January 31, 2008
A news story from Wired reports of documents leaked to WikiLeaks showing the German police contracting DigiTask to create a trojan to intercept Skype traffic before it gets encrypted. The documents can be viewed on WikiLeaks here (in the native German) and here (rough English translation).
Hasn’t this been done before? Last July, Wired reported on how the FBI used spyware to track a person making bomb threats (My blog of the report is here). That was only the latest use of spyware by US law enforcement to circumvent a suspect’s own security, including possible encryption of Internet traffic.
Looks like the Germans are catching on, and quite possibly the rest of the world’s governments with them. Then again, when Duh’bya issues a secret directive to expand net monitoring because of repeated hacker attacks, you have to wonder who really has the upper hand in the hacking game.
The specs on the spookware. The idea behind the warez is to facilitate a “man-in-the-middle” attack. That is, to capture Skype traffic before it is encrypted for transmission, or possibly to capture the public-key encryption code for future hacks of the target’s… maybe all of Skype’s… communications.
The offer DigiTask makes to Germany’s Bavaria state shows the reason behind the reason for the trojan attack:
Encryption of communication via Skype poses a problem for surveillance of telecommunications. All traffic generated by Skype can be captured when surveilling a Dialin- or DSL-link, but it cannot be decrypted. The encryption of Skype works via AES wih a 256-Bit key. The symmetric AES keys are negotiated via RSA keys (1536 to 2048 Bit). The public keys of the users are confirmed by the Skype-Login-Server when logging in. To surveil Skype-communication it thus becomes necessary to realize other approaches than standard telecommunications surveillance.
The concept of DigiTask intends to install a so called Skype-Capture-Unit on the PC of the surveilled person. This Capture-Unit allows recording of the Skype communication, such as Voice and Chat, as well as diverting the data to an anonymous Recoridng-Proxy. The Recording-Proxy (not part of this offer) forwards the data to the final Recording-Server. The data can then be accessed via mobile Evaluation Stations.
The mobile Evaluation Units can, making use of a streaming-capable multimedia player, playback the recorded Skype communication, such as Voice and Chat, also live. To minimize bandwidth usage special codecs for strong compressions are used. The transmission of data to the recording unit is encrypted using the AES algorithm.
The main problem, of course, is getting the warez on the target’s system. The police, assuming they have the proper warrants to do so, will need to enter the target’s place and install the trojan manually, or craft an e-mail to trick the target to install it himself. Depending on the target’s knowledge and/or experience with such malware and his system’s defenses, he may not take the e-mail bait or his anti-malware applications may detect the trojan and destroy it before it can be installed.
Who wants to be Big Brother? America and Germany may only be the tip of the iceberg. Other nations’ law enforcement agencies may already be concocting, or executing, similar hacks under everyone’s nose.