Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacked Skype IP Address Search Shows Who's Speaking From Where

Posted by timothy on from the we-see-you-mr-appelbaum dept.

mask.of.sanity writes "An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information."

3 of 84 comments (clear)

  1. Re:not surprising by Anonymous Coward · · Score: 5, Informative

    Actually, the service works by sending the owner of the username a contact-info request (used for instance while searching for users to add to your contact list). The difference from what you mentions is that the target is not notified in any way (as opposed from when sending them a message or calling them), and also have no option to block the request.

  2. Not New, But Pretty Cool by cryptizard · · Score: 5, Interesting

    I saw this presented about a year ago at a security talk. If I recall correctly they were getting IP addresses by initiating a call but then terminating it before some threshold where the other party was actually notified, so it was invisible to the people they were tracking. The cooler part in my opinion was how they showed that something like 80% of people could be located on Skype (in the directory) based on information in their Facebook or LinkedIn profiles, allowing for targeted tracking of people. They also had some more advanced geo IP stuff to the point where they could get really good location results. The example they had was a woman in Florida where they could track her whole week's routine i.e. at work at 9:00, home by 5:00, where she goes to lunch, when she is visiting her grandmother in the next town. It is especially effective against people who are logged into Skype on their smart phones. Arguably the even cooler part was where they showed that they could track the entire population of a small country with something like $20,000 in computer hardware. As obvious as the nefarious applications of this are, it could also be pretty useful for tracking large scale movement for stuff like city planning.

  3. Re:not surprising by Anonymous Coward · · Score: 5, Informative

    The servers are used to facilitate UDP Hole Punching. Once the NAT/Firewall has been bypassed the communicate is direct.

    http://en.wikipedia.org/wiki/UDP_hole_punching