German Govt. Skype Interception Trojans Revealed

James Hardine writes "Wikileaks has released documents from the German police revealing Skype interception technology. The leaks are currently creating a storm in the German press. The first document is a communication by the Ministry of Justice to the prosecutors office, about the cost splitting for Skype interception. The second document presents the offer made by Digitask, the German company secretly developing Skype interception, and holds information on pricing and license model, high-level technology descriptions and other detail. The document is of global importance because Skype is used by tens or hundreds of millions of people daily to communicate voice calls and Skype (owned by Ebay, Inc) promotes these calls as being encrypted and secure. The technology includes interception boxes, key forwarding trojans and anonymous proxies to hide police communications."

Germany

[CastrTroy]

Germany still seems to have a lot of it's old attitudes lying around. Installing trojans on the computers of it's citizens for the purpose of listening to skype calls is way beyond what I would expect from a country like Germany. Then again, they still can't have video games with Nazis or blood in them. How long before someone packages up a Linux live CD with Skype preinstalled so that you can ensure you're computer isn't compromised when making phone calls?

Re:Germany

[gnasher719]

Germany still seems to have a lot of it's old attitudes lying around. Installing trojans on the computers of it's citizens for the purpose of listening to skype calls is way beyond what I would expect from a country like Germany. Then again, they still can't have video games with Nazis or blood in them. How long before someone packages up a Linux live CD with Skype preinstalled so that you can ensure you're computer isn't compromised when making phone calls? 1. It is legal (if you get permission from a judge etc.) to listen in to phone conversations. 2. With Skype using 256 bit encryption, the police cannot do in practice what it is allowed to do legally. 3. Some company makes software/hardware that enables the police to do what they are allowed to do legally.

It seems to be necessary to install some software on the user's computer to achieve this. As long as this software doesn't do anything but opening up Skype communications, it doesn't do anything that would affect the user's rights. All their Skype communications can only be heard by people who are legally allowed to hear it - even though one of them is the police, which is not the _intended_ recipient.

Re:Germany

[WK2]

So? It's a trojan, meaning that one has to willingly open it; more bluntly, it means that the police will need to trick people into opening them.

Here in the USA, the police will break into your house to install keyloggers and such. Hardware keyloggers, usually. They will only send something through email if they don't know who you are (such as virus writers) and they do it to find out who, and where you are, not to listen to your phone calls. The problem with sending software trojans is that it usually doesn't work, and might get noticed.

Man-in-the-middle against SSL?

[gnasher719]

Does anyone know how a man-in-the-middle attack against SSL, as mentioned in the article, is supposed to work?

The only possibility that I can see is to modify the browser itself, so that when the user tries to get a secure connection to www. criminals.com, the browser contacts www. police.de instead, gets a valid certificate from the police, while the police's computer then makes a secure connection to www. criminals.com.

Re:Man-in-the-middle against SSL?

[maxwell+demon]

To redirect the user from www.criminals.com to www.police.de, they only have to intercept DNS calls (unless the criminals have edited their /etc/hosts or Windows equivalent, but if they get a trojan in, that shouldn't be too hard to change as well). The only thing which might be problematic is to get a valid certificate. But then, they probably can get that by just connecting themselves (which they'll do anyway if they do a man-in-the-middle). AFAIK the certificate only contains the domain name, not the server IP, so since the browser thinks it's connected with www.criminals.com, it will accept the original certificate for the fake server. I'm no SSL expert, though, so I may be missing something here.

Re:Man-in-the-middle against SSL?

[gnasher719]

mac spoofing, arp poisoning, dns spoofing, and a fake certificate Yes, I forgot that if they are able to install software on your computer, they might also be able to install a root certificate created by the police, and send you a kind-of-genuine certificate for www.terrorists.com, signed by www.police.de. Or they _might_ be able to convince a certificate authority to give them an actual, valid certificate for www.terrorists.com, which would be a bit worrying.

With a minute of thinking: The first method would be much better, because they don't need to know ahead who I am going to contact.

With another minute of thinking: My computer has for example four Verisign root certificates installed. Does that mean that Verisign (I only take them as an example) could technically install a box with a computer into the phone line 50 meters away from my house, and do a man-in-the-middle attack by creating genuine Verisign certificates for any SSL connection that I make, without breaking into my home or doing anything to my computer at all? And the only trace that I would have would be the curious fact that everyone I contact uses certificates signed by Verisign?

With a further minute of thinking: My computer has about 100 root certificates installed that came with Leopard, and similar things happen for Windows users. I have no idea where these certificates come from; I just have to trust Microsoft and Apple. If the police could convince Microsoft and Apple to put a root certificate owned by the police into their installers, then the police could read anyone's SSL connections without breaking into their homes (but breaking into their connection a bit further down the line)?

Re:Man-in-the-middle against SSL?

Does anyone know how a man-in-the-middle attack against SSL, as mentioned in the article, is supposed to work?

Probably in the same way that governments perform any other interception methods, full cooperation from corporations.

Look at who Narus, the manufacturer of big honkin' communication vacuums that the NSA has installed at ATT and other telco's, partners with:

http://www.narus.com/partners/index.html

VeriSign offers the entire suite of Narus products to its global customer base as managed services or licensed software. This includes capabilities for security, traffic analysis and lawful intercept.

IIRC, Verisign and it's subsidiaries like Network Solutions, employs and is managed by people formerly part of the intelligence community. Given what we know about ATT and the NSA, it's really not at all surprising that the government would have copies of valid certs that would allow transparent monitoring of SSL traffic.

How does this affect admissibility?

Germany has/had some wonderful privacy legislation, but in the last year or so they're heading in the other direction...

What's interesting here is the collection of evidence by installing spyware: if forensic analysis of a disk means absolutely nothing may be installed/changed/touched on the disk, how are they allowed to install their own software? does this invalidate any evidence they collect for use in a court, or are civil law courts a bit more flexible with such things?

Secondly, the problem here doesn't appear to be with Skype at all. As with any encryption, it doesn't matter how safely you transfer your data, you still have to read/write/speak/listen to it unencrypted. No program can pull that off without requiring you to write your messages or speak encrypted.

The classic /. question.....

[budword]

Yeah, but does it run on Linux ? Anyone know if said software will end up on your linux box ?

What about China?

[Toddlerbob]

As pointed out in a comment above, if Germany does it, why not the USA? (Especially with all the secrecy and propensity to spy on citizens that the USA feds have these days)

I'm wondering now about China. I remember that Skype was, for a short time, on slippery footing for continued operations in the People's Republic. Then, for some reason, there was no longer a problem. I can't help but suspect that Skype may have opened up its code to China in order to continue operating there. The Chinese government lives and breathes by spying on its people (and anybody else living in its territory, of course).

On the other hand, maybe they didn't open their code, but the Chinese government figured out how to tap into communications, anyway. In the current article, the Germans have shown one way that it's possible.

Same old same old

The Nazis spied on the German people, the communists spied on the German people, and now this supposedly "democratic" is following their lead. The more things change...

Re:Skype is not securely encrypted.

[PGillingwater]

I would have to take issue with your statement.

According to this: http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf

Skype seems to use AES for the VOIP payload, and RC4 for signaling packets.

Naturally, although AES is an excellent algorithm, it will fail if the implementation is weak, especially in the key handling.

I agree that the code is largely obfuscated, and without open source, it would be a nightmare to expect to rely on its security.

However, there was an "independent" review of Skype, which I understand was able to review the source code.

See: http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf for what appears to be the definitie analysis (as of 2005.)

Maybe things have changed since then? I would be surprised if the German government and its subcontractors have seriously been able to compromise Skype through man-in-the-middle attacks, but would not be surprised if a single end-point were compromised.

Re:Skype is not securely encrypted.

[0ptix]

Using AES alone is definitely no guarantee of having established a secure communication channel. An at least equally important question is how key's are established and distributed. You did not mention any public key cryptography. AES is a symmetric key algorithm so how do two clients who've never talked with each other set up there first secure connection? Further AES is an encryption algorithm so it proves secrecy, but not automatically provide authentication. Especially with a known protocol this can lead to surprising attacks. Thus the mode of operation in which AES is employed is also quite important. Even how IV's are chosen are important.

Skype might have solved some or even all of these problems. But the point is that simply stating that AES (and RC4) are used (even perfect implementations there-of) does not guarantee any kind of security at all. these things are far more subtle then that.

besides the moment an attacker (in this case the bavarian police) gets access to and end point (i.e. the actual machine which skype is running on) the whole thing is just B.S. anyway. i mean NO system in the world is secure under such an adversarial model... not unless you have some crypto chip installed with secret keys on it or something like that. (think TCPM).