SurveillanceGerman police wants to develop its own computer surveillance software
The Federal Police Office of Germany (also known as the BKA) is looking to hire software engineers who can develop computer surveillance technology for use by law enforcement and intelligence agencies in criminal investigations
The Federal Police Office of Germany (also known as the BKA) is looking to hire software engineers who can develop computer surveillance technology for use by law enforcement and intelligence agencies in criminal investigations.
PCWorld reports that a recruitment announcement was posted earlier this month on the BKA Web site. The site says the job involves developing software that meets the technical requirements to allow “covert police access to remote computer systems.” Candidates should have advanced knowledge of C++, low level programming, system driver equipment, networking and Internet protocols, object-oriented software development, and software modeling standards.
The announcement notes that that those applying for the positions should also be fluent in the security mechanisms of Windows and other operating systems, and have experience with finding software vulnerabilities.
The use of computer surveillance or monitoring software in investigations has become more prevalent, but the tools used are usually licensed from private companies specializing in their development.
“An in-house hacking capability that could create custom cyber-surveillance tools for the BKA has potential advantages in the area of secrecy,” Stephen Cobb, a security evangelist at antivirus vendor ESET, told PCWorld. “Commercial tools are typically sold to more than one client and become known if the vendor is not careful.”
“Licensing a commercial tool also creates a paper trail that may come to light while the origins of an internally developed tool may be easier to hide,” Cobb said.
“Law enforcement, military and defense people are incapable of grasping that digital tools or weapons are inherently harder to control and contain than physical ones,” Cobb added. “The risk of blow-back is exponentially greater when dealing with a weapon of which a million perfect copies can be created and shipped to anywhere on the planet, in seconds, at zero cost.”
After the discovery last year of a Trojan which appeared to have been developed by a company called DigiTask for use by BKA, many antivirus vendors added detection for it in their programs, rendering the Trojan useless for law enforcement agencies.
“If AV companies aren’t in the loop on specific tools, they’re going to detect them as some form of spyware (if they detect them at all),” David Harley, a senior research fellow at ESET, told PCWorld. “If law enforcement agencies do approach the security industry, the precise response will vary according to circumstances, but ignoring policeware by request is both ethically and technically problematic, because a security company can’t usually tell whether a specific instance of the software is legitimate or not.”
Hartley says that the the use of these programs by law enforcement agencies is OK if done in a lawful manner. “It’s analogous to wiretapping done in accordance with due legal process (e.g. where an appropriate warrant has been issued), and it’s perfectly logical to employ people who are familiar - or can be trained to be familiar - with the technology.”