Austrian official fuels Skype backdoor rumours
'No particular problems' to listening in
Off the cuff remarks by Austrian government officials suggest that Skype conversations might be intercepted.
Speaking at a recent meeting on lawful interception between ISPs and Austrian regulators, an unnamed "high-ranking" official at Austria's interior ministry said that listening into a conversation over Skype presented no particular problems, Heise security reports.
The opinion contrasts with the view of Joerg Ziercke, president of Germany's Federal Police Office (BKA). At a meeting last November Ziercke said that the inability to decipher the encryption used by Skype in order to intercept VoIP calls had become a problem in counter-terrorism investigations. Weeks after this, leaked documents outlining plans by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions, along with related costing and licensing proposals, surfaced through Wikileaks.
Skype runs using a proprietary protocol. Unlike Phil Zimmermann's Zfone project, for example, its source code has not been publicly released. So even though Skype has commissioned security experts to audit its technology (which incorporates trusted encryption techniques, such as Advanced Encryption Standard, to encrypt conversations and RSA for key negotiation) doubts have remained.
For example, security experts Philippe Biondi and Fabrice Desclaux have voiced concerns) that Skype has the keys to decrypt calls or sessions, a claim Skype denies.
Access to such keys would provide backdoor access to conversations but it's worth remembering, as is the case with warrants for regular phone conversations, that law enforcement agencies are more often interested in knowing who an investigative target is talking to than what they are saying. Skype offers confidentiality, but it makes no claims of offering anonymity.
For example two years ago, a fugitive chief exec was tracked to Sri Lanka after his location was given away by a conversation made using Skype. Papers on tracking anonymous peer-to-peer VoIP traffic provide clues on how this might have been accomplished. ®
The vast number of ways two or more indiviudals can communicate via the intertubes is mind boggling. For a start you've got 62000+ ports to communicate on. Then you have two primary kinds of packet. Then you have three different kinds of communication (video, audio or plain text). Then you've got numerous forms of encryption.
Simply put - if a terrorist cell wanted to communicate safely it wouldn't take a rocket scientist. Just a disillusioned programmer.
But then, if the security forces stopped looking for magic wands and trying to collect terabytes of useless data they'd have more time for more effective measures. Maybe they'd be able to make their own secure communication network... Now there's a thought.
Reason most large attacks are missed is two fold, number one - there is so much information gathered using drag net techniques it is impossible to differentiate between the legitmate and the fantasy, and number two - as odd as terrorists may be, they're rarely stupid (not the ones that pull off succesful operations). Stupid terrorists tend to come up with plans that don't work and weapons that fail to function. Like trying to set propane cans alight.
At the end of the day, it's down to luck, and convincing most people that we arn't out to screw them over...
These people arn't supposed to be looking after you or wife or your kids, they're supposed to be protecting our way of life, and that, they are failing miserably at as we decend ever further into totaltarian fascism.
But whatever, mines the one with the work visa to a decent country in it.
Skype is not ours
Skype belongs to a company who don't publish how it works. So you don't really know if it has wire tap access points built in.
Anything going through your sound card could be tapped at the point that it's just audio.
Skype is secure.
I seem to recall the people looking after my wife and kids at night, had invented Public Key cryptography and key exchange a decade before it was invented in the outside world, and no-one found out for twenty years. I'm frankly glad these guys are out there looking after the safety of my wife and kids at night.
Despite this, I believe that Skype is secure, because I believe that the CEO, and everybody in the chain of command, is completely free from interference from the world's governments trying to stop the destruction of civilisation, and, though I'd help myself, I believe these guys are just out to make money, and so I believe they've withstood the might of the Western World's law machine, and their techies have, via keeping their algorithms secret prevented the world's government cryptanalysts out. After all, there are some smart guys out there working in the private sector.