Schneier on Security
A blog covering security and security technology.
« What the Terrorists Want |
| USBDumper »
August 24, 2006
Skype Call Traced
Kobi Alexander fled the United States ten days ago. He was tracked down in Sri Lanka via a Skype call:
According to the report, Alexander was located after making a one-minute call via the online telephone Skype service. The call, made from the Sri Lankan capital Colombo, alerted intelligence agencies to his presence in the country.
Ars Technica explains:
The fugitive former CEO may have been convinced that using Skype made him safe from tracking, but he -- and everyone else that believes VoIP is inherently more secure than a landline -- was wrong. Tracking anonymous peer-to-peer VoIP traffic over the Internet is possible (PDF). In fact, it can be done even if the parties have taken some steps to disguise the traffic.
Let this be a warning to all of you who thought Skype was anonymous.
Posted on August 24, 2006 at 1:45 PM
• 62 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
But is Skype so insecure that you shouldn't give out a credit card number to a company, for example? Or is it more secure than cordless or mobile phones in that regard?
Isn't that kind of stupid for law enforcement to tell the world that that is how he was found? Better to let various bad guys think they've got a secure channel, wouldn't it've been?
If Skype were at all difficult to trace, I'm sure that the NSA would do what they did to Crypto AG in the 1980s (or was it the 70s?): subvert the company to get a back door installed.
Is "Skype so insecure" ? I think there is two concepts :
As the phone call is crypted between the 2 parts, i think there is some confidentiality (as the protocol is not open, you have to be confident in skype inc for that part).
But there is no anonymity. When you call, you have to log on to a Skype server, when you call, you have to "ask" the skype server the IP of your friend, when you do a skype out call you pass throw the skype gateway.
Your IP is logged and tracked.
Btw if Skype is well design, only Skype Inc can track you.
I looked at the referenced paper on tracing anonymized VoIP. It is interesting, but it seems highly unlikely that this particular technique was used in this case.
(To summarize, the method is to create a unique "watermark" by introducing a pattern of slight delays in the flow of packets entering the network from a source of interest. If that pattern is detected elsewhere in the network, then the recipient can be determined.)
The linked paper discusses networks that are designed to provide both anonymity and low latency, and a means to break the anonymity. But AIUI Skype does not have any specific provision for anonymity, so no such attack is needed.
It's nonetheless very interesting for how one might defeat an obvious class of anonymous VoIP networks!
In the end nothing is really anonymous is it?, only obscured.
The interesting question to the timing attack topic is - countermeasures?
Looks like it's a question of how to avoid your countermeasures fingerprinting you :)
flobb: The Skype protocol is "known", the master keys might still be unknown. Lots on Skype internals in this presentation, and a nontrivial intercept method:
Well, the right question to ask is what call did they trace?
- did they trace a p2p call he made to another computer? (i doubt it)
- did they trace a computer to PSTN call? (most probably.)
in the latter case it is easier to trace because skype has to contact their login server directly to verify the account/credit info.
The first referenced article is so vague that I can't draw any meaningful conclusions from it, but I can imagine that given the high profile of this individual, and his fugitive status, that law enforcement may well have put something equivalent to a "trap and trace" order on Skype/eBay requesting IP and/or phone number information associated with this indivdual whenever he touched the Skype network.
How they'd know which Skype username (or Skype-in/Skype-out number) to put on the order is left as an exercise for others.
Alternatively, they may have been expecting him to call a particular person, and so were prepared to trace the call from that end. Even if that trace were to dead-end at the Skype network, Skype probably keeps call logs for just this kind of situation.
anonymous? huh. i've got insiders info that they share all users details (including financial) with the british gov.
Very hard to tell what happened, but that's probably the point of the article. Don't believe the Skype...
It also could have been any number of things related to Skype that gave him away and not just the software. I mean maybe the fact that he was using VoIP in Colombo has more to do with it than anything, since I have read reports of authorities there monitoring all network traffic and using it to blackmail people. Maybe he trusted someone too much:
Look, he called a known location that was being watched, and they traced back his IP address. Not that big of a deal.
Skype obfuscates a few details and makes it difficult to rip the audio down, but signalling is always basically out in the open. Just like any encrypted tunnel still needs a valid IP header to get routed! If you want to stay under the radar, hide in noise (gamespy chat!) and keep at least one degree of separation. Your relay party should never know anything, and never use the same relay for both directions. "Simple."
Also John Robb is on the money, if that wasn't clear.
Could it be possible to tunnel Skype traffic through TOR? That would make it kind of difficult to figure out the actual location of the end-point. OTOH real-time requirements and TOR are probably not best friends.
I was going to write what John Robb wrote, too. He probably called his girlfriend/mother/partner-in-crime and LE got his IP address. About 2 seconds later they pinpointed where he was.
If the fugitive in question had used an anonymous proxy in an alternate location that didn't keep logs to create the Skype account and then also used it to make the call, I doubt that much could have been done to locate him. No, I bet he even used his normal Skype account and thought that LE needed a minute or more (like you see in the movies) to trace his call.
I think that it's funny. I am rarely amazed by how little people understand technology because I see this type of thing on a very regular basis.
It proves that this joker did not deserve to be a high tech company CEO. When you are a fugitive on the run, the least you are expected to do is not fall victim to simple technical traps. As 'Entropy' mentions, he should have used an anonymous proxy and created a skype account and used it through the proxy.
Just run through the paper and (apart from the classical beautiful idea) saw that you need to have both ends of the line wiretapped, which leads me to think that they did not use that exact idea in the "research" -unless the guy used an already tapped laptop, for instance-.
So, great paper but is it really *that* *feasible* in real life? (unless you think quite a few of nodes are being tapped). Also, that reveals nothing about the *identity* of the Skype users...
I dont like this at all. The more technology we develop, the less privacy we have. I'm not saying that it's ok to hide from the law or anything like that, but I really feel like we are steadly losing our ability to do so.
In the short 26 years I have been on this planet I have seen so many advancements in technology that enhance our lives in so many ways, but as a very important side note, these new technologies are going to continously erode our freedoms. We need to be careful here because if we dont take a stand before its too late we are going to be sorry.
Skype and other VOiP technologies are obviously no longer a safe alternative to landlines and with the seemingly steady disapearance of pay phones as cell phone use increases, we are going to lose our ability to make anonymous phone calls.
>[...]we are going to lose our ability to make anonymous phone calls.
Anonymity from a sufficiently interested government is already lost. Because who you tend to call identifies you almost as well as what phone you tend to call from. Behold the power of call detail record datamining.
What about Kobi Alexander? He's a big time crook tied to 9-11 and ripping off 60 million. Was he detained? Seems odd to publish this if he wasn't. IT would just tip him off.
Hi, can somebody post a mirror of the CCS05-VoIPTracking.pdf file please? The file is offline, along with professor xwangc's account.
There's only an HTML cache version on google and it looks ugly, so I would be interested to have the PDF version of it.
Thanks a lot!
The pdf is at a different location. Link in the post name!
Folks I don't know how many of you are actually interested in "watermarking" or "fingerprinting" peoples transactions but Matt BLaze (http://www.crypto.com/) has posted an artical about what he and others call "JitterBugs".
Essentially they are devices on the input side of the computer (in this case between the keyboard and the computer) that establish a low bandwidth covert channel through the computer.
In the case described in the paper the JitterBugs modify the timing of the way data is sent to the computer. In many cases this timing is passed through the computer out onto the network with minimal modification. Thereby allowing somebody to measur the delay between packets at any point between the computer and the destination of the packets.
It's worth reading just to find out how easy it is to hide the covert channel from an observer (such as a very computer savy user).
This is why law enforcement is publicizing it - the best way to break Skype encryption is to stop people using Skype for dodgy conversations. If it is seen to be insecure by the black-hats they'll use some other channel that is more easily tapped.
fastest full free proxy ( proxie ) leech lists for Mega big brotherhood protections tru firewall and Rox is the major responsible for accessdiver * s software settings tweakings mm
all for FREE at
PROXYFANTASY owner is R’a’kan with is greedy and wants a very large sum of money to stop his proxy projects or all customers will turn to me i offer 1000sands of proxy servers
for free no registration needed absolutley NOTHING is hidden
for my users….
proxyfantasy offers latest definitions of spyware fighting software too at no cost at all…..
search engine is added to proxyfantasay aswell as an ip finder….....
cu all over at proxyfantasy.tk
The whole thing is now considered a bit of a scam in Israel. The newspaper that published the PI's story, Ma'ariv, retracted the story and admitted it was questionable at best.
The only English reference I found is:
(which requires subscription)
Discussing Skype/VoIP anonymity is interesting but seems irrelevant to the case at hand.
I've been making some important calls and I've recently found out that my Skype calls could be tracked back to me and I was wondering if there was a way that I could keep people from tracking the calls to me.
The watermark paper can only correlate udp packets. It cannot be used to track a call; To wiretap both ends is not very realistic; if findnot.com changes packet timing, this method is useless. Using findnot.com can prevent the receiver from tracing back the origin (ip). But your detail is still revealed to findnot.com.
I have been making some important calls and I've recently found out that my Skype calls could be tracked back to me and I was wondering if there was a way that I could keep people from tracking the calls to me.
So is there a way to create an anonymous Skype account with a SkypeIn option? C'mon, I know that somebody can figure this out (sadly, it's not me...)
CAN I TRACK SOMEBODY'S IP VIA SKYPE?
It's a good question if it is possible to get ip of the user with which You are talking via Skype. As I now skype API doesn't allow to track users ip. Therefore You can call person and check IP that skype connects - only if one of You has external IP. Secondly You can call skype help - they should have IPs that user connects from. If anyone knows other method please write. It should be helpful when You computer is stolen but You have no tracking software installed.
Partially on-topic, partly a tangent.
--- did they trace a computer to PSTN call? (most probably.) Posted by: lankasri at August 24, 2006 03:39 PM
Is it possible telemarketers can intercept and use landline or cellphone numbers at the gateway?
I received a Skype call on my cell phone. After hanging-up, within seconds/a_minute I receive a call from a telmarketer. Caller ID was just ' 0 '. Guy claimed to be from a broker firm.
SALUT ALL. WELL I TOUGHT THAT SKYPE CONECTED PEOPLE VIA SOME SERVERS. BUT IF YOU WRITE TO SBD (AND HE WRITES YOU BACK (than you can be absolutely sure that he's online)AND YOU OPEN YOUR cmd AND TYPE THE "netstat -n" COMMAND YOU CAN SEE THE PERSON'S IP.
If you want to make calls with Skype or any other VOIP service, but don't want to reveal your exact whereabouts, just connect to the Internet wirelessly. For example, use a WiFi ISP or bridge an Internet-enabled cell phone.
They could still trace your call, but would only know the general area the call was made from.
Well actually some flaws in your netstat -n . See since skype is a P2P network and it uses other skype users to route calls you can't immidiatly assume that the ip your seeing is infact your users ip. Also your WiFi isp would prob be a bad idea because if they track your cellphone and extract information from your cellphone then you can be tracked through the cellphone company :-) Nice try though.
My laptop was stolen in the Caribbean in a hotel last june. My boyfriend's skype would automatically start when the computer starts up and we have seen him appear online a couple of times. Therefore, we are convinced the person who has stolen the computer does not know that skypes starts when they switch the computer on!!!! Can anyone please tell me if it is possible and HOW i can track my computer back through skype??? I have years of hard work stored on it and feel this could be my chance to get it back.
Many thanks in advance!
My laptop has been stolen too (yesterday) and my skype user has been logged in after it. I've send request to skype support and I'm waiting for response.
my email: firstname.lastname@example.org
someone who has been harassing came to know about my skype account and has sent me a message. he then requested for my IP info 2 days ago, I don't know from where. my question is, is there a way to stop the information from being sent to him, and if not, what kind of information will he be getting?
The thing that upsets me about the internet phones is people can make calls to me at my work and threaten me without ever having to worry about the cops coming.
For the people who had their laptops stolen...unfortunately you need to let it go. The laptop is gone and you will not be getting it back.
Just contact Skype close your old account, create a new one and turn the page. You're not going to be able to track your stolen laptop down via Skype.
Despite what people are saying, your Skype calls are almost as secure as calling from a pay phone (land line) as long as you take a few minor precautions.
The only reason why reports are circulating about Skype calls being traced, is to create a false sense of fear in people who try to use the service for illegal or immoral things. (ie to hide, to prank, to harass).
If someone THINKS that their Skype call can be traced, then maybe they will make the decision NOT to use the service for ulterior motives. (although Skype is perfect for this).
Since the calls cannot be easily traced, they must put out propaganda in order to try and stop people from using Skype to make these types of calls.
my husband received what looked like 5 text messages on his cell phone. His cell phone also receives emails from his office computer (like a blackberry ). The sender of the messages was not identified with a return phone number, only a 4 digit code.
The messages were of a personal nature,but didnt appear to be relevant to anything to us. My first instinct was "wrong number". So I hit reply, and texted back saying wrong number, but an auto reply said that didnt work because it was sent from skype. Doesnt skype need an email address to send to? We have a skype account which we rarely use, and only skype one person in scandinavia. IS Any body able to explain this, when someone skypes a message, are they sending it to the cell phone number ( easy to get wrong ) or an email address ( not so easy to get wrong..) Thanks
Completely untraceable? It's possible.
1) Use cash to purchase a prepaid Visa/Mastergard gift card at a random location (you can do that at about any retail chain)
2) Use said card to pay for an anonymous proxy service such as Findnot (www.findnot.com)
3) Sign in to the proxy server from a public computer or a public wifi hotspot such as an airport.
3) Through the proxy server, create a new Skype account with the same gift card. Most gift cards can be registered online to a false name and address (also done form a public computer) so you can make sure the bogus name and address match when you register the Skype accouont.
4) Connect the Skype program through the proxy and make the call.
If you use a popular (busy) proxy service, the call will be traced back to an IP address that is shared by thousands of people. The proxy service (if its a good one) will not keep any logs of who connects, so by the time any records are legally acquired by the authorities, nobody will have any clue who connected on that date and time or where they were from.
Does anyone have suggestions on how someone could trace that?
my boy friend is always aware when i make a private call even when i change sim or phone.how can i prevent him from tracing my calls? please kindly advice me.
Yes, I see a hole. According to other posts, the skype client does not limit itself to the proxy server info you input. You can even put in erroneous IP addresses, and it will still connect. *Apparently* the skype client attempts somesort of direct connection regardless of the use of proxy servers.
Under your scenario, this would still lead back to someone else's WiFi AP or to an internet cafe, so there is some obscurity remaining there . . .
I wonder if skype sends MAC addresses . . . You know the NSA has asked them to code such capabilities into skype.
We need an open-source VOIP app to get around these problems. I really want to skypecast anonymously.
if sone call me on skype , can I trace the ip from the phone company , to see who they are . can I get information from the phone company .
Hi, does skype allows to send "caller name" information to telecommunication network, so that the name of the caller can be presented to the called party? Is there any dependency on network to do so?
Hey @Garret (your absolutely right), I found a Way to Limit Skype and force this Beast client to connect only and Only to the Proxy i set it for. I am Currently in UAE, and Etisalat the main telecoms Provider has blocked Skype totally years ago and No one can Break it (until now) and without limiting Skype to ur set Proxy it wont connect, Such a Stubborn Client! But using this trick method I am able to Scr*w those Idiots at Etisalat.
Someone using Skype's instant messeging (written chat) for verbal attacks. Is it possible to track his/her IP and locate the person?
The paper which describes the tracing of skype calls states the following "Our results also show that
our watermark based tracking technique can be e®ectively
applied to any peer-to-peer VoIP calls that are at least 90
seconds long" the article says "Alexander was located after making a one-minute call via the online telephone Skype service"
Thus 60 sec and 90 seconds does not match. There are some goverment research going on in tracing skype but at this stage that paper is the only feasiable approach and i have not heard of anyone or any software that does use it.
Skype is no traceable unles you are going to apply the methods in the paper
I was wondering if someone logged into my skypeaccount, but not from my computer. can I find out who or where this was?
Camille yes it is possible but the only thing is the person who stole it probably re-formated the computer and reinstalled Windows now it is not possible. GUID tracing is a different story I've never tried that method but I noticed every time I reformatted my computer my GUID changed your GUID is your "hardware ID" my computer got stolen before and my brother was able to get it back because he works for the government, lucky for me.
When my wife calls me on skype from a biz trip in Los Angeles, I see her skype name on my iphone caller display. But when I call a landline here in BC , Canada, it says unknown? Or will it say my skype name?
how to know that exact location and username on skype if i know his contact no.
can a person trace my id on skype ? and what does it mean ?
Is there any software or hardware on the market that will verify or confirm the country origin of Skype calls/messages or country of origin of e mails?
"Isn't that kind of stupid for law enforcement to tell the world that that is how he was found? Better to let various bad guys think they've got a secure channel, wouldn't it've been?"
who actually reads this? i was redirected from encyclopediadramatica. you're probably one of the various bad guys. i think the comment you should have posted was "THANK YOU".
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.