The Associated Press recently reported on the German government’s plans to use Trojan Horse software, or policeware, to eavesdrop on terrorist suspects electronic communications (source). A Trojan Horse is malicious software that performs a series of unauthorized actions such as opening a backdoor or logging keystrokes on the suspects infected computer.
According to media reports German authorities send emails that appeared to originate from the Finance Ministry or the Youth Services Office to terrorism suspects (source). While it wasn’t explicitly stated, these emails would presumably include an attachment that contained the Trojan Horse.
Objections to the Plan
Critics of this plan have raised multiple objections. Some experts have noted a number of technical objections to the German governments plan to email Trojan Horses to terrorism suspects. For example, critics have pointed out that the tech savvy terrorist will likely run a fully patched operating system with up-to-date antivirus software and are unlikely to open suspicious or unexpected email attachments. Additionally, many critics have raised privacy concerns over the aggressive use of Trojan Horses as surveillance tools.
While there are certainly issues with Germany’s proposed plan to use Trojan Horses to monitor the electronic communications of terrorism suspects, it is possible to redesign this program and address the above concerns.
Simple Fixes
First, an altered means of dissemination should be considered. Instead of delivering the Trojan Horse via email, the German government should instead consider the delivery of policeware via terrorist websites. Many of terrorist websites, that these suspects would presumably visit, include interactive forums. In many cases these interactive forums include a “private messaging” function that allow website members to send messages to other members. Therefore, the German government could deliver the eavesdropping policeware via the more trusted and effective source of a terrorist website.
Additionally, instead of delivery the Trojan as an attachment, the German government may have more success using “phishing” tactics. Phishing tactics would include spoofing the origin of a message and seeding the message with a link to a download that included the Trojan Horse. Spoofing the message source would allow the German government to send an email that appeared to originate from a sender trusted by the terrorism suspect. Including a link to the Trojan Horse instead of sending the policeware as an attachment would allow the German government to circumvent email filters and the inherent wariness of downloading attachments.
Finally, many of the privacy concerns could be addressed via a more through review process. Presumably a legal process could be designed whereby policeware was only sent to suspects after a judge had reviewed the case and determined there was sufficient evidence to proceed with the eavesdropping operation. In other words, just as law enforcement in the US is forced to apply for warrants prior to conducting a search, the same application process could be used to manage government created policeware.
The Scope of the Problem
It has become clear that many terrorist sympathizers and operatives use the Internet to spread propaganda (Previous Report), recruit new operatives (Previous Report), raise funds (Previous Report), gather intelligence (Previous Report), and communicate with other operatives (Previous Report). As a result, it would be irresponsible for law enforcement and intelligence officials not to monitor the electronic communications of terrorism suspects albeit in a more careful manner.