A Trojan used by several German states to monitor Internet phone calls contains functionalities beyond the legal interception, stirring massive public concerns over the country's Internet surveillance.

A software dubbed Bundestrojaner ("federal Trojan") violates the country’s constitutional law and seriously infringes on citizens' privacy, said a hacker organization and anti-malware experts.

The software that is supposed to be a "lawful interception" program designed to monitor Internet-based phone calls as part of a legal wiretap goes far beyond the legal bounds, according to the Chaos Computer Club, a Germany-based hacker group.

"We got our hands on it and found it is doing much more than it is legally allowed to do," said Frank Rieger, a member of the club.

Germany allowed the use of the backdoor program Bundestrojan, which permits government investigators to listen in on Skype-based phone calls. Since 2008, Bundestrojan has been ruled legal by Germany's Federal Constitutional Court as long as it screened only very specific communications -- Internet telephone calls.

But the hacker club found the software, developed by a private company called DigiTask for the Bavarian police and several other states, was capable of logging keystrokes, activating cameras, monitoring Internet users' activities and sending data to government officials.

"To avoid revealing the location of the command and control server, all data are redirected through a rented dedicated server in a data center in the U.S.," the club said on its website.

The Chaos Computer Club provided samples to F-Secure, an Internet security company in Helsinki, which also found the software had capabilities to intercept data entered into applications such as the web browser Firefox, the instant messaging programs MSN and ICQ.

Another renowned antivirus vendor, Kaspersky Lab, also said the program has the capability of monitoring traffic from 15 Internet programs after the security company analyzed the software's all five components.

"Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows," said Tillmann Werner, a security researcher with Kaspersky in Germany.

"Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total."

The list of targeted applications includes major browsers, including Internet Explorer, Firefox and Opera, as well programs with VoIP and data encryption functionality, including ICQ, MSN Messenger, Yahoo Messenger, Skype, Low-Rate VoIP, CounterPath X-Lite and Paltalk.

Germany's Justice Minister Sabine Leutheusser-Schnarrenberger called on the federal and state governments to launch a joint investigation into the matter, The German broadcaster Seutsche Welle reported on Oct. 11.

"The citizen, in both the public and private spheres, must be protected from snooping through strict state control mechanisms," Leutheusser-Schnarrenberger alleged.

But this scandal still stirred massive public concern in Germany.

"It would be a very grave incident and clearly against the law should the allegation be accurate," Wolfgang Bosbach, chairman of the German parliament’s interior-affairs committee, was quoted by Germany's Deutschlandfunk radio as saying.

Marco Buschmann, a free Democrat member of German parliament, told GlobalPost that while suspected criminals and terrorists need to be investigated, people’s freedoms also need to be protected.

"That includes the freedom to use my computer without worrying that it could potentially be spied on, whether by the state or by criminals," Buschmann added.

"This example shows how dangerous it is when one allows the state the possibility of such wide-ranging invasions of privacy. When one has such a tool then the temptation is too great to overstep the limits," Privacy attorney Starostik was quoted as saying by GlobalPost.

"The (government) should put an end to the ever growing expansion of computer spying that has been getting out of hand in recent years, and finally come up with an unambiguous definition for the digital privacy sphere and with a way to protect it effectively," the Chaos Computer Club said in a statement.

"Unfortunately, for too long the (government) has been guided by demands for technical surveillance, not by values like freedom or the question of how to protect our values in a digital world," the club added.

Xinhua