Published on Security Management (http://www.securitymanagement.com)
German Cops Want to Wiretap Skype
By Matthew Harwood
Created 01/29/2008 - 19:18



    
Wrap-Up?: 
No
Weight: 
0
Lead Headline?: 
No
Date: 
01/30/2008
By Line: 
By Matthew Harwood
Teaser: 
The German government contracted with a German company to create malware to wiretap the Skype VoIP communications and SSL transmissions of suspected terrorists and criminals.


Two leaked documents detail the German government's efforts to bug Skype, reports [1] Wired.com's Threat Level blog.
 
 Documents released by WikiLeaks last week appear to support earlier reports [2] that Germany's federal police plan to use Trojan horse malware to conduct surreptitious searches of targeted computers, including Skype communication and encrypted SSL traffic.   According to one of the documents, which are unverified and were first published by the German political party PiratenPartei [3] (Pirate Party), the Bavarian police appear to have commissioned a German security company to create a Trojan horse for capturing Skype communications and SSL traffic from surveilled computers that would be directly installed on targeted systems or delivered to unsuspecting suspects via an e-mail with a rogue attachment...
 
The Digitask document, [4] according to an analysis on Wikileaks [5], explains how the company can spy on Skype communications.
 
 
[I]t introduces the so-called Skype Capture Unit. In a nutshell: malware is installed onto a target machine, to intercept Skype Voice and Chat. Another feature introduced is a recording proxy, that is not part of the offer, yet would allow for anonymous proxying of recorded information to a target recording station. Access to the recording station is possible via a multimedia streaming client, supposedly offering real-time interception.
 
Another part of the offer is an interception method for SSL based communication, working on the same principle of establishing a man-in-the-middle attack on the key material on the client machine. According to the offer, this method works for Internet Explorer and Firefox web browsers. Digitask also recommends using overseas proxy servers, to cover the tracks of all activities.
 
 
According to The Register [6], Germany's federal court has already ruled that police cannot plant malware for surveillance purposes until a law regulates such police hacking activity. This ruling sparked members of Parliament to draft such a bill late last year. Nevertheless, as Kim Zetter of Threat Level writes, "police didn't wait for legislators to make their move before they began talking with DigiTask about creating made-to-order Skype malware." 
 
 
Related Resources: 
Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 38,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703.519.6200 | fax 703.519.6299 | www.asisonline.org


ASIS


© 2013 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/news/german-cops-want-wiretap-skype

    
Links:
[1] http://blog.wired.com/27bstroke6/2008/01/leaked-document.html

[2] http://www.theregister.co.uk/2007/11/21/germany_vxer_hire_plan/

[3] http://www.piratenpartei.de/navigation/presse/pressemitteilungen/1.-quartal-2008/lka-bayern-nutzt-%22bayerntrojaner%22-bereits-zum-v

[4] http://wikileaks.org/wiki/Bavarian_trojan_for_non-germans

[5] http://wikileaks.org/wiki/Skype_and_the_Bavarian_trojan_in_the_middle

[6] http://www.theregister.co.uk/2008/01/29/skype_trojan/