Easter Egg in Government-Sanctioned Trojan Proves Programmer Humor Not Dead

An easter egg hidden in a commercial spyware product from Gamma International proves once again that programmer`s humor is not dead, even when government interests are at stake. According to an analysis report from Claudio Guarnieri, a researcher at Rapid7, the FinFisher Lawful Interception malware responds with “Hallo Steffi!” whenever their servers are queried.

This is presumed to be an internal joke, but also reveals that the Trojan has probably been coded in Germany, or at least by German-speaking developers.

Easter eggs are undocumented features usually included by programmers just for fun. Once extremely popular in major applications and operating systems (including products from Microsoft, such as the Microsoft Bear, the Microsoft Bunny or the Word 97 Pinball game), they have been phased out because of government regulations regarding undocumented features (the Trustworthy Computing Initiative).

The FinFisher FinSpy Trojan is used by the federal government in Germany and uses a decentralized command-and-control infrastructure with servers in Ethiopia, Australia, Dubai, Estonia, Indonesia, Qatar, Latvia, Mongolia, the Czech Republic and the US. The Trojan surfaced as it was revealed as the main instrument of espionage for political activists in Bahrain.