The German government contracted with a German company to create malware to wiretap the Skype VoIP communications and SSL transmissions of suspected terrorists and criminals.
Two leaked documents detail the German government's efforts to bug Skype, reports Wired.com's Threat Level blog.
Documents released by WikiLeaks last week appear to support earlier reports that Germany's federal police plan to use Trojan horse malware to conduct surreptitious searches of targeted computers, including Skype communication and encrypted SSL traffic. According to one of the documents, which are unverified and were first published by the German political party PiratenPartei (Pirate Party), the Bavarian police appear to have commissioned a German security company to create a Trojan horse for capturing Skype communications and SSL traffic from surveilled computers that would be directly installed on targeted systems or delivered to unsuspecting suspects via an e-mail with a rogue attachment...
The Digitask document, according to an analysis on Wikileaks , explains how the company can spy on Skype communications.
[I]t introduces the so-called Skype Capture Unit. In a nutshell: malware is installed onto a target machine, to intercept Skype Voice and Chat. Another feature introduced is a recording proxy, that is not part of the offer, yet would allow for anonymous proxying of recorded information to a target recording station. Access to the recording station is possible via a multimedia streaming client, supposedly offering real-time interception.
Another part of the offer is an interception method for SSL based communication, working on the same principle of establishing a man-in-the-middle attack on the key material on the client machine. According to the offer, this method works for Internet Explorer and Firefox web browsers. Digitask also recommends using overseas proxy servers, to cover the tracks of all activities.
According to The Register , Germany's federal court has already ruled that police cannot plant malware for surveillance purposes until a law regulates such police hacking activity. This ruling sparked members of Parliament to draft such a bill late last year. Nevertheless, as Kim Zetter of Threat Level writes, "police didn't wait for legislators to make their move before they began talking with DigiTask about creating made-to-order Skype malware."