Swiss Police to Use Trojans for VoIP Tapping
At least they’re thinking about it:
Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.
VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.
This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force—not easy during a three-minute phone call. What’s more, many VoIP services are not based in Switzerland, so the authorities don’t have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.
The only alternative is to find a means of listening in at a point before the data is encrypted.
[…]
In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.
Pim • October 18, 2006 2:54 PM
Seems to me that this an awfully complicated way to go at it, if all you’re doing is effectively bugging the suspect’s house, which I assume is already a well-explored tactic for law enforcement agencies. The only added value over an old-fashioned hidden microphone would be in the case of laptops, but if we assume that the suspect carries his laptop with him, there is less opportunity to sneak in and plant the trojan.
I’m not quite sure how the ISP can help in guaranteeing delivery of such a trojan either, even if we assume for the sake of argument that criminals never run Mac OS X, Linux or OpenBSD.