con­firm that,” said Mikko Hyp­po­nen, F‑Secure’s chief tech­nol­o­gy offi­cer, via Twit­ter.

    The pro­gram, labeled a “back­door” because it can open a com­put­er to sur­rep­ti­tious access, tar­gets cer­tain appli­ca­tions for key­log­ging, includ­ing Fire­fox, Skype, MSN Mes­sen­ger, ICQ and oth­ers, accord­ing to F‑Secure.

    “We do not know who cre­at­ed this back­door and what it was used for,” Hyp­po­nen wrote on F‑Secure’s blog. “(But) We have no rea­son to sus­pect CCC’s find­ings.”

    Ger­man courts have long allowed use of a back­door pro­gram known as “Bun­de­stro­jan” — “fed­er­al Tro­jan,” in Eng­lish — which per­mits gov­ern­ment inves­ti­ga­tors to lis­ten in on Skype-based phone calls as part of a legal wire­tap order. Skype and oth­er kinds of Inter­net phone calls that can be encrypt­ed are par­tic­u­lar­ly trou­bling for law enforce­ment, because they can be used by sus­pects to evade wire­taps.

    After a court bat­tle in 2008, Bun­de­stro­jan was ruled legal as long as it screened only very spe­cif­ic com­mu­ni­ca­tions — essen­tial­ly, Inter­net tele­phone calls.

    But the Chaos Com­put­er Club announced Sat­ur­day that it had obtained a copy of what it believed was a copy Bun­de­stro­jan, and that the pro­gram has capa­bil­i­ties that go far beyond legal wire­tap­ping. In addi­tion to key­log­ging and screen shots, the soft­ware is also capa­ble of remote con­trol and upgrade.

    “This refutes the claim that an effec­tive sep­a­ra­tion of just wire­tap­ping inter­net tele­pho­ny and a full-blown Tro­jan is pos­si­ble in prac­tice – or even desired.... The Tro­jan’s devel­op­ers nev­er even tried to put in tech­ni­cal safe­guards to make sure the mal­ware can exclu­sive­ly be used for wire­tap­ping inter­net tele­pho­ny, as set forth by the con­sti­tu­tion court,” said the club on its site. “Our analy­sis revealed once again that law enforce­ment agen­cies will over­step their author­i­ty if not watched care­ful­ly. In this case, func­tions clear­ly intend­ed for break­ing the law were imple­ment­ed in this mal­ware: they were meant for upload­ing and exe­cut­ing arbi­trary code on the tar­get­ed sys­tem.”

    The club also crit­i­cized secu­ri­ty mea­sures put in place by pro­gram­mers of the alleged Tro­jan. Poor encryp­tion imple­men­ta­tion means a mali­cious third-par­ty could inter­cept the gov­ern­ment com­mu­ni­ca­tions, or take con­trol of gov­ern­ment-infect­ed machines, it said.

    “This com­plete con­trol over the infect­ed PC – owing to the poor crafts­man­ship that went into this tro­jan – is open not just to the agency that put it there, but to every­one,” the club said. “The secu­ri­ty lev­el this tro­jan leaves the infect­ed sys­tems in is com­pa­ra­ble to it set­ting all pass­words to ‘1234.’ ”

    Worse yet, the flaws make it pos­si­ble to place false evi­dence on a sus­pec­t’s com­put­er.

    “(This) puts the whole ratio­nale for this method of inves­ti­ga­tion into ques­tion,” the club said.

    The well-regard­ed hack­er group, found­ed in the 1970s, did­n’t say where it had obtained the pro­gram, but said it had ana­lyzed sev­er­al dif­fer­ent copies. It said the Ger­man Min­istry of the Inte­ri­or had been informed about the find­ings, and the club pub­licly demand that the Ger­man gov­ern­ment stop using the pro­gram and ini­ti­ate its self-destruc­tion capa­bil­i­ties.

    While Bun­de­stro­jan is designed to tap com­mu­ni­ca­tions of sus­pects after a gov­ern­ment offi­cial obtain per­mis­sion from a Ger­man court, there is no tech­ni­cal rea­son that the soft­ware could not be used on U.S. cit­i­zens trav­el­ing in Ger­many, or even on Web users who are out­side of Ger­many.
    Gov­ern­ment use of voice-over-IP mon­i­tor­ing soft­ware first came to light in 2006 when the Swiss gov­ern­ment announced it was con­sid­er­ing soft­ware writ­ten by Swiss-based ERA IT Solu­tions. At the time, Switzer­land said the pro­gram’s use would require a court order.

    Antivirus com­pa­nies have long held that they would detect and dis­able any such gov­ern­ment-mon­i­tor­ing soft­ware found on users’ machines. That pub­lic stance dates from 2001, when an msnbc.com report revealed that the FBI had devel­oped a Tro­jan called Mag­ic Lantern, which had capa­bil­i­ties sim­i­lar to Bun­de­stro­jan. F‑Secure’s pol­i­cy state­ment on Bun­de­stro­jan ref­er­ences Mag­ic Lantern.

    Posted by R. Wilson | October 9, 2011, 10:19 am

Post a comment