by Ian Allen

February 25, 2009

from IntelNews Website


Italian authorities are taking the initiative in a European Union (EU)-wide effort to terminate the tacit immunity of Voice-Over-Internet-Protocol (VOIP) communications from authorized interception.

 

Italy’s delegation to Eurojust, an EU coordination body tasked with combating transnational organized crime, issued a statement last weekend, promising to spearhead a project to,

“overcome the technical and judicial obstacles to the interception of internet telephony systems”.

The statement contains several references to Skype, a Luxembourg-based VOIP provider that has so far reportedly refused to share its communications encryption system with government authorities.

 

Because of this, the latter have accused Skype of providing organized crime syndicates with the ability to communicate without fear of their messages being intercepted.

There is some evidence that criminal and militant groups are switching to VOIP communications to coordinate their operations. In November of 2008, the Pakistani militant group, Lashkar-e-Taiba, used VOIP software to communicate with the Mumbai attackers on the ground and direct the large-scale operation on a real-time basis.

The distinguishing feature of VOIP-based communications, which form the technical basis of popular communications software, such as Skype and Vonage, is that audio signals are converted to data and travel through most of the Internet infrastructure in binary, rather than audio, format. Furthermore, they are sometimes encrypted using algorithms of various strengths.

 

Additionally, VOIP data packets often travel through Internet networks looking for unused lines, which may not necessarily be the shortest route to their destination. Consequently, a VOIP source signal from New York to Los Angeles could easily reach its destination through, say, Reykjavik or Bogota. What is more, binary data packets often split, with different parts following different routes to a given destination and only reuniting at a switch close to the end destination.

 

This poses severe barriers to communications interception, as well as to the ability of law enforcement and intelligence agencies to locate the source of target calls.

Companies like Skype point to the technical complexities of VOIP communications and argue that it is often technically impossible to facilitate communications interception requests by government authorities.

 

Skype in particular says it has repeatedly briefed EU law enforcement agencies about these technical barriers, and that its policy is to cooperate with government interception requests “where legally and technically possible”.

Technical issues aside, those in the know are aware of ongoing efforts by intelligence agencies to bypass Internet service providers altogether, concentrating instead on intercepting VOIP messages at the user end. Earlier this month, reports emerged that German authorities are using malicious software installed surreptitiously on targeted computers to capture the content of VOIP-based communications.

 

In January, the EU prompted European law enforcement agencies to resort to computer hacking (termed “remote searching” in official documents) in order to combat cyber crime. Britain’s Association of Chief Police Officers (ACPO) admitted that British law enforcement and intelligence agencies already conduct “a small number” of such operations every year.

 

In 2008, “remote searching” was employed during,

“194 clandestine searches [...] of people’s homes, offices and hotel bedrooms”, ACPO said.

More recently, an anonymous industry insider alleged that the US National Security Agency (NSA) is actively soliciting several companies in its search for a way out of the technical challenges posed by Skype’s strong encryption and peer-to-peer network architecture.

 

The unnamed source claimed that NSA is,

“offering billions to any firm which can offer reliable eavesdropping on Skype IM and voice traffic [...]. They are saying to the industry, you get us into Skype and we will make you a very rich company”, said the source.

If accurate, these allegations show that initiatives such as the one by Eurojust, above, which aim at establishing operational interfaces between law enforcement, intelligence and telecommunications organizations, are simply one facet of a broader effort to intercept VOIP communications.

 

While reaching out to VOIP providers, European and American intelligence agencies are simultaneously engaged in projects -often of dubious legality- to circumvent these providers altogether, focusing instead on end-point eavesdropping.

 

These attempts will continue for as long as encrypted, peer-to-peer VOIP remains an attractive option for consumers.


 




Has Skype’s VOIP Encryption Been Broken?
by Ian Allen

August 28, 2009
from IntelNews Website

 

NSA HQ
 

I have explained before that the US National Security Agency (NSA) and other intelligence agencies have found it impossible to intercept Skype’s instant messaging and voice traffic.

 

Like other voice-over-Internet protocol (VOIP) communications providers, Skype uses technology that converts audio signals to data, and transports them through most of the Internet infrastructure in binary, rather than audio, format. Furthermore, Skype uses very complex algorithms to encrypt its customers’ communications.

 

Skype has repeatedly pointed to the technical complexities of VOIP communications, arguing that it is often technically impossible to facilitate communications interception requests by government authorities.

 

There are rumors among communications interception specialists that the NSA is offering billions to anyone who can come up with a reliable eavesdropping model for Skype.

 

Remarkably, on August 25, a Swiss software developer released what he claims is the source code of a program for tapping into encrypted Skype communications. I don’t know whether the source code (essentially a trojan) is effective.

 

He claims it is. If this is confirmed, then several people in Fort George F. Meade, Maryland, will be really close paying attention.

 

Return to The Echelon Network

Return to The End of The Internet?