Think before you use Skype or any other audio application - who's listening in?
WSJ | 09.06.2011 13:50 | Repression | Technology | Sheffield | World
There is an interesting article in the WSJ about how documents found in Egypt prove the security services were listening to activists conversations which were conducted via Skype, now owned by Microsoft, extracts follow.
Spying on Skype
When young dissidents in Egypt were organizing an election-monitoring project last fall, they discussed their plans over Skype, the popular Internet phone service, believing it to be secure.
But someone else was listening in—Egypt's security service.
An internal memo from the "Electronic Penetration Department" even boasted it had intercepted one conversation in which an activist stressed the importance of using Skype "because it cannot be penetrated online by any security device."
...
Throughout the recent Middle East uprisings, protesters have used Skype for confidential video conferences, phone calls, instant messages and file exchanges. In Iran, opposition leaders and dissidents used Skype to plot strategy and organize a February protest. Skype also is a favorite among activists in Saudi Arabia and Vietnam, according to State Department cables released by WikiLeaks.
In March, following the Egyptian revolution that toppled President Hosni Mubarak, some activists raided the headquarters of Amn Al Dowla, the state security agency, uncovering the secret memo about intercepting Skype calls. In addition, 26-year-old activist Basem Fathi says he found files describing his love life and trips to the beach, apparently gleaned from intercepted emails and phone calls.
"I believe that they were collecting every little detail they were hearing from our mouths and putting them in a file," he says.
A cottage industry of U.S. and other companies is now designing and selling tools that can be used to block or eavesdrop on Skype conversations. One technique: Using special "spyware," or software that intercepts an audio stream from a computer—thereby hearing what's being said and effectively bypassing Skype's encryption. Egypt's spy service last year tested one product, FinSpy, made by Britain's Gamma International UK Ltd., according to Egyptian government documents and Gamma's local reseller.
...
Adrian Asher, Skype's chief information security officer, says his company can't prevent these technologies from compromising its service: "Can we control [spyware] taking an audio stream off the speakers or the microphone? No, there is nothing we can do."
He describes Skype's emergence as a tool for dissent as an accident. "I don't actively create a product that is useful for the dissidents of the world," he says. "While I guess it's a happy by-product, I can't give them any assurances."
Dissidents are discovering other potential vulnerabilities in using Skype. This month, rebels in Libya found what appeared to be spyware they say was being distributed via their Skype contact lists.
The Wall Street Journal asked security company Symantec Corp. to analyze the file, which turned out to be a "remote access tool" that could let an outsider remotely eavesdrop on audio and capture keystrokes.
Symantec said the file is being distributed on a website named after the date the Libyan protests began. Still, the file's origins aren't clear. "The actual attacker could be anywhere in the world," says Symantec's Kevin Hogan.
...
But someone else was listening in—Egypt's security service.
An internal memo from the "Electronic Penetration Department" even boasted it had intercepted one conversation in which an activist stressed the importance of using Skype "because it cannot be penetrated online by any security device."
...
Throughout the recent Middle East uprisings, protesters have used Skype for confidential video conferences, phone calls, instant messages and file exchanges. In Iran, opposition leaders and dissidents used Skype to plot strategy and organize a February protest. Skype also is a favorite among activists in Saudi Arabia and Vietnam, according to State Department cables released by WikiLeaks.
In March, following the Egyptian revolution that toppled President Hosni Mubarak, some activists raided the headquarters of Amn Al Dowla, the state security agency, uncovering the secret memo about intercepting Skype calls. In addition, 26-year-old activist Basem Fathi says he found files describing his love life and trips to the beach, apparently gleaned from intercepted emails and phone calls.
"I believe that they were collecting every little detail they were hearing from our mouths and putting them in a file," he says.
A cottage industry of U.S. and other companies is now designing and selling tools that can be used to block or eavesdrop on Skype conversations. One technique: Using special "spyware," or software that intercepts an audio stream from a computer—thereby hearing what's being said and effectively bypassing Skype's encryption. Egypt's spy service last year tested one product, FinSpy, made by Britain's Gamma International UK Ltd., according to Egyptian government documents and Gamma's local reseller.
...
Adrian Asher, Skype's chief information security officer, says his company can't prevent these technologies from compromising its service: "Can we control [spyware] taking an audio stream off the speakers or the microphone? No, there is nothing we can do."
He describes Skype's emergence as a tool for dissent as an accident. "I don't actively create a product that is useful for the dissidents of the world," he says. "While I guess it's a happy by-product, I can't give them any assurances."
Dissidents are discovering other potential vulnerabilities in using Skype. This month, rebels in Libya found what appeared to be spyware they say was being distributed via their Skype contact lists.
The Wall Street Journal asked security company Symantec Corp. to analyze the file, which turned out to be a "remote access tool" that could let an outsider remotely eavesdrop on audio and capture keystrokes.
Symantec said the file is being distributed on a website named after the date the Libyan protests began. Still, the file's origins aren't clear. "The actual attacker could be anywhere in the world," says Symantec's Kevin Hogan.
...
WSJ
Homepage:
http://online.wsj.com/article/SB10001424052702304520804576345970862420038.html