A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation. Depending on the program, government Trojan horses may intercept email or VoIP traffic, scan hard drives for relevant digital media or even record conversations and videoconferences. As this type of software captures data and then sends it back to a central server for processing and analysis without a user's knowledge, it is generally classified as a back door Trojan horse virus.
Governments have approached implementing Trojan horses in different ways. Swiss government agencies have been reported to be working with Internet service providers (ISPs) to record speech on an infected PC's microphone, as opposed to of intercepting encrypted voice packets. German agencies have sought authority to plant Trojan horses on the hard drives of suspected criminals using email that would install keyloggers, record webcams and microphones and scan infected hard drives for for documents, diagrams and photography. These email messages would be tailored to each unique target, similar to the method used in spear phishing attacks.
The German government received widespread attention in 2007 when its Interior Minister disclosed a plan to install Trojan horses. Switzerland and Austria have been reported to have similar programs in development. Romania, Cyprus, Latvia and Spain already have laws that allow "online searches." Chinese covert intelligence bodies have also been associated with Trojan horse activity against both other governments and private industry. The Federal Bureau of Investigation (FBI) is known to use a tool called CIPAV (computer and Internet Protocol address verifier) that can record IP addresses and send the data back to government computers. Given recent disclosures of warrantless wiretapping, the FBI may well be conducting covert surveillance of hard drives. Although no official U.S. government Trojan program is known to exist, past revelations regarding the NSA's Total Information Awareness (TIA) project and Echelon, a signals intelligence (SIGINT) collection and analysis network operated by the U.S. government in cooperation with several other nations, make the existence of such a program credible.
For many years, hackers and crackers have been attacking government networks and computers to try to gain access to classified information, financial or personal data, or to simply embarrass agencies that fail to take appropriate measures. Government Trojans represent a step in turning the tables on cybercriminals by using a proven mechanism for capturing data covertly. As Al Queda, organized crime and rogue states increasingly turn to modern information technology tools for planning, organization and even so-called "cyberwars," the development of more robust information gathering mechanisms by government agencies is a natural and important step in combating malicious activity.
As with other forms of electronic surveillance, however, the potential for governmental abuse of the techology is significant. If government agencies are able to establish partnerships with hardware manufacturers similar to the assistance in the past provided by telecommunications companies to government agencies requesting phone records, even informed consumers may be able to do little to detect or defuse back door malware. As laws and controls on new ways of monitoring citizens have typically lagged technological innovation, the best protection concerned citizens have against unwanted surveillance may be to use spyware scanners and watch activity logs for unexpected network activity.