CCC criticises new version of government trojan
The CCC (Chaos Computer Club) has analysedGerman language link the more recent version of Digitask's German government trojan that was discovered by Kaspersky. This version dates back to December 2010 and has not yet been associated with an actual case. The analysis focused on the improvements that were made to fix the previous version's weaknesses, and on the postulated "audit-proof logging" of all activities.
The CCC's "reversers" found that, while improvements were indeed made, these improvements are by no means sufficient to allow collection of evidence that is consistent with regulations.
According to the CCC, the 2010 model does encrypt data traffic in both directions, and it does include rudimentary authentication mechanisms, but it uses the same AES key as the version that is three years older. Furthermore, nothing appears to have changed about the embarrassing use of AES encryption's ECB mode. The CCC said that after briefly analysing a trojan, it is still possible to listen to, and even manipulate, all communications between the trojan and its C&C server.