Comments: Rumour: NSA offering 'billions' for Skype eavesdrop solution

Quoting Frank Rieger of CCC Berlin:

"Please all use Skype! Your friendly NSA.". Yeah, right.

Posted by Friend of Frank at February 13, 2009 10:26 AM

"Criminals in Italy are increasingly making phone calls over the internet in order to avoid getting caught through mobile phone intercepts, police say...."

Whole article at http://news.bbc.co.uk/2/hi/europe/7890443.stm

Posted by -- Jerry at February 14, 2009 06:39 PM

The level of code obfuscation, protocol obfuscation, anti-debugging efforts, anti-interoperability measures, and so forth exhibited by Skype is unparalleled among legitimate software.

Skype has something to hide, and no, it's not your conversations. As far as I am concerned, Skype is extremely advanced spyware.

Posted by anon at February 15, 2009 12:05 AM

The question is does the NSA et al realy want access to the speach or the routing information on a Skype communication?

For the speach you will need to perform some level of crypto attack, for the routing just traffic analysis.

For local level Policing then the speach is desirable because it provides operational detail of what the targets are doing (that is the Police will have specifics on a crime etc)

From the higher level (serious/organised crime and above) the routing is more important as it maps out an organisations structure.

So can the Skype speach be decrypted by those not directly involved with the peer to peer nature of the data channel.

The answer is of course probably ;) from the little publicly published it appears Skype use stream encryption based on using 256bit key 128bit data width AES in counter mode.

What is not known is the speach compression method but it might well be based on work originaly developed by the NSA (no this is not a conspiracy senario).

Brut forcing the AES key (assuming true random source) is not going to be practical in real time or any time soon. However being a stream cipher there are other attack vectors available that do not require the AES key (see OTP pad reuse bit flipping attacks etc). However the likley hood of this is down to unknown asspects of Skypes software, the most likley areas of attack being either protocol issues or predictable randomness.

Another area of posibility is a weakness in the RSA etc key generation. There are ways a hidden back door can be put into any public key certificate in a way that is effectivly impossible to tell from the certificate alone (see work by Adam L Young and Moti Yung www.cryptovirology.com).

Then of course ther is the question of lack of entropy in the method of selecting the pq primes (which is quite a big issue in many home brew crypto systems), which is again a random number generator issue (the recent failing of an open source generator caused some bad certificates very recently).

So yes there "may" be avenues to attack the speach but is it realy an issue?

Where Skype has a real weakness is that the majority of users will almost always use the same computer from a very few IP addresses and communicate to Skypes servers at a limited and known number of IP addresses (the physical location etc of the IP addresses at both ends is easily available).

A much smaller fraction will use Skype on a mobile device, but again they will have one or two primary (home/work) locations.

Then there are your covert types who will only use other peoples open WiFi points etc. These break down into two groups the technicaly sophisticated and those who are not.

Those who are technicaly sophisticated will use further covert methods such as TOR the less so will not.

And there is of course those that realy know what they are doing and use other methods entirely.

There is already data mining traffic analysis software for mobile phone logs that has been shown to pick out "closed nets" of users. Such people are generally "suspicious" and would be likley to receive further investigation.

Changing the software to work with IP records instead of phone records would be the work of a day or so of a programmers time.

In both the US and Europe it is now a case of getting to the IP logs (which in most places does not require a warrant these days).

Which then brings about the question of can a Skype client be uniquly recognised when it connects to Skypes servers.

The answer is probably yes and not through Skypes fault.

It is well known that the "cracking" community have tools to finger print OS's and to some extent hardware via IP stack responses etc.

Further other application level software can leak plaintext information about a machine when in use (email etc) or when it "phones home" (think multi-media apps etc).

Further the abundant infection rates of Malware give other identifiers. So it is possible to build a unique fingerprint for a client machine irrespective of what the Skype software can do to hide identity info.

What is less well known is that the CPU clock drift rate is detectable via TCP time stamps and is a way by which individual machines can be identified even when working through a TOR network

And TOR is further suceptable to other attacks due to latency or "owned" node issues.

So from the higher level Intel aspect for serious/organised crime and above then Skypes security measures are not realy an issue...

Posted by Clive Robinson at February 26, 2009 01:52 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x5567bf2878e8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.