Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacked Skype IP Address Search Shows Who's Speaking From Where

Posted by timothy on from the we-see-you-mr-appelbaum dept.

mask.of.sanity writes "An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information."

84 comments

  1. SlashBI? by Anonymous Coward · · Score: 0

    I entered "SlashBI" and it didn't come up with anything.

  2. Service temporary unavailable. by devilsdean · · Score: 1

    That was quick

    1. Re:Service temporary unavailable. by Eponymous+Hero · · Score: 2

      looking at the message history, quotes like "Service is down again: skype strikes back" imply that skype is doing something to protect their users' privacy. at the least it proves that Ivan thinks so.

      --
      insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
  3. not surprising by v1 · · Score: 3, Insightful

    Can be done very simply with a little bit of tcpdump. they're just sniffing network traffic from the machine to reveal information that skype doesn't normally display.

    They make it sound like it's some awesome service hacking app when it's just displaying information the client app is just choosing not to show you.

    Does this really surprise anyone? Skype directly connects you to another user. Their servers aren't a relay, they're just a meeting point to hook users together. Both users' computers simply have to have the IP address of the other person for their service to function. (though I could see them relaying just text traffic, but certainly not audio/video)

    --
    I work for the Department of Redundancy Department.
    1. Re:not surprising by Anonymous Coward · · Score: 0

      I am surprised... the user on the other end should have to "pick up" an incoming video/voice chat to initiate this direct connection. The call and text messages should be routed to preserve some degree of anonymity.

    2. Re:not surprising by Anonymous Coward · · Score: 0

      A flaw that they should have noticed by now.
      Direct Connect isn't exactly an old idea.

      If anything, the network Skype is based on should have at the very basic level been built up like Tor to a lesser extent so that you could never find the original IP of a person that you want to request to Add or send a text message to or whatever else.
      And of course the usual things to prevent people abusing this by spamming like wild.
      One single relay through another user would have prevented this. We don't need ultimate security like someone trying to hide from a nasty government requires, we just need a very basic relay.

      Seems like a rather basic thing to not think about when designing a P2P network that is based on peoples identities.

    3. Re:not surprising by Anonymous Coward · · Score: 5, Informative

      Actually, the service works by sending the owner of the username a contact-info request (used for instance while searching for users to add to your contact list). The difference from what you mentions is that the target is not notified in any way (as opposed from when sending them a message or calling them), and also have no option to block the request.

    4. Re:not surprising by Lumpy · · Score: 1

      Um. no.

      Skype DOES use relay servers when there is no ports open on the firewall that a user is behind. It's why skype works all the time and raw VoIP can not without opening ports.

      --
      Do not look at laser with remaining good eye.
    5. Re:not surprising by Anonymous Coward · · Score: 0

      I am not user of Skype, but I can think of a way to not informing your IP to everyone who just asks: Make client that gives IP only when user accepts to "answer". That is if Skype servers deals with bulk of meta-info such as messaging and online-statuses etc why it needs to broadcast IP until video is accessed.

    6. Re:not surprising by Anonymous Coward · · Score: 5, Informative

      The servers are used to facilitate UDP Hole Punching. Once the NAT/Firewall has been bypassed the communicate is direct.

      http://en.wikipedia.org/wiki/UDP_hole_punching

    7. Re:not surprising by w.hamra1987 · · Score: 1

      Actually, Skype DOES use relaying. I use skype from behind a NAT, and so do most of my contacts, we're all inaccessible through our external IP addresses, and sometimes, me and my contact are from the same ISP, and hence behind the same NAT, sharing same external IP address. why it works? because our communication goes through skype servers!

      --
      my sig pwns your sig
    8. Re:not surprising by Anonymous Coward · · Score: 0

      To the layman Internet user, this is 'some awesome service hacking app'.

      The majority of this community, know otherwise.

      Also, don't use Skype.

    9. Re:not surprising by Talennor · · Score: 4, Insightful

      http://en.wikipedia.org/wiki/NAT_traversal

      Skype servers help make the connection, but aren't involved in the data stream.

      --

      //TODO: signature
    10. Re:not surprising by Talennor · · Score: 1

      I'm sure you could run your skype traffic through TOR. Not sure the quality of service you'd get... (Ok, I'm sure, and it's not looking good.)

      --

      //TODO: signature
    11. Re:not surprising by s_p_oneil · · Score: 4, Insightful

      "Can be done very simply with a little bit of tcpdump."

      Um, no. Not even close. This is a web site that can find any Skype user in the world by their Skype username. No one (not even the web server) needs to have Skype installed to use this, and no packet sniffing is being done. Since the encryption used for Skype's TCP connections starts with a Diffie-Hellman key exchange, a tcpdump would be pretty useless. Sure you could see your own Skype client talking to 100 different IP addresses, but you wouldn't have any idea who was at the other end of them, and you would have no way of sniffing the packets of every Skype user world-wide.

      I agree that this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

    12. Re:not surprising by plover · · Score: 1

      Why? Anonymity is not a property they promise to deliver.

      --
      John
    13. Re:not surprising by plover · · Score: 2

      What makes you think that Skype wants or needs to preserve anonymity? Consider that you are contacting Skype yourself and saying "This is Joe Sixpack. Please connect me to J. Random Hacker at +1-123-456-7890. And yes, I understand my information is on file so you can bill me for this call." You're already not anonymous.

      --
      John
    14. Re:not surprising by Anonymous Coward · · Score: 0

      Exactly.

    15. Re:not surprising by Dan541 · · Score: 1

      Its a peer 2 peer network. Why would you expect any form of anonymity?

      Skype was never designed to be Tor

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    16. Re:not surprising by garaged · · Score: 2

      And what it is so important about a skype call that needs that kind of security? I've been chatting on IRC for almos 2 decades and ip info has never been an issue

      --
      I'm positive, don't belive me look at my karma
    17. Re:not surprising by Anonymous Coward · · Score: 0

      So how does NAT traversal work if BOTH parties are behind NATs that don't allow UPNP ( e.g. corporations)?

      Say P is behind NAT A, Q and R are both behind NAT B.

      What destination IP and destination port should P use to try to talk to Q (and not R)? How would even Q know the port P should use at this point since it would be assigned by the NAT B device. And the NAT B device might not even know if it assigns the source ports randomly since Q hasn't sent any traffic yet.

      Same problem the other way round.

    18. Re:not surprising by lindi · · Score: 1

      It works easily. See e.g.  http://www.usenix.org/event/usenix05/tech/general/full_papers/ford/ford_html/

    19. Re:not surprising by Zaphod+The+42nd · · Score: 1

      this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

      QFT. I remember reading about the potential security exploits of skype some 5 years ago. If you speak skype to a node, it'll be happy to handle your requests with almost zero authentication, and it doesn't log it either. So you could extremely easily turn someone's skype box into a zombie to route your nefarious actions through. They'd have no clue you were doing it, no proof you did, and all evidence would show their IP was responsible. Perfect scapegoats.

      --
      GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
    20. Re:not surprising by hobarrera · · Score: 1

      Because in this case, it means privacy (it divulges to third party my location), and in some cases, security (ir no-one knows your IP, I guess you're pretty safe from any sort of attack).

    21. Re:not surprising by hobarrera · · Score: 1

      They certainly don't advertise it as a p2p network, rather as a "free internet phonecalls" service.

    22. Re:not surprising by hobarrera · · Score: 1

      Not anonymous from them, but you'd expect third parties no to be able to trace you down through them.

    23. Re:not surprising by Dan541 · · Score: 1

      Why would they need to, nobody outside of /. cares about any of the technical specifications.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    24. Re:not surprising by hobarrera · · Score: 1

      Its a peer 2 peer network. Why would you expect any form of anonymity?

      Let me rephrase:

      "People would not expect a lack of anonymity asociated with p2p networks because skype is not advertised as a p2p network, rather as a "free internet phonecalls" service."

    25. Re:not surprising by Dan541 · · Score: 1

      So where is the expectation to privacy? People don't complain about their normal phone being traceable, why would this be an issue?

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    26. Re:not surprising by Dan541 · · Score: 1

      Also skype has never been marketed as an Anonymous communications channel.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    27. Re:not surprising by hobarrera · · Score: 1

      You're just trolling, right?
      Users don't expect strangers to be able to track down sensitive data such as their IP address by using the service, it's generally implicit. Most IM/VoIP don't advertise this sort of feature; it's implicit.

    28. Re:not surprising by Dan541 · · Score: 1

      Websites don't advertise that they can see your IP address either. Let alone other information such as you browser and Operating System. You IP isn't "sensitive data" it's used for routing data on the internet. If you don't want anyone to know it then don't connect to them or use a service that is designed for anonymity..

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    29. Re:not surprising by hobarrera · · Score: 1

      So when you use any IM service, it's, in your opinion, normal for any random stranger to be able to deterine your IP address, even those totally unrelated to the service providers?

      I think it isn't. And skype is the only one (save for IRC) with a hole like this.

    30. Re:not surprising by Dan541 · · Score: 1

      It's not a security hole. It's how the internet functions.

      Skype isn't intended to be anonymous, if you want total anonymoity you need to use a VPN. That's true for everything you do online don't assume its anonymous just because the client doesn't show that information.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    31. Re:not surprising by hobarrera · · Score: 1

      XMPP (by far, the most used IM client) doesn't expose you IP address to other users, unless you do a video/voice chat, in which case, it's inevitable.
      Why would I except less for a closed service which has payed features?

    32. Re:not surprising by Dan541 · · Score: 1

      Because XMPP uses a client-server topology, whereas Skype is a Peer to Peer network and therefore clients make direct connections to one another.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    33. Re:not surprising by KhabaLox · · Score: 1

      Websites don't advertise that they can see your IP address either.

      Actually, I've had several websites warn me that my IP address was being broadcast*.

      *Not technically true, I know.

      --
      Ceci n'est pas un sig.
  4. I would say its trivial by mehrotra.akash · · Score: 0

    Infact, its likely that most people reading this comment would be able to do this in lass than a minute

    1. Re:I would say its trivial by mehrotra.akash · · Score: 1

      * less than a minute

    2. Re:I would say its trivial by olsmeister · · Score: 2

      Not if the service worked the way it should. While actual calls should be done peer-to-peer, things like requests for information, call setup/teardown, etc should be handled by Skype's servers, not exposing the IP of another user until a call has been established.

      Either that, or just dial *67 first...

    3. Re:I would say its trivial by Anonymous Coward · · Score: 0

      If you know the person so they'll let you call them -- then yes. In this case you can look up info on anyone currently online without them being notified at all.

  5. Article is ambiguous! by InvisibleClergy · · Score: 1

    The article says you just need to enter their skype username - does this mean that it works for even people who are offline? I know that I have at least one or two pseudonyms I've used for voice-chat while playing vidya games. If it does work for offline people, that would mean Skype is keeping logs of most-recent IP addresses.

    Service seems to be down right now, so there's no way for me to test it.

    1. Re:Article is ambiguous! by Anonymous Coward · · Score: 0

      No, they need to be online.

    2. Re:Article is ambiguous! by Anonymous Coward · · Score: 0

      > If it does work for offline people, that would mean Skype is keeping logs of most-recent IP addresses.
      Of course they are doing it, are you joking?

  6. MY GOD !! SOME SORT OF CALLER ID !! IP ADDRESS !! by Anonymous Coward · · Score: 0

    Is nothing sacred anymore ?? Someone can know my IP address !! This is MY IP address and I demand my PRIVACY !! MS can you never do nothing right !!

  7. Yay by jmDev · · Score: 1

    Now I can have even more people tell me that they have my IP address and they know someone that can hack me!

  8. Article summary author IP by Ziekheid · · Score: 4, Interesting

    Is it me or did the person who wrote the summary of this article accidentally include his IP when linking to the portal page?

    1. Re:Article summary author IP by slimjim8094 · · Score: 1

      Not just you. 216.34.181.45

      Wow.

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
    2. Re:Article summary author IP by cdrudge · · Score: 1

      According to my source, that IP traces back to a railroad track. Better call Steven Seagal to investigate.

    3. Re:Article summary author IP by Anonymous Coward · · Score: 0

      Non-authoritative answer:
      45.181.34.216.in-addr.arpa name = slashdot.org.

    4. Re:Article summary author IP by Un+quebecois · · Score: 0

      whois 216.34.181.45

      Savvis SAVVIS (NET-216-32-0-0-1) 216.32.0.0 - 216.35.255.255
      SourceForge, Inc. SAVV-S234813-8 (NET-216-34-181-0-1) 216.34.181.0 - 216.34.181.255

    5. Re:Article summary author IP by Anonymous Coward · · Score: 1

      Actually that IP points to slashdot.org, according to whois.

    6. Re:Article summary author IP by Toad-san · · Score: 1

      And has anyone else noticed that the "portal" (well, the link anyway) is down?

      http://skype-ip-finder.tk/abused#66677:43676:216.34.181.45:/

      "Thank you for visiting

      SKYPE-IP-FINDER.TK

      This domain and website have been suspended because of abuse or copyright reasons."

  9. Hacked? by Anonymous Coward · · Score: 0

    Skype will happily supply your client (and consequently you) with the IP address of any user, here's what you need:
    - Skype
    - Any traffic monitoring application (tcpdump, Wireshark, even netstat would work)
    1- Search for the user name using Skype
    2- Try to call/chat with them
    3- Collect the IP from your traffic monitoring application
    4- ???
    5- Profit!

  10. ISP location is not your location by dwillden · · Score: 1

    Wow so they think they can determine your location via your IP address and the ISP location. My ISP is HQ'd in or near Denver CO, I live in Utah, all the web-ads that try to target my location target me as being in Denver. So hack away, you'll still be hundreds of miles off, based solely on my IP.

    --
    I'm too lazy to compose a creative sig.
    1. Re:ISP location is not your location by Anonymous Coward · · Score: 2, Funny

      Thank you sir for that info... We will be making adjustments to our database to compensate for the error.

    2. Re:ISP location is not your location by laffer1 · · Score: 1

      This really depends on your ISP and package. As I have a business class package with static IPs and Comcast delegates them via ARIN, one can see my home address via my IP address.

      --
      MidnightBSD: The BSD for Everyone
    3. Re:ISP location is not your location by Anonymous Coward · · Score: 0

      Not any more

  11. Not New, But Pretty Cool by cryptizard · · Score: 5, Interesting

    I saw this presented about a year ago at a security talk. If I recall correctly they were getting IP addresses by initiating a call but then terminating it before some threshold where the other party was actually notified, so it was invisible to the people they were tracking. The cooler part in my opinion was how they showed that something like 80% of people could be located on Skype (in the directory) based on information in their Facebook or LinkedIn profiles, allowing for targeted tracking of people. They also had some more advanced geo IP stuff to the point where they could get really good location results. The example they had was a woman in Florida where they could track her whole week's routine i.e. at work at 9:00, home by 5:00, where she goes to lunch, when she is visiting her grandmother in the next town. It is especially effective against people who are logged into Skype on their smart phones. Arguably the even cooler part was where they showed that they could track the entire population of a small country with something like $20,000 in computer hardware. As obvious as the nefarious applications of this are, it could also be pretty useful for tracking large scale movement for stuff like city planning.

  12. Don't be hasty about trying this by 93+Escort+Wagon · · Score: 2

    At least if you're a Skype user. It sounds like Skype is banning anyone who's logged in from the same IP address they're running this tool on.

    --
    #DeleteChrome
    1. Re:Don't be hasty about trying this by ilsaloving · · Score: 2

      Really??

      Great! Now we just have to figure out how to convince all those stupid "I found you online and thought you looked cool!" Skype Bots to connect to that address!

    2. Re:Don't be hasty about trying this by Anonymous Coward · · Score: 1

      That's precious. We have a potential privacy issue, and if the blackhats without skype accounts do it, well, nothing we can do about that. But if you dare research it yourself, we'll shitcan your account. Don't you know it's wrong to be curious!

    3. Re:Don't be hasty about trying this by Anonymous Coward · · Score: 0

      At least if you're a Skype user. It sounds like Skype is banning anyone who's logged in from the same IP address they're running this tool on.

      Meh, I'm on a standard residential account, so my IP is dynamic. Go ahead, ban me, I'll just change my router's MAC and get a new IP from my ISP and some other schmuck will get blocked instead.

  13. easily blocked by Anonymous Coward · · Score: 0

    Just don't enable javascript. Done!

  14. Pretty easy to roll your own..... by trancemission · · Score: 1

    Although not quite as easy as just firing up tcpdump (If it was - this would have been 'exploited' a long time ago)

    http://pastebin.com/rBu4jDm8

    Not sure if the version of skype client is relevant (Maybe you just need to enable debug mode)

    You could replace looking at the logfile with sniffing packets if they are in plain text (Which they probably shouldn't be)

    I haven't tried this.

  15. Skype replaces P2P supernodes with Linux boxes by readandburn · · Score: 3, Informative

    http://arstechnica.com/business/news/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft.ars

  16. but .. by Anonymous Coward · · Score: 0

    As we all know, Geo IPs can be dreadfully misleading. btw the site seems to be down. slashdotted. LOL

  17. Cookies error? Why does it use cookies? by Anonymous Coward · · Score: 0

    Why does this site use cookies? I use Chrome's whitelist for cookie permissions, and I got a "Cookies error" when I tried to visit the site. What possible legitimate use could this site have for using cookies? Note: advertisements are not legitimate

  18. "LOL, Skype killed us." by sirdude · · Score: 2

    "LOL, Skype killed us." is what I see when I visit the site. IP ban?

    1. Re:"LOL, Skype killed us." by Anonymous Coward · · Score: 0

      Skype didn't kill them... Slashdot did.

  19. Re:Cookies error? Why does it use cookies? by Ohrion · · Score: 1

    Some people LIKE to stay logged in.

  20. Re:Cookies error? Why does it use cookies? by maxwell+demon · · Score: 1

    Some people LIKE to stay logged in.

    But for that you only need to send a cookie when logging in. Because if you are not logged in, you cannot stay logged in anyway.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  21. Warning||!!! by Anonymous Coward · · Score: 0

    Your computer is currently broadcasting an IP address! :)

    - cmon, am i really the first to post this? Mod funny pls

  22. Apparently by Anonymous Coward · · Score: 0

    You have not yet heard of skyhook; either that or you aren't using wireless. http://www.skyhookwireless.com/ -- If you are using wireless, then your IP probably reveals your location to within meters.

    1. Re:Apparently by Anonymous Coward · · Score: 0

      You have not yet heard of skyhook; either that or you aren't using wireless. http://www.skyhookwireless.com/ -- If you are using wireless, then your IP probably reveals your location to within meters.

      hmm.. I'm using wireless and never seen any location services or ad companies (other than Google and Facebook when registered user) being able to even place me in the correct country.

  23. There is a solution by Technician · · Score: 4, Interesting

    If you must hide your IP address, you can use one of many Skype/Sip gateways. SIP to SIP to the gateway then Skype to Skype from the gateway. Since Skype does not work well in Linus, I use SIP instead. SIP is P-P too, a SIP call will reveal my IP to a SIP caller. A Skype caller will only see the gateway.

    There are several gateways. IPPI.fr is only a representative example.

    You can Skype me in France anytime. I have never been to France.

    http://www.ippi.com/

    I don't use this to hide my IP address. I use it with an ATA so calls ring my phone, even when I'm not online. With their speed dialer, I can make Skype calls without turning on the computer.

    I can be called by Google Voice, an INUM number, SIP, Skype, or IPKall number and any will ring my SIP phone, provide voice mail, caller ID, etc.

    Analog Telephone Adapter (ATA) http://www.voip-info.org/wiki/view/Linksys+PAP2T

    --
    The truth shall set you free!
  24. Hmmm. by BrokenHalo · · Score: 1

    What strikes me as a bit sick (or at least sad) is that anyone might feel this project is a good use of their time. I can think of no reason why a skype user need be legitimately stalked in this way except for purposes of law enforcement, and those authorities already have resources at their disposal.

    1. Re:Hmmm. by Anonymous Coward · · Score: 2

      Because without people like this guy, who is probing for weaknesses and making some noise about them, you rely on a security model of 'security through obscurity', and we all know that only idiots think that's real security.

    2. Re:Hmmm. by hobarrera · · Score: 1

      Because this sort of project proves how flawed skype's so-called security model is in the first place.
      It's yet one more thing you can point at when listing skype's defects.

  25. Good Luck by nauseous · · Score: 0

    Yea right. Can't get my identity :-). Must be Microsoft that owns Skype now..

  26. Shutdown by zerocool6900 · · Score: 1

    Of course this site is no longer active as the US Government now follows /.

    "This domain and website have been suspended because of abuse or copyright reasons."

    --
    Some people never learn...no matter how many times something happens to them.