Germany is denying accusations it has been using malicious software to spy on people through their computers.
The Chaos Computer Club, one of Europe’s premier "white hat" hacker organizations, said over the weekend it was sent a copy of a piece of malware that is derived from a program German authorities use to use to snoop on suspected criminals.
The malware allows a cyberattacker to snatch data from a victim’s hard drive, upload programs remotely and run them, and use a computer’s camera and microphone for surveillance, the group said.
It also has weaknesses that could permit anyone to use its features, to plant falsified evidence on someone’s computer or possibly to even log in to government servers and compromise them, the club said.
It did not provide any evidence that any German security services were behind the malware, classified as a Trojan horse because it enters systems apparently benignly with the ultimate goal of exploiting them. But the group said the software is essentially the same as a program that federal authorities use to wiretap voice-over-internet phone calls.
"The analysis concludes that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony," a statement on the Chaos Computer Club website says.
Germany, with its ignominious history of Nazi and Stasi surveillance on citizens, now has some of the strongest privacy safeguards in the world. The country’s Federal Constitutional Court in 2008 forbade the state from using surreptitious software to infiltrate people’s computers except under highly restricted circumstances.
The hacker group’s statement says its analysis reveals "once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."
Germany’s Interior Ministry denied Monday that any federal security services had used the malware. Ministry spokesman Markus Beyer told reporters the software was about three years old and widely available.
A spokesman for Angela Merkel said on Twitter that the chancellor takes the situation "very seriously" and is asking Germany’s individual states to clarify whether any of them have used the Trojan program.