TrendEU considers allowing police to place Trojans on suspects' computers

Published 1 December 2008

Remote searches of suspects’ computers could become a mainstay of cybercrime investigations under a new EU strategy announced last week

The member states of the European Union are worried about growing cyber crime, and the EU Council of Ministers agreed that law enforcement agencies should have the ability to do remote searches of suspects’ computers. The ministers also agreed to loser cooperation between law enforcement agencies across Europe, including joint investigation teams. The five-year plan devised by the ministers also includes more information exchange on best practices, criminal trends and the like between law enforcement agencies and the private sector, and more cyber patrols.

The financial impact of cybercrime on Europe remains difficult to estimate (a recent authoritative Symantec report on global Internet crime said that some $276 million worth of credit cards, bank account info, security exploits, and hacker tools were up for sale on online web forums and Internet relay chat channels; see 25 November 2008 HS Daily Wire). The Register’s John Leyden writes that as a short-term fix the EU has earmarked €300,000 for Europol to establish a clearing house for crimes committed on the Internet, such as the distribution of images of child abuse.

The EU cites computer viruses, spam, ID theft, and child pornography as its main concerns. “Images of sexually abused children available online quadrupled in the last five years and half of all Internet crime involves the production, distribution and sale of child pornography,” a declaration from the meeting states. Many of the measures agreed by the Council of Ministers continue with existing policies in areas such as closer European coordinating and cooperation in the fight against cybercrime. The increased use of remote searches stands out as a new, and controversial, direction in policy.

Leyden writes that, in practical terms, remote searches would involve planting law enforcement Trojans on suspects’ PCs. Police in Germany are most enthusiastic about pushing this tactic, despite its many potential drawbacks. For starters, infecting the PC of a target of an investigation is hit and miss. Malware is not a precision weapon, and this raises the possibility that samples of the malware might fall into the hands of cybercrooks. Even if a target does get infected, there is a good chance any security software they have installed will detect the malware. Any security vendor who agreed to turn a blind eye to state-sanctioned Trojans would risk compromising their reputation, as illustrated by the Magic Lantern controversy in the United States a few years back (the code name refers to a covert operation in which the FBI electronically installed spyware — or, rather, policeware — to MySpace account of a suspect in e-mailing bomb threats to school; the suspect was nabbed; see 19 July 2007 HS Daily Wire). Then there are the civil liberties implications of the approach and questions about whether evidence obtained using the tactic is admissible in court.

These problems notwithstanding, “the idea of a law enforcement Trojan continues to gain traction and could become mainstream within five years, if EU ministers get their way,” writes Leyden.