An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club.
The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club.
It has long been rumored that the German government was interested in developing an application to intercept Skype. Three years ago, documents released by WikiLeaks purported to show a proposal by a Bavarian company, DigiTask, offering to develop such a tool.
Press officials contacted on Monday morning at Germany's Interior Ministry were unable to immediately answer questions. On Sunday, Steffen Seibert [cq], a spokesman for Germany's Federal Press Office wrote on Twitter that the Interior Ministry said it did not use the programs examined by the Chaos Computer Club.
Seibert wrote on Twitter on Monday morning that federal and state governments were expected to issue a statement about the controversy.
The tool, called "Quellen-TKU," was developed ostensibly for wiretapping Internet phones calls, the Chaos Computer Club said. It is a lighter version of a more encompassing surveillance tool conceptualized by the German government to spy on computers in Germany but banned by the country's constitutional court in February 2008.
The court left room for the government to develop a tool specifically for wiretapping, but the Chaos Computer Club found that the versions in circulation are far more powerful than the boundaries set by the constitutional court, Rieger said.
"We got our hands on it and found it is doing much more than it is legally allowed to do," Rieger said.
DigiTask's lawyer, Winfried Seibert, said on Monday that the company is investigating whether the application examined by the Chaos Computer Club was developed by the company and should find out within a day or so. He said DigiTask has developed such programs for public authorities in Germany.
"In general, it fits," Seibert said. "We are trying to find out what it really is. We can't be 100 percent sure."
The Chaos Computer Club explains on its blog that Quellen-TKU can activate a computer's microphone and camera, which could be used for room surveillance, and take screenshots. The program can upload other applications to a computer, which could export files from the machine.
"This is clearly in violation of the constitutional court," Rieger said.
Basically, Quellen-TKU is a call recorder. It can intercept Skype calls by recording the conversation from a computer's sound card before it is encrypted by Skype. Skype's encryption has led to widespread fears in countries such as Germany and India that law enforcement would be shut out from monitoring plotting terrorists.
Sign up for Computerworld eNewsletters.