Once installed on a computer, the software could quietly listen to conversations on Skype, log keystrokes and switch on the computer’s web-cam. It would then report this data back to servers, two of which were identified – one in the US and the other in Germany.
The program could also be remotely updated and potentially used to install and run other programs. The security company F-Secure’s Mikko Hypponen reported its own findings on the malware (malicious software) and confirmed the CCC’s analysis.
It dubbed the trojan “R2D2”, from the text “CRPO-r2d2-POE” used by the software to initiate data transfer.
Regarding the German government’s involvement in the R2D2 trojan, Mikko wrote:
“We have no reason to suspect CCC’s findings, but we can’t confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.”
But the CCC believed it had found an example of a “Bundestrojaner” (Government trojan) which, from 2007, was being used to conduct online searches of suspects by law enforcement agencies without much restriction. In 2008, a ruling by a German Constitutional Court restricted use to cases in which human lives or state property were in danger, and only after permission had been granted by a judge.
The CCC maintains the German government used a different term for the spy software o get around the restrictions on online searches: “Quellen-TKÜ”. That means “source wiretapping”, listening to conversations on sources such as Skype, for example, in order to prevent a person from encrypting the conversation.