Police backdoor discovered in Italian server

"On 21 June 2005 the Italian collective Austistici/Inventati discovered a major police backdoor in their server. The server hosts a large number of websites, mailboxes, mailing lists and Internet services for NGOs, grassroots activists and public interest associations. The backdoor was installed over a year ago, on 15 June 2004 by the Italian 'Polizia Postale' (Postal Police), after a seizure ordered by the Procura di Bologna (Office of the Public Prosecutor in Bologna) in the context of an investigation into the anarchist collective Crocenera.

The legal owners of the server ('Investici', a legally recognised association) were not informed, nor by the police nor by the public prosecutor. The provider claimed that the downtime - caused by the Police putting the server off-line - was due to a power outage.

The police gained access to the private SSL certificate stored on the server and installed several tools to monitor, intercept and decrypt all the traffic going through the server - not only the traffic that was actually relevant to the investigations."

No comments: