Swiss Police to Use Trojans for VoIP Tapping

At least they're thinking about it:

Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.

VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.

This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force -- not easy during a three-minute phone call. What's more, many VoIP services are not based in Switzerland, so the authorities don't have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.

The only alternative is to find a means of listening in at a point before the data is encrypted.

[...]

In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.

The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.

Posted on October 18, 2006 at 2:26 PM • 29 Comments

Comments

PimOctober 18, 2006 2:54 PM

Seems to me that this an awfully complicated way to go at it, if all you're doing is effectively bugging the suspect's house, which I assume is already a well-explored tactic for law enforcement agencies. The only added value over an old-fashioned hidden microphone would be in the case of laptops, but if we assume that the suspect carries his laptop with him, there is less opportunity to sneak in and plant the trojan.

I'm not quite sure how the ISP can help in guaranteeing delivery of such a trojan either, even if we assume for the sake of argument that criminals never run Mac OS X, Linux or OpenBSD.

nzrussOctober 18, 2006 3:03 PM

I still fail to see why services such as skype and google talk do not encrypt your message? Its not *that* difficult to implement. I dont see any reason they would not do it, other than pressure from the NSA etc...

This goes for chat messages as well.

Mark EarnestOctober 18, 2006 3:07 PM

In addition to what Pim wrote above, what happens when the slew of anti-spyware programs out there start detecting and removing this spyware? If the Swiss government does not have the ability to force VoIP providers to give them keys, what luck will they have getting Adaware and Spybot to look the other way?

I wonder if this is nothing more than a scare tactic to try to keep criminals from using VoIP for fear they may be listened in on. If they really wanted a wiretapping scheme like this to work, they first step would be to NOT issue a press release about it.

Mark

Mark EarnestOctober 18, 2006 3:09 PM

nzruss:

For the same reason nobody encrypts email. Key management is way more complicated than the average person can handle. You have the option to encrypt IMs with Gaim and I still find most people do not do it (despite the fact that the key management is pretty good).

For your average Joe, it is more trouble than it is worth.

AnonymousOctober 18, 2006 3:56 PM

nzruss - which part of "VoIP calls through software services such as Skype are encrypted" makes you think Skype doesn't encrypt things?

LonerVampOctober 18, 2006 4:02 PM

Skype is encrypted, just with some proprietary stuff.

I find this idea to be dubious at best.

Perhaps this can be a good movie script? Swiss government creates super trojan able to evade all firewalls and detections...then loses it to a super hacker evil genius who decides to use it for XYZ purposes. Rarr! Then a biological virus is unleashed upon the world, killing millions, until the new super trojan is introduced into their collective hive which roots and kills them all.

Or perhaps RFID tags gone bad? In 6 years all domesticated dogs are required to be fitted with RFID tags. Only no one realized the RFID tags can be hijacked and send rogue neurological signals to the dogs, subverting their will and turning them into the new flesh and blood botnet. They sleep, eat, and play with their masters until the signals is rolled out and they en masse attack local businesses in a violent wave of gnashing teeth and loud barking.

Distributed Dog attack?

Ninja Gay DenOctober 18, 2006 4:07 PM

"Key management is way more complicated than the average person can handle"

Basic use of GnuPG is simple, anyone who can't use this doesn't belong using a computer. The reason why we have so many viruses and trojans today is not because computers are complex, it's because people are stupid (and use closed source).

Mark EarnestOctober 18, 2006 4:29 PM

"Basic use of GnuPG is simple, anyone who can't use this doesn't belong using a computer. The reason why we have so many viruses and trojans today is not because computers are complex, it's because people are stupid (and use closed source)."

Sure, blame the user, simple cop out.

It requires extra steps, extra programs installed, a key generated (most people are going to freeze up on the options for this), and many email/chat programs do not support it anyway.

Not to mention the most important thing, an understanding of public key crypto. You most likely have this, so for you GnuPG is quite easy. For someone without this, it is going to be confusing as all get out.

Given all of that, the vast majority of people deem it not to be worth the bother. I used both PGP and S/MIME for a long time and got to the point where I was sick of explaining to people that my digital signature was not a virus. I still encrypt important emails (read: work related) but otherwise it is a losing battle until the email clients integrate a LOT better with the crypto stuff.

Fred POctober 18, 2006 4:33 PM

@Ninja Gay Den-
I don't think that open source or closed source applications are inherently more secure; it is theoretically possible to have a very secure closed source program, just as it is possible to have a very insecure open source program.

The advantages with open source is that for well-maintained projects there is a tendancy to improve them, which tends to improve their security. This is feedback that relatively few closed-source applications get, and when they do, it's a tiny percentage of what an open-source application typically gets. The second advantage is that if there is a problem you care about in an open-source project, you can fix it.

BjornOctober 18, 2006 4:37 PM

I fail to see how the ISP is in any position to install a Trojan on a customer's computer. Sure, they control the DNS lookup but even that is of little use for them. Am I missing something? Should I be scared of my ISP?

This smells like intimitation...

LonerVampOctober 18, 2006 4:47 PM

@Ninja: Try rolling out GnuPG in a corporate environment and see how frustrating an experience it might be, even when working with tech-savvy users, let alone the rest. For those of us geeks with both the knowledge and the drive to learn things like this, yes, it can be easy. But for everyone else, it is a waste of time and effort and a completely confusing mystery.

Josh PetersOctober 18, 2006 4:48 PM

Depending on how this actually is implemented, could the authorities be opening themselves up to lawsuits of wreckless endangerment or something along those lines?

Essentially, one can imagine a situation where the Swiss authorities attempt to tap a call only to make that call tappable by that person's enemies.

billbOctober 18, 2006 4:58 PM

Why does VoIP need to be GPG encrypted. Seems like SSL should be good enough. Ordinary people do encrypted communications with their banks every day. Why can't the VoIP guys do something similar?

AnonymousOctober 18, 2006 5:00 PM

@LonerVamp ...

Your "Distributed Dog attack" (movie title "rFIDOg") would cause more negative publicity for RFID that all the newspaper stories written to date.

I suggest the follow-on, "rFIDOg v2: Interference". Having taken out the bad guys and erased the keys needed for control of the dognet, they think they are safe. Nobody counted on interference from microwave ovens, wireless access points, and cell phones, which are causing dogs to randomly go over the edge due to side effects of the chips.

Then "rFIDOg v3: SpyDog", where the new evil villians discover that by analyzing the response from 2^16 chips over 2^16 rfid probes (garnered by first killing 2^16 dogs to gather their chips) they can extract the control keys for the dognet. Although the bad guys are captured, the evil genius escapes, because the villians only communicated with him via email.

Finally "rFIDOg v4: Trojan Dog"; again, the evil villian extracts the control keys for the dognet, and discovers a top secret monitoring function that can allow the RFID chip to relay the dog's audio signals via a chip-to-chip relay (the "dogmesh"). Although originally intended for rescue operations, then taken on to try and leverage wild dogs in Afghanistan (the "Afghan hounds") to find bin Laden, the project is turned to nefarious purposes, when the President's dog secretly relays executive planning meetings.

AntoninOctober 18, 2006 5:03 PM

F-Secure have already said that they will add detection for this if they find it in the wild, at least. It'll be interesting to see how other AV/anti-spyware vendors handle it...

Bruce SchneierOctober 18, 2006 5:36 PM

"F-Secure have already said that they will add detection for this if they find it in the wild, at least."

Excellent. I am liking that company more and more; they also behaved well in the Sony rootkit debacle.

RalphOctober 18, 2006 11:29 PM

Subverting transport encryption through end point compromise!

I don't know people, it's a simple, logical idea.

Sounds like a fun project to me. It has been done before and I see no reason why it couldn't have reasonable success.

swiss connectionOctober 19, 2006 1:34 AM

This is only being talked about, if they decide to push ahead with it, there will be legal challenges.

One of the issues is the clandestine nature of this. At the present state of the law, a judge can rule to have a house or a computer searched, but law enforcement is not allowed to do it surreptitiously. This technology would not only mean that the persons privacy is intruded, he/she is most likely not going to find out about it. They certainly cannot do wholesale targeting of random individuals.

@Mark Earnest

> Key management is way more complicated
> than the average person can handle

Come on, the stated is not the real reason. Key handling could be done easily with good software design - the problem is more that governments and large corporations actively discourage this technology. For obvious reasons!

StephaneOctober 19, 2006 3:45 AM

Since I'm Swiss, this almost makes me try to do something illegal to get them to try to bug my machine. After I catch their "guest" in a VM, I bet I'll have a lot of fun dissecting it :P

But maybe this isn't quite worth the jail time...

RvnPhnxOctober 19, 2006 12:22 PM

This is all well and good from the point of view of somebody whom has never thought about surreptitious (not going to even bother checking the spelling on that) communications. You'd be much better off just either talking in a language that the local authorities aren't likely to recognise quickly (seriously, how many Urdu speakers are living in Switzerland?) or just making it sound as if you are talking about the latest local football (in the global sense of the word) match.
The fact of the matter is that those people whom are planning something big and haven't been caught yet already know what I wrote above.

derfOctober 19, 2006 1:44 PM

The solution for the consumer, at least in America, is to copyright all of your phone calls. This would make reverse engineering or interception of your phone calls illegal under the DMCA.

X the UnknownOctober 19, 2006 4:34 PM

@derf:
"The solution for the consumer, at least in America, is to copyright all of your phone calls. This would make reverse engineering or interception of your phone calls illegal under the DMCA."

All creative works are implicitly copyrighted by default. Does this give us a legal chalenge to the NSA's eavesdropping?

TrautmannOctober 20, 2006 10:55 AM

This is one of the actions with which governments turn themselves, in my eyes, into criminals. Enemies of the people. My personal enemies.

I strongly believe every person has a right to be left alone. Indoctrination (ads) and spionage (every kind of surveillance) clearly violate that right. But governments, being instruments of the rich who control the industry, work hard to force both ads and surveillance on us.

It starts with simple data that the authorities collect, store and transmit about us, like birthday, address and income. Forced extraction of data about our physiology (DNS tests) is surveillance taken to the extreme, because it allows to identify and discriminate us by what we are and how "good" our genes look to those who datamine them.

Thus my conclusion: Freedom and personal safety and security start with hiding from the government. Communication hygiene is only a second.

AnonymousOctober 20, 2006 2:29 PM

"Sure, blame the user, simple cop out. "

I would venture to say that allowing stupid people to use a computer while remaining stupid is a serious problem for us all, and should first be addressed.

"It requires extra steps, extra programs installed, a key generated"

Oh, bother! It's very simple and can be learned by anyone who can learn to drive a car, the difference being that learning simple use of GPG can be done in one afternoon.

"(most people are going to freeze up on the options for this),"

Then they don't belong using a closed source operating system with a history of remote exploits on a public internet.

"and many email/chat programs do not support it anyway"

Which ones? Probably most of the closed sources ones. There is the option to use a number of free and open sources ones which do support it. Again, it's simply a matter of less people using GPG or more applications would support GPG.

"Not to mention the most important thing, an understanding of public key crypto. You most likely have this, so for you GnuPG is quite easy."

If you read the suggestion I made in the post you replied to, you know that I don't "most likely have this" understanding, I damn well do have it.

"For someone without this, it is going to be confusing as all get out. "

That's bullshit, basic usage is simple for anyone to learn, the only reasons more people don't use GPG/PGP is because (1) They don't know about it and (2) they don't clearly understand why it would benefit them.

"Given all of that, the vast majority of people deem it not to be worth the bother."

And yet, the vast majority of people send their letters and important documents in an envelope, package, or some type of surrounding container which conceals the information within. Somewhere along the line they learned the differences between sending their CC# and other important information on a post card vs. an envelope or what have you.

"I used both PGP and S/MIME for a long time and got to the point where I was sick of explaining to people that my digital signature was not a virus."

The problem is these people who were allowed to use a computer without knowing much about it. The people who don't want to learn anything important, even if it's basic, are stupid and shouldn't be allowed to put their closed source operating system with a history of remote exploits and easily affected by malware onto a public internet. We have rules against people without a license driving on the highway in Mad Max cars with giant MGs and RPGs, right? Why then do we legally tolerate morons to put unsecured boxes on the internet which either have or will have malware on it which will directly affect others? If they can't understand the basics of security, they shouldn't be on the public internet, just as stupid people shouldn't drive on our streets.

"I still encrypt important emails (read: work related) but otherwise it is a losing battle until the email clients integrate a LOT better with the crypto stuff."

Only because the majority are stupid. We (those who have been around since before Jobs/Gates respective businesses were formed) didn't have such problems with malware before Windows came on the scene and the flood of stupid users who found that just by click-and-drooling they could join the public internet with their piece of shit closed source boxes of doom.

My Hangnail Bit MeOctober 20, 2006 2:30 PM

"Sure, blame the user, simple cop out. "

I would venture to say that allowing stupid people to use a computer while remaining stupid is a serious problem for us all, and should first be addressed.

"It requires extra steps, extra programs installed, a key generated"

Oh, bother! It's very simple and can be learned by anyone who can learn to drive a car, the difference being that learning simple use of GPG can be done in one afternoon.

"(most people are going to freeze up on the options for this),"

Then they don't belong using a closed source operating system with a history of remote exploits on a public internet.

"and many email/chat programs do not support it anyway"

Which ones? Probably most of the closed sources ones. There is the option to use a number of free and open sources ones which do support it. Again, it's simply a matter of less people using GPG or more applications would support GPG.

"Not to mention the most important thing, an understanding of public key crypto. You most likely have this, so for you GnuPG is quite easy."

If you read the suggestion I made in the post you replied to, you know that I don't "most likely have this" understanding, I damn well do have it.

"For someone without this, it is going to be confusing as all get out. "

That's bullshit, basic usage is simple for anyone to learn, the only reasons more people don't use GPG/PGP is because (1) They don't know about it and (2) they don't clearly understand why it would benefit them.

"Given all of that, the vast majority of people deem it not to be worth the bother."

And yet, the vast majority of people send their letters and important documents in an envelope, package, or some type of surrounding container which conceals the information within. Somewhere along the line they learned the differences between sending their CC# and other important information on a post card vs. an envelope or what have you.

"I used both PGP and S/MIME for a long time and got to the point where I was sick of explaining to people that my digital signature was not a virus."

The problem is these people who were allowed to use a computer without knowing much about it. The people who don't want to learn anything important, even if it's basic, are stupid and shouldn't be allowed to put their closed source operating system with a history of remote exploits and easily affected by malware onto a public internet. We have rules against people without a license driving on the highway in Mad Max cars with giant MGs and RPGs, right? Why then do we legally tolerate morons to put unsecured boxes on the internet which either have or will have malware on it which will directly affect others? If they can't understand the basics of security, they shouldn't be on the public internet, just as stupid people shouldn't drive on our streets.

"I still encrypt important emails (read: work related) but otherwise it is a losing battle until the email clients integrate a LOT better with the crypto stuff."

Only because the majority are stupid. We (those who have been around since before Jobs/Gates respective businesses were formed) didn't have such problems with malware before Windows came on the scene and the flood of stupid users who found that just by click-and-drooling they could join the public internet with their piece of shit closed source boxes of doom.

nobody specialOctober 24, 2006 10:20 PM

@nzruss

``I still fail to see why services such as skype and google talk do not encrypt your message? Its not *that* difficult to implement. I dont see any reason they would not do it, other than pressure from the NSA etc...''

Actually, Skype does encrypt things, it's just that they haven't shown the source code, so you have to trust that their binaries do what their crypto consultants described as their protocol.

Still, the great thing is tunnelling. You can just tunnel through these services, no problem. Get OTR for gaim, works great.

@Mark Earnest:
They won't send this program out willy-nilly, presumably. It will likely be a custom job that some shrewd character overcharges for by a factor of 10 or 100, while making minor tweaks and testing it against the popular spyware/virii signatures.

@Fred P:
You forgot that with open-source, you can review readable source code and verify it doesn't have any security holes. The risk of detection of back doors is higher. You can't do that with closed-source; you're outsourcing your security to the vendor.

@Bjorn:

Yes, you're missing something. Basically your ISP can inject malware into any download you initiate, or transparently proxy all of your communications, or poison your DNS cache, or a whole host of other things. Anything that isn't secured end-to-end with confidentiality is snoopable, and anything that isn't secured end-to-end with authentication/integrity is tamperable. Every GPG key you download could be automatically generated and stored for future use. Think about it.

@Bruce: Re: F-Secure, haven't heard that name in a long time (Flu shot plus anyone?). What is their detection rate? Is it close to Kaspersky, which has a 90%+ detection rate in the wild?

@X the Unknown:
No, you actually have to fix the creative works in a tangible form. So recording all your phone calls would, in fact, make them copyrighted. However, unless someone derived them from the tangible form, it is not an infringing derivative work, I think.

BTW, enigmail for Thunderbird works pretty well.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..