COMMENT: The recent sale of T Mobile to AT & T involved the transfer of slightly over 5 percent of A T & T’s stock to Deutsche Telekom. (Deutsche Telekom, controlled by the German government, is the former parent company of T Mobile.)
Like all the German core corporations, DT is effectively controlled by the Bormann capital network, evolved from the Third Reich. FTR #152 highlights Deutsche Telekom’s entry into the U.S. mobile phone market.
A recent New York Times article should give pause for reflection for those concerned with civil liberties and privacy in the brave new world of high tech.
EXCERPT: A favorite pastime of Internet users is to share their location: services like Google Latitude can inform friends when you are nearby; another, Foursquare, has turned reporting these updates into a game.
But as a German Green party politician, Malte Spitz, recently learned, we are already continually being tracked whether we volunteer to be or not. Cellphone companies do not typically divulge how much information they collect, so Mr. Spitz went to court to find out exactly what his cellphone company, Deutsche Telekom, knew about his whereabouts.
The results were astounding. In a six-month period — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had recorded and saved his longitude and latitude coordinates more than 35,000 times. It traced him from a train on the way to Erlangen at the start through to that last night, when he was home in Berlin.
Mr. Spitz has provided a rare glimpse — an unprecedented one, privacy experts say — of what is being collected as we walk around with our phones. Unlike many online services and Web sites that must send “cookies” to a user’s computer to try to link its traffic to a specific person, cellphone companies simply have to sit back and hit “record.”
“We are all walking around with little tags, and our tag has a phone number associated with it, who we called and what we do with the phone,” said Sarah E. Williams, an expert on graphic information at Columbia University’s architecture school. “We don’t even know we are giving up that data.”
Tracking a customer’s whereabouts is part and parcel of what phone companies do for a living. Every seven seconds or so, the phone company of someone with a working cellphone is determining the nearest tower, so as to most efficiently route calls. And for billing reasons, they track where the call is coming from and how long it has lasted.
“At any given instant, a cell company has to know where you are; it is constantly registering with the tower with the strongest signal,” said Matthew Blaze, a professor of computer and information science at the University of Pennsylvania who has testified before Congress on the issue.
Mr. Spitz’s information, Mr. Blaze pointed out, was not based on those frequent updates, but on how often Mr. Spitz checked his e‑mail. . . .
http://redtape.msnbc.msn.com/_news/2011/10/08/8228095-chaos-computer-club-german-govt-software-can-spy-on-citizens
Chaos Computer Club: German gov’t software can spy on citizens
A well-regarded Germany-based hacker group claims a German government-created Trojan horse program is capable of secretly spying on Web users without their consent.
The group says on its website that it obtained and analyzed a piece of software that is supposed to be a “lawful interception” program designed to listen in on Internet-based phone calls as part of a legal wiretap, but its capabilities go far beyond legal bounds.
The program is capable of logging keystrokes, activating Webcams, monitoring Web users’ activities and sending mountains of data to government officials, the club said.
To cover its tracks, the data is routed through rented servers located in the United States, the club alleges.
“To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA,” the Club said on its website.
The German government has yet to comment on the findings, but already, antivirus companies are reacting to them. Security firm F‑Secure will detect and disable the alleged government monitoring software if found on clients’ computers, it announced on Saturday.
“Yes, it is possible the Trojan found by CCC is written by the German government. We just can’t confirm that,” said Mikko Hypponen, F‑Secure’s chief technology officer, via Twitter.
The program, labeled a “backdoor” because it can open a computer to surreptitious access, targets certain applications for keylogging, including Firefox, Skype, MSN Messenger, ICQ and others, according to F‑Secure.
“We do not know who created this backdoor and what it was used for,” Hypponen wrote on F‑Secure’s blog. “(But) We have no reason to suspect CCC’s findings.”
German courts have long allowed use of a backdoor program known as “Bundestrojan” — “federal Trojan,” in English — which permits government investigators to listen in on Skype-based phone calls as part of a legal wiretap order. Skype and other kinds of Internet phone calls that can be encrypted are particularly troubling for law enforcement, because they can be used by suspects to evade wiretaps.
After a court battle in 2008, Bundestrojan was ruled legal as long as it screened only very specific communications — essentially, Internet telephone calls.
But the Chaos Computer Club announced Saturday that it had obtained a copy of what it believed was a copy Bundestrojan, and that the program has capabilities that go far beyond legal wiretapping. In addition to keylogging and screen shots, the software is also capable of remote control and upgrade.
“This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown Trojan is possible in practice – or even desired.... The Trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court,” said the club on its site. “Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case, functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system.”
The club also criticized security measures put in place by programmers of the alleged Trojan. Poor encryption implementation means a malicious third-party could intercept the government communications, or take control of government-infected machines, it said.
“This complete control over the infected PC – owing to the poor craftsmanship that went into this trojan – is open not just to the agency that put it there, but to everyone,” the club said. “The security level this trojan leaves the infected systems in is comparable to it setting all passwords to ‘1234.’ ”
Worse yet, the flaws make it possible to place false evidence on a suspect’s computer.
“(This) puts the whole rationale for this method of investigation into question,” the club said.
The well-regarded hacker group, founded in the 1970s, didn’t say where it had obtained the program, but said it had analyzed several different copies. It said the German Ministry of the Interior had been informed about the findings, and the club publicly demand that the German government stop using the program and initiate its self-destruction capabilities.
While Bundestrojan is designed to tap communications of suspects after a government official obtain permission from a German court, there is no technical reason that the software could not be used on U.S. citizens traveling in Germany, or even on Web users who are outside of Germany.
Government use of voice-over-IP monitoring software first came to light in 2006 when the Swiss government announced it was considering software written by Swiss-based ERA IT Solutions. At the time, Switzerland said the program’s use would require a court order.
Antivirus companies have long held that they would detect and disable any such government-monitoring software found on users’ machines. That public stance dates from 2001, when an msnbc.com report revealed that the FBI had developed a Trojan called Magic Lantern, which had capabilities similar to Bundestrojan. F‑Secure’s policy statement on Bundestrojan references Magic Lantern.