Paybacks are hell: Parental spying prompts infiltration of German police system

Filed Under: Data loss, Featured, Law & order, Malware, Privacy

Laptop spywareDer Spiegel published a story in yesterday's edition of their magazine that the hack on the German police surveillance system "Patras" was prompted by a senior officer spying on his daughter's internet activities.

The Patras system is used by the police to track suspects using so-called "silent" SMSs and GPS tracking devices planted on automobiles.

It appears that a senior policeman from Frankfurt am Main installed spyware onto his daughter's computer to keep an eye on her online activities.

It is unclear whether this is legal under German law. It is also unknown whether he used the famous Bundestrojaner or some sort of commercial off-the-shelf spyware.

One of his daughters friends then discovered the spyware on her computer and decided that was justification enough to hack into her father's computer.

Upon invading her dad's system he found a selection of sensitive security related emails that enabled access to the Patras system. Two German hackers from a group called n0n4m3 cr3w (noname crew) were arrested after the system was breached in July of 2011.

According to Der Spiegel the policeman had redirected his work emails to his home computer. I expect that this is against the rules and is almost always a bad idea.

Yubikey by YubicoThe worst part is that such a sensitive network used to covertly track people was accessible without any sort of two-factor authentication.

You would hope that intercepting a few sensitive emails would not provide enough information to allow a VPN connection or access critical infrastructure with such ease.

It is not clear whether this incident is the one that resulted in the successful attack against Patras last summer, or whether they were in fact breached twice.

It is one thing to accept the need of law enforcement to track suspects after receiving the approval of a judge, but it is becoming clear that access to these systems is too easy. It almost invites abuse and could result in criminal cases being compromised.

With great power comes great responsibility, and hopefully the German police have implemented more strict access controls and other authorities with similar power have heard this story and will look into their own security.

, , , , , ,

You might like

One Response to Paybacks are hell: Parental spying prompts infiltration of German police system

  1. Goatama · 985 days ago

    If you click on the first link of the article, the one going to Der Spiegel and then translate it using the Chrome translator, it indicates that this is the second breach of this system.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.