September 04, 2012, 6:28 PM — The Federal Criminal Police Office of Germany, also known as the BKA, is looking to hire software engineers who can develop remote computer surveillance technologies for use in criminal investigations.
According to a recruitment announcement posted last Thursday on the BKA website, the job involves developing software that meets the technical requirements to allow "covert police access to remote computer systems."
Candidates are expected to have very good knowledge of C++, low-level programming, system driver development, networking and Internet protocols, object-oriented software development and software modelling standards.
However, the BKA wants more than just a good developer. As well as programming skills, they want someone who knows the security mechanisms of Windows and other operating systems and who has experience with finding software vulnerabilities.
Law enforcement and intelligence agencies from around the world are increasingly using computer surveillance or monitoring software in their investigations. However, such tools are usually licensed from private companies that specialize in their development.
"An in-house hacking capability that could create custom cyber-surveillance tools for the BKA has potential advantages in the area of secrecy," Stephen Cobb, a security evangelist at antivirus vendor ESET, said Tuesday via email. "Commercial tools are typically sold to more than one client and become known if the vendor is not careful."
"Licensing a commercial tool also creates a paper trail that may come to light while the origins of an internally developed tool may be easier to hide," Cobb said.
The security of such software could be another reason why a law enforcement agency like the BKA might want to handle its development internally.
A computer Trojan believed to have been developed by a German company called DigiTask for use by the BKA in criminal investigations was discovered in Germany last year.
According to the Chaos Computer Club, a well-known European hacker club, the Trojan had security holes that could have allowed attackers to take control of the monitored systems or submit fake data to the authorities.