Are commercial anti-spyware programmes useless against government trojans and spyware?

Subject: Are commercial anti-spyware programmes useless against government trojans and spyware?

From: Nathan Allonby <nathan.allonby@talktalk.net>

Date: 1/12/12, 07:30

To: Barrett Brown <barriticus@gmail.com>

Dear Barrett Brown,

Are commercial anti-spyware programmes useless against government trojans and spyware? This is a question that the anti-spyware vendors do not want to answer.

The technical details of the trojan used by the Federal German police were discovered and published recently (article below)
Anatomy of a digital pest – the Staatstrojaner surveillance program | Frank Rieger | Chaos Computer Club

I wrote to the four largest anti-spyware vendors, including Kapersky, asking whether their products could find and remove this trojan. Guess what? No reply from any of them.

Now, I had hoped to write a story about this but, in view of this non-response, this now requires a credentialled journalist, such as yourself. If one vendor had refused to reply, it would be possible to write story along the lines of "A, B and C gave only non-committal replies and D did not reply at all, despite repeated approaches"

I am writing to you because of your excellent piece in the Guardian - you clearly have a grasp of this subject.

A virtual secret state: the military-industrial complex 2.0
US reliance on private contractors is seeing a sinister focus on surveillance of citizens instead of defence against cyber attack

Yours was one of several excellent articles on trojans and surveillance malware to appear recently.

The following article contained an intelligent comment about the vulnerability of individuals' PCs

Governments turn to hacking techniques for surveillance of citizens | Ryan Gallagher | guardian.co.uk

The growth in the use of these methods across the world, Appelbaum believes, means governments now have a vested interest in keeping computer users' security open to vulnerabilities. "Intelligence [agencies] want to keep computers weak as it makes it easier to surveil you," he says, adding that an increase in demand for such technology among law enforcement agencies is of equal concern.

In effect, the entire article implied that there is a whole industry trading on its ability to defeat normal PC security measures.

The article about the German police trojan, above, suggested that it was crude by comparison with the latest criminal spyware. By implication, if the anti-spyware could not find the police trojan then it would not find criminal spyware either. The article does not mention how the trojan was found or how long it may have been on the infected machines - they merely say that hard discs were sent to them in brown envelopes - but the fact that several discs were sent, and that the trojan files had been modified, suggests it had been on the discs for a while and that any anti-spyware had not found them .

There is a strong possibility that commercial anti-spyware may be ineffective, and may actually deceive users with a false sense of security.

I do hope you pick up this story and run with it.

Best regards,

Nathan Allonby