NSA Wants Help Eavesdropping on Skype

At least, according to an anonymous "industry source":

The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain's GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general.

Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. The company won't disclose details of its encryption, either, and isn't required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on "security through obscurity" grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumour suggests that America's NSA may be able to break Skype encryption -- assuming they have access to a given call or message -- but nobody else.

The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.

I'm sure this is a real problem. Here's an article claiming that Italian criminals are using Skype more than the telephone because of eavesdropping concerns.

Posted on February 23, 2009 at 6:51 AM • 37 Comments

Comments

CalumFebruary 23, 2009 7:13 AM

Is it really a problem? Even if the content is encrypted, the destinations are not, and presumably tapping the connection is not a problem. Knowing who is talking to who is usually more interesting than the actual content.

AnonymousFebruary 23, 2009 7:21 AM

>>Rumour suggests that America's NSA may be able to break Skype encryption -- assuming they have access to a given call or message -- but nobody else.The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.

What does this mean? That they can bruteforce the key? I can't think of any other attack that would use to much resources to be applied routinely, but still not be feasible to anyone, but the NSA.

SecNotFebruary 23, 2009 7:21 AM

security through obscurity can be an effective component of a security system; this is proof of that.

asnFebruary 23, 2009 7:22 AM

>>Rumour suggests that America's NSA may be able to break Skype encryption -- assuming they have access to a given call or message -- but nobody else.The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.

What does this mean? That they can bruteforce the key? I can't think of any other attack that would use to much resources to be applied routinely, but still not be feasible to anyone, but the NSA.

DFebruary 23, 2009 7:52 AM

@SecNot: relying on said obscurity for security is the problem. You could simply be using AES The Right Way in your product and not tell anyone. In that case, the product's security is not dependabt upon obscurity but might be enhanced slightly by it ... Until someone figures that out. Then they still have to crack AES.

asnFebruary 23, 2009 8:04 AM

It seems that Skype has already recieved some security evaluation from outside by a respected cryptographer. Here's his report:

http://www.anagram.com/berson/abskyeval.html

Trivia: Tom Berson is an IACR Fellow
http://www.iacr.org/fellows/

It would be great if Skype(company) would hire more of such consultants to evaluate their products and let them publish reports of ther analysis. But would that make them even for "security through obscurity" security model?

Clive RobinsonFebruary 23, 2009 8:36 AM

This is kind of problem is old news in many respects. I suspect the reason Skype is "in the frame" currently is it's popularity.

What has surprised me is that Skype's system has not been reverse engineered and the algorithm publicaly published by now.

And I further suspect that this is a non story for other political and technical reasons.

The real issues the NSA / GCHQ / etc. have are not in "gathering" but "analysis" and "communication" to interested parties.

Therefore I suspect that they will as normal take a pragmatic aproach to the issue, as effectivly anonymous phone calls have been possible for quite some time.

For instance in the UK and many other countries the price of SIMs is marginal (ie

Likewise second hand mobile phones can be purchased for very little (

Further there are many "cheap international call" booths/shops.

Therefore setting up a "one time call" is not exactly expensive or that difficult and does not require any technical sophistication.

Which if you think about it is less cost and bother than a satellite phone call...

Then of course Skype is not "the only game in town" there are other encrypting Internet phone systems.

And lets be honest there are enough open or weakly protected WiFi points to enable anyone to get an anonymous one time point to point link.

Therefor I'm thinking that the "anonymous commenter" is putting down a little political ground for further legislation or funding...

RoboticusFebruary 23, 2009 9:02 AM

Why don't authorities just get warrants and either install some sort of spyware (like the FBI's 'Magic Lantern') or use a listening device to hear what is being said before it is transmitted? That would bypass any encryption altogether and is not too challenging. (They listen in on face to face meetings when they really want to). Strong encryption just requires different tactics.

PhillipFebruary 23, 2009 9:08 AM

@asn:

"It would be great if Skype(company) would hire more of such consultants to evaluate their products and let them publish reports of ther analysis. But would that make them even for 'security through obscurity' security model?"

Maybe, but would it make business sense?

Would doing so increase their top line (revenue), decrease expenses (hiring people is an expense itself), or otherwise positively impact the bottom line?

asnFebruary 23, 2009 9:35 AM

@Phillip:
>>Maybe, but would it make business sense?

Well, that depends on what the future will bring, I suppose. Currently Skype stands good on the VoIP market, but that could change in the future, because of competition like Zfone, or perhaps even a serious open source alternative will emerge, like Truecrypt has for disk encryption. Then these security reports from respected cryptographers could make a difference.

John KelseyFebruary 23, 2009 9:37 AM

I know nothing of Skype security, but there are a fair number of ways that you could have security flaws that were expensive but not impossible to exploit. For example:

a. If the key derivation function is somehow flawed so that there's a "narrow pipe" on which the whole derived key depends, you could get a guessable 128 bit key from an input with 128 bits or more of entropy.

b. The random number generator used to produce the ephemeral Diffie-Hellman exponent or the session key could have a flaw that allows some fraction of keys to be guessed. It's hard to do entropy estimation, and most everyone seems to do it in software sources by the "geez, there must be 128 bits of entropy *somewhere* in that mess" method, so it's easy to imagine this being the practical weakness.

c. Any of the above could also sensibly involve time-memory tradeoffs, depending on details. In that case, there might be a huge up-front computational cost that only NSA is known to have taken on, to allow a reasonable fraction of sessions to be eavesdropped.

d. There could be an online attack (man-in-the-middle, perhaps using some additional cleverness to bypass whatever the protocol is using to guard against such attacks). Those would be inherently expensive, in the sense that you'd have to manage to be in the middle of the key negotiation from the beginning. The "expense" here isn't computational, but rather in terms of compromised nodes in the P2P network or sites whose traffic can be monitored.

e. The whole thing could be FUD, and NSA might have no way to monitor it.

f. The whole thing could be inverse-FUD, and all kinds of spies, cops, and crooks can monitor it at will.

All IMO. I know nothing about Skype, so any or all of this may be entirely wrong or even silly.

HJohnFebruary 23, 2009 9:47 AM

@Roboticus: "Why don't authorities just get warrants and either install some sort of spyware."
_______

It's tough to get a warrant for a moving target, even tougher is to install spyware when you may not know the machine being used. An example is when cell phone calls pertaining to a plot against the Golden Gate Bridge were intercepted (Golden Gate Bridge didn't translate well into Arabic)--kind of hard to get a warrant when you don't know a target's name or location.

To be clear, I'm certainly not saying it is okay to bypass due process or that I support warrantless evesdropping (I don't)--that's a debate for another place and time. Even less so do I know a good solution to this issue. I'm merely pointing out that simple warrants are not as easy to apply as they once were to land lines. I think the relevance is how to best address a new issue and maintain the balance between the right to privacy and just cause for snooping. I don't see a good answer yet.

Best regards.

FPFebruary 23, 2009 10:02 AM

Random thoughts:

Skype is not much of a problem for law enforcement. With sufficiently strong evidence, they can always get a judge to install a wiretap, using software or good old-fashioned bugs, to capture audio before it is encrypted.

You need to break the encryption if you want to wiretap on a massive scale, which is of course the NSA's job -- or if you want to make the law enforcement's job easier, i.e., to wiretap remotely.

The whole story of NSA offering billions sounds very unlikely. Coming from an anonymous source doesn't make it any more credible.

Given that Skype is owned by EBay, an American company, I wouldn't be surprised if NSA had an arrangement with Skype to hand over logs or other details. History has shown that such secret arrangements are in place everywhere (AT&T, Swift, UBS being the most recent ones).

EU telecoms providers are required to keep a call log. I'm sure that if authorities wanted to, they could make sure that Skype has to comply with that rule.

@Clive: "What has surprised me is that Skype's system has not been reverse engineered":

The Skype software supposedly has some creative anti-debugging measures (encryption of the executable, checking the real-time clock) that make it hard to reverse engineer.

Impossibly StupidFebruary 23, 2009 10:18 AM

If worked for the NSA and we could monitor Skype conversations with ease, one of the first things I would do is publicize how we can't monitor Skype conversations with ease. There might be quite a bit of Coventry-esque nondisclosure going on as data is gathered while silly people think it is still secure.

Clive RobinsonFebruary 23, 2009 10:20 AM

Of course there is one attack against Skype that has not been talked about.

Skype is a P2P system so the argument is no confidential information passes through it's servers.

However lets make an assumption,

Skype users come from the same machine every time.

Can this information be used to find suspect users?

Well the answer is yes, the majority of Skype users are physicaly static and use the same IP address (or ISP range) each time.

Therefore their location and information is effectivly known.

However some Skype users will be mobile but again the majority of those are likley to have a number of "home locations" that they use more frequently.

Which leaves a very small subset of users who rarely use the same place twice or have other abnormal patterns.

In the same way a piece of software can "data mine" out abnormal (closed) groups of phone users, the same software could be used to mine out similar groups of Skype users.

And as we know from previous blog pages the software exists and has been demonstrated, and also mobile computers can be identified by their CPU clock drift.

Tie the two together and then conventional investigatory methods can be applied to find out if the user(s) are deserving of further investigation...

ShaneFebruary 23, 2009 10:51 AM

@Impossibly Stupid

I almost second that, in that this sounds like a baited mouse trap to me. The NSA has unfettered access to the data flowing over the internet across the entire US (and presumably a number of other countries), and P2P or not, it's still flowing through the same pipes for the most part, so not only would it seem to be a non-issue to figure out who is talking to who, I can't imagine (well I can, but still) the encryption scheme/protocol being all that difficult to dissect for an organization that large, especially if it's 'posing a problem'.

I would scarcely believe that after all the hullabaloo they went through to basically have free reign over the whole of US electronic and cellular data, that they would allow Skype to survive as a veritable bullet-proof vest for communications amidst a public who knows full-well that everything they are doing or saying could potentially be listened to / recorded.

I also wouldn't be surprised if the NSA ran an insane amount of TOR nodes, just to collect the end-point data.

Also, tinfoil hats.

PackagedBlueFebruary 23, 2009 11:49 AM

Keyword in Italian crook article link is "reliably."

It is one thing to crack a system, being able to have the intel actionable for expensive action, is another thing.

A nice chosen plaintext attack system for C.I.A., and perhaps the CIA, within the system would be a fun tool, although perhaps a dream.

A neat article and comments, makes one think about some of the issues around actionable intelligence and security.

PeterFebruary 23, 2009 11:54 AM

@Clive
But if we do that, how is the NSA supposed to listen in on peoples sex lives(like they do with soldiers in Iraq)?

Joe BuckFebruary 23, 2009 12:54 PM

In the past, the NSA has sometimes used methods other than cryptographic expertise to handle problems like this.

For example, NSA had their own personal back door inserted into Crypto AG's machines; that's how they were able to read all of the Libyans' secure traffic. The fact that Skype's a private company with a closed source product could be a big help to them here; they might already have a back door in there.

ArrigoFebruary 23, 2009 2:25 PM

Bruce, you need to go further than El Reg... if you find someone willing to translate the article which El Reg quotes it comes from "investigative journalism" (quotes required given the origin) from an Italian newspaper called La Repubblica.

They "proved" that criminals were using it: i.e. they were told by some policemen that they overheard criminals say "let's switch this call to Skype".

The net result is that Interior Minister in Italy decided to start a "Task Force" (more quotes essential) made up of everyone and his dog including the Italian equivalent of the NSF, at least in name, to "crack Skype".

Sadly El Reg picked it up thinking it was serious and missed the fact that Italy has moved from the country of melodrama to the country of farce.

Obviously a better effort would be to penetrate the P2P network using fake supernodes but let them waste more public money the other way, allegedly thought up by the French.

The Germans allegedly worked on sticking viruses on the endpoints which obviously is another good solution to the problem (and were caught by the journalists there causing political headaches).

Interestingly the German assumption is that you know the endpoints and want to hear what they say (i.e. you already have authority to wiretap the subjects) whereas the Italian assumption (and, one assumes, the French one) is that you want to listen to everything...

Arrigo

AnonFebruary 23, 2009 2:54 PM

I think the line that NSA is rumored to be able to tap Skype is just the usual cargo-cult speculation about what goes on there.

Agree with others that, if NSA can eavesdrop on Skype, the most plausible scenario isn't that there's a cryptographic flaw so advanced only NSA could exploit it. Instead, it'd be something like:

- Skype has some basic design flaw that anyone could exploit in principle -- insufficient randomness, a flawed protocol, or whatever,
- There's an actual old-school backdoor, where the software will give up its keys outright, or
- There's no flaw with Skype in particular, but it's really easy to attack the endpoints.

Check out the Skype chat filters in China:
http://www.nartv.org/2006/06/15/...

Phil MFebruary 23, 2009 5:34 PM

Is there any reason besides ignorance for someoen who cares about the security of his communications to use Skype instead of alternatives like Gizmo5 or WengoPhone -- alternatives that use well-tested encryption standards?

AC2February 23, 2009 11:48 PM

Already been established that police forces occasionally download malware onto suspects PCs... Once you have that in place, not much of a biggie to start piping Skype call records to your own servers. Could do voice as well but would arouse suspicion...

denis biderFebruary 24, 2009 1:28 AM

Next thing you know, governments will be complaining that they are unable to monitor private conversations between citizens in parks, so therefore microphones must be installed under benches in parks.

Suppose there was no telephone to begin with. How, oh how, would our governments protect us then?

NostromoFebruary 24, 2009 4:38 AM

"I'm sure this is a real problem." I hope you're being sarcastic, Bruce. I regard governments as a much greater threat to my freedom than a bunch of (non-government) crooks.

Crooks only want to take some of my money. Governments not only want to take much more of my money, but my freedom as well.

AnonymousFebruary 24, 2009 11:34 AM

@Impossibly Stupid:

Of course, this is all a ploy to drive us to an easily-identified protocol so that NSA can track who's talking to who, as opposed to having to sort out a plethora of other encrypted connections that might or might not carry voice.

Forget whether they can hear what you're saying, they just want to know who you're calling and where you are. Then they can point the microwave listening masers at the nearest flat surface and listen in the old-fashioned way, by decoding your sound waves :).

But seriously, driving voice traffic to skype (or any single protocol) would make it easier to flag for traffic analysis. If the handshake helps you identify the users and/or their location so much the better.

gregFebruary 25, 2009 6:53 AM

There is another aspect of the security of skype and why use when other more secure alternatives exist. Its common, and usage alone does not raise a red flag, not to mention the sheer volume of traffic.

G.W.February 25, 2009 7:05 AM

NSA does not have any real problems spying on Skype.

After all they supposedly have ECHELON which is supposedly able to eavesdrop on ALL electronic communication...or was that some U.S. propaganda again...

Anyway...NSA brought up this issue because they want legislation (that gives them more leeway in eavesdropping in USA) and international agreements - at least the real need or want here is not some techno help.

neillFebruary 26, 2009 7:53 AM

IMHO skype does NOT really matter - the "bad guys" could use any intercom software over a well designed VPN (but then, without conferencing features (or is there a multicast-VPN?))

Adrian BunkFebruary 28, 2009 12:40 PM

Perhaps this all is a fake for letting criminals think Skype was secure?

Quoting http://www.eurojust.europa.eu/press_releases/... :

"In September 2006 ... There was a positive message from the Skype representatives during the meeting, showing their commitment to cooperate with the law enforcement authorities in the fight against serious, cross-border organised crime."

Babak MemariOctober 25, 2009 2:47 PM

as the owner of the eBay is an Iranian, and iranian expert at negotiation for gaining money , I am sure eBay has seld secret backdoor of SkyPe to NSA.
Babak from IRAN

RichAugust 20, 2010 2:34 PM

http://euobserver.com/9/27682

In regard to this article I think its important to remember that legal authorities don't just back down cordially. No one was amused when skype childishly avoided master key encryption and supernode redirection, as they claimed their special proprietary protocol was too secure to track and decrypt. Governments have gotten smarter and have less patience for geek BS. Mainly this is because they are hiring more geeks. I'd say the Eurojust turnaround is due to a confidential key to the kingdom. No big conspiracies here, just a respectful nod between governments and a corporation.

CrunchmanMarch 13, 2013 7:43 PM

I believe, about five years ago, Skype crashed because Microsoft had an update and Skype servers got hammered.

This was a perfect opportunity for Skype to release a brand-new version of Skype, and break earlier versions when they started up again.

It wouldn't surprise me to learn that Skype probably installed a "knock knock" protocol, enabling law enforcement, for other agencies to tap Skype phone calls.

I'm certainly not sure this is true, but this is what I've heard from the rumor mills.

John

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..