[LINK] RFI: Skype Conversation Accessibility

Richard Chirgwin rchirgwin at ozemail.com.au
Sun Mar 30 12:21:55 AEDT 2008 

Roger,

Some general observations which may help you locate sources.

1) VoIP in general is most easily accessible with access to a server. If 
you're in charge of the VoIP server, then you can make the system copy 
you on conversations, or ask it to record conversations (which you would 
obtain later). So if you wanted reliable sources, I would suggest 
starting with CERT advisories relating to the security of VoIP servers 
from vendors like Cisco, Broadsoft, Nortel, Alcatel, etc.
2) Regarding the vulnerability of voice service providers, the 
highest-profile story I can remember related not to eavesdropping, but 
cracking a server so as to steal and resell voice termination.
3) Skype is supposed to be difficult to crack because of its proprietary 
encryption. On the other hand, given the processing model (which 
distributes call processing across Skype-connected nodes), I would 
imagine that a node would yield information about who called whom.

Cheers,
Richard C

Roger Clarke wrote:
> Does anyone have reliable knowledge or sources re the ability of a 
> third party to access real-time Skype (or other VoIP) conversations?
>
>
> Internet telephone encryption stumps police
> <http://www.theage.com.au/news/voip/internet-telephone-encryption-stumps-police/2007/11/23/1195753285526.html>http://www.theage.com.au/news/voip/internet-telephone-encryption-stumps-police/2007/11/23/1195753285526.html 
>
>
> November 23, 2007 - 3:17PM
>
> German police are unable to decipher the encryption used in the 
> internet telephone software Skype to monitor calls by suspected 
> criminals and terrorists, Germany's top police officer said on Thursday.
>
> Skype allows users to make telephone calls over the Internet from 
> their computer to other Skype users free of charge.
>
> Law enforcement agencies and intelligence services have used wiretaps 
> since the telephone was invented, but implementing them is much more 
> complex in the modern telecommunications market where the providers 
> are often foreign companies.
>
> "The encryption with Skype telephone software ... creates grave 
> difficulties for us," Joerg Ziercke, president of Germany's Federal 
> Police Office (BKA) told reporters at an annual gathering of security 
> and law enforcement officials.
>
> "We can't decipher it. That's why we're talking about source 
> telecommunication surveillance -- that is, getting to the source 
> before encryption or after it's been decrypted."
>
> Experts say Skype and other Voice over Internet Protocol (VoIP) 
> calling software are difficult to intercept because they work by 
> breaking up voice data into small packets and switching them along 
> thousands of router paths instead of a constant circuit between two 
> parties, as with a traditional call.
>
> Ziercke said they were not asking Skype to divulge its encryption keys 
> or leave "back doors open" for German and other country's law 
> enforcement authorities.
>
> "There are no discussions with Skype. I don't think that would help," 
> he said, adding that he did not want to harm the competitiveness of 
> any company. "I don't think that any provider would go for that."
>
> Ziercke said there was a vital need for German law enforcement 
> agencies to have the ability to conduct on-line searches of computer 
> hard drives of suspected terrorists using "Trojan horse" spyware.
>
> These searches are especially important in cases where the suspects 
> are aware that their Internet traffic and phone calls may be monitored 
> and choose to store sensitive information directly on their hard 
> drives without emailing it.
>
> Spyware computer searches are illegal in Germany, where people are 
> sensitive about police surveillance due to the history of the Nazis' 
> Gestapo secret police and the former East German Stasi.
>
> Ziercke said worries were overblown and that on-line searches would 
> need to be conducted only on rare occasions.
>
> "We currently have 230 proceedings related to suspected Islamists," 
> Ziercke said. "I can imagine that in two or three of those we would 
> like to do this."
>
> Reuters
>

More information about the Link mailing list