How the German “Federal Trojan” was actually used
After the Chaos Computer Club hackers made public the results of their analysis of a few samples of the so-called “Federal Trojan” and found it capable of more than just monitoring VoIP conversations, Bavarian Interior Minister Joachim Herrmann made sure to state that it was used only for telecommunication surveillance of suspects and only in investigations involving “serious crime”, i.e. that threatened citizens’ “life, limb or liberty”.
Except, as it turns out, it isn’t strictly true. According to Bavarian newspaper Süddeutsche Zeitung (via Google Translate), Bavarian law enforcement agents used it in five different cases, none of which falls under the above mentioned category.
There was the investigation into a suspect’s involvement in the trade of drugs (illicit pharmaceuticals) that indirectly resulted in the suspect’s lawyer giving a sample of the Trojan to the CCC.
Other investigations involved a gang of people who “sold” electronic appliances online and never shipped them to the buyers; a gang of people who stole clothing and personal hygiene items and sold them abroad; an individual who sold doping substances to club bouncers.
The Trojan was also occasionally used in other German states, but regularly for investigations involving organized crime and crimes that would be more likely considered “petty” than “serious”.
According to the newspaper, the first version of the Trojan offered to the German Federal Office of Criminal Investigation (BKA) by the DigiTask company was rejected because it could achieve screenshot taking capabilities by simple modification.
The second one, which allowed solely telecommunication surveillance was accepted. Allegedly, the version analyzed by the CCC is the earlier one.