Sunday, October 05, 2008

Skype Intercepts

Skype security is in the news again. On Friday Skype's Josh Silverman admitted that the chinese mobile internet company TOM Online, a Skype partner, was not only filtering some content but was also intercepting chat and voice conversations on Skype based on certain keywords of interest to the chinese government . According to University of Toronto researcher Nart Villeneuve such intercepts were recorded and saved on servers. As if this was not enough, the security of these servers was breached and the content of intercepted conversation obtained.

The security breach has been fixed but the interception of Skype conversations goes on. This is not the first time Skype security is targeted. Earlier this year information was leaked on efforts by the provincial Bayern government in Germany to acquire technology for intercepting Skype's chat, voice and buddy lists right at the source before they got encrypted, and transmitting the intercepts (ironically in a different encryption) to monitoring servers, whose IP address can be masked by the use of rented proxy servers overseas. The intercepted information is monitored through mobile stations equipped with a custom streaming-capable multimedia player.

Interestingly, Digitask, the German company offering the solution to the Bayern authorities mentions other capabilities for intercepting and decoding SSL based traffic (the type you and I use for our banking and other secure communications!). The interception requires full intercept of the DSL stream of the target (which includes the information and the encryption keys used) and the transfer of the intercepts to the company's servers for further processing. The company states that it supports such capabilities for targets using IE 6.0 and Firefox 1.5.

The Skype decentralized peer-to-peer model bypasses the central structures of traditional telecommunications network. This is making many authorities used to the controls tied to such centralized structures very nervous. One can not help but wonder how many other governments are silently involved in similar unlawful intercepts for their own reasons (war on terror, organized crime, national security, etc.).

Labels: , , ,