Proof Of Concept Skype Wiretapping Malware Released

from the not-so-secret-any-more dept

Mon, Aug 31st 2009 1:25am — Mike Masnick

One of the benefits of Skype was that, due to the way it works (P2P, encrypted communications), it made it much more difficult to do any sort of wiretap. This has upset various governments who are used to having the ability to wiretap any voice communications. However, it's never impossible. The most obvious way is to simply create some sort of trojan that gets installed on one user's computer that has audio recording abilities -- and Symantec is going around hyping up the fact that source code for just such a trojan has been released. Of course, even Symantec admits that there's no evidence of the code actually being used in the wild -- it seems more like a proof-of-concept. On top of that, it's hardly a new idea. Nearly a year ago, we talked about how German authorities were accused of using something that sounded quite similar. Still, it is a good reminder that even if you're using an encrypted Skype call, at either end of that call, the audio is decrypted, and a well-placed recording system can capture it.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: malware, skype, wiretap
Companies: skype

8 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 31 Aug 2009 @ 5:51am

I can see a pretty easy way around this. Just make a Linux LiveCD with Skype already on it. Sure, it'll be beyond most criminals, but I think you could probably find someone more computer savvy to do it for you. Certainly for large organized crime syndicates, it would be easy.
[ link to this | view in chronology ]
- Hephaestus (profile), 31 Aug 2009 @ 6:16am
  
  Re:
  I like the LiveCD idea...
  [ link to this | view in chronology ]
NullOp, 31 Aug 2009 @ 5:55am

Spys!
I am always humored by spying stories. Having done a bit myself, legally, I know there is nothing more boring in the world except perhaps watching porn.
[ link to this | view in chronology ]
- Anonymous Coward, 31 Aug 2009 @ 5:59am
  
  Re: Spys!
  Nullop,
  
  ...creepy.
  [ link to this | view in chronology ]
- Anonymous Coward, 31 Aug 2009 @ 6:51am
  
  Re: Spys!
  NullOp,
  
  I know exactly what you mean.
  [ link to this | view in chronology ]
Anonymous, 31 Aug 2009 @ 7:39am

Proof of two concepts
LiveCD is a great idea. Heck Skype will even run off a flash drive. It's a great little program.

The proof of concept is that it can be done. The second concept proven I think is that it WILL be done. Just as nothing is foolproof to the adequately equipped fool, anything available to the public WILL be hacked, it's just a matter of time.

This particular hack kinda makes me chuckle, though, at the simplicity. I feel like Brain laughing at Pinky's scheme and saying "That's the stupidest idea in the world!"
[ link to this | view in chronology ]
Malware Removal Bot, 16 Sep 2009 @ 8:54am

As most readers will already know, a new 0-day vulnerability in MS Video ActiveX Control is currently being exploited in the wild. Lots of research material has already been published covering different aspects of this vulnerability and the attack vector. I have nothing more to add on this front. I would rather focus on explaining the details of the malware behind the scenes.
[ link to this | view in chronology ]
Mike, 18 Nov 2009 @ 6:42am

So the hackers who successfully implement this malware will be rewarded with hours upon hours of mp3 files that they will have to wade through in order to find any relevant (valuable) data. This has to be the least efficient form of hacking I have ever heard of.
[ link to this | view in chronology ]