Authorities are increasingly using “state Trojans” to monitor chats. The controversial tool is becoming increasingly important for counter-espionage purposes – including the recent arrest of suspected Russian agents.
A small group of men and women meet once a month in a plain, tap-proof room under the Bundestag in Berlin. The G10 Commission is a body that is hardly known to the public – with quite far-reaching powers. Its members decide whether the German intelligence services are allowed to wiretap a person in this country or not.
The Office for the Protection of the Constitution must therefore obtain prior approval from the G10 controllers before the telephone or email account of a terrorist, extremist or agent can be monitored. For some time now, applications have not only included a column for telephone numbers and email addresses, but also for messenger services such as WhatsApp or Telegram.
In order to monitor such communication, software is secretly installed on a target person’s cell phone or computer, usually called a “state Trojan” or “federal Trojan.” This quite controversial tool is, according to information from WDR and NDR increasingly important for the protection of the constitution. In several recent cases involving suspicions of espionage and terrorism, the domestic intelligence service has successfully used such surveillance programs.
Chat monitoring allowed since 2021
For example, the communications of the two suspected Russian agents who were arrested in Bayreuth in mid-April were allegedly monitored by the Federal Office for the Protection of the Constitution (BfV). This would have enabled the Federal Office for the Protection of the Constitution to establish that the German-Russian Dieter S. was said to have been in contact with a person in Russia who probably had a connection to a Russian secret service. He is said to have received orders from this person. Dieter S. is also said to have agreed to carry out sabotage attacks against military transport and infrastructure in Germany. The Russian embassy rejected all allegations.
In June 2021, the Bundestag changed the constitutional protection law. Since then, the intelligence services have been allowed to secretly use spying software to monitor chats, for example. This source telecommunications monitoring (source TKÜ) is necessary in order to be able to read encrypted communications, which the security authorities now have to deal with on a regular basis. The Office for the Protection of the Constitution is also permitted to use the so-called extended source TKÜ. This means that the authority is not only allowed to access ongoing communication, but also evaluate previous chat messages.
Increased use of “State Trojans”
The police have been allowed to carry out this type of surveillance since a change to the Code of Criminal Procedure in the summer of 2017. It is allowed to use “state trojans” to prosecute certain crimes. In contrast to the Office for the Protection of the Constitution, the police are not only allowed to carry out the source TKÜ, but also the online search. This refers to the secret analysis and evaluation of files stored on computers and mobile phones, such as photos, videos or text documents.
According to official judicial statistics, German police authorities nationwide used the “state trojan” for the source TKÜ exactly 49 times in 2022. The previous year there were only 32 times. The online search took place only six times in 2022, and it was carried out nine times in 2021. Figures for the past and current years are not yet available.
Report or use software gaps?
The “state trojan” is considered one of the most controversial tools used by the German security authorities. The spying programs exploit vulnerabilities in software that can also be used by criminals. Therefore, a tension arises in the question: Should insecure software be exploited for surveillance measures, or should these vulnerabilities be reported to the manufacturers and thus closed?
The federal government of the traffic light coalition has announced that it will introduce so-called vulnerability management to counter this conflict. This is intended to clearly regulate which vulnerabilities should be reported and which should not. To date, such management does not exist. The Federal Ministry of the Interior is in charge of this project.
It is also questionable whether such “vulnerability management” is really practical: In addition to the self-developed “state Trojans”, the security authorities primarily use commercially purchased programs. However, the manufacturers of such spying software usually do not disclose the exact functionality. It remains unclear which vulnerabilities these Trojans actually exploit.
Vulnerabilities are available for purchase
Knowledge about the software gaps that allow spy programs to be installed and used unnoticed is in great demand. And not just for software manufacturers like Microsoft or Apple, who want to use this to make their products more secure. Cybercriminals and foreign secret services also buy this knowledge for large sums of money. A Microsoft vulnerability is currently being offered for sale on an Internet forum for $250,000.
Authoritarian states also use Trojans
Critics of the “state trojan” therefore argue that the purchase of such tools by government agencies also leads to the often gray or black market of software vulnerabilities being fueled.
In addition, according to criticism from Amnesty International, for example, the so-called “spyware” is not only used by certain manufacturers for law enforcement purposes. In recent years, authoritarian regimes and dictatorships have also acquired commercial spying programs such as “Pegasus” from the Israeli company NSO Group in order to monitor opposition figures, journalists or human rights activists.
Political scandal over the use of Trojans in Poland
In Poland, the mass use of the “state trojan” is currently causing a political scandal. According to investigations by the new Polish government, the previous government of the PiS party is said to have used the “Pegasus” surveillance software in hundreds of cases against opposition politicians, media representatives and prosecutors since 2019.
The Trojan is said to have been used so excessively in Poland that the Israeli manufacturing company revoked the country’s license. In Spain, on the other hand, it was decided this week to have the “Pegasus” operation by the authorities there investigated as part of a parliamentary committee of inquiry.