Taliban VoIP calls

Pete Wylie — Mon, 15 Sep 2008 14:33:28 -0400

Days after the seventh anniversary of the Sept. 11 attacks on the U.S., British intelligence reported that the Taliban is using Skype to coordinate its military operations because the VoIP calls are heavily encrypted and difficult to decode. Previously, the British military and the U.S. military had intercepted Taliban communications with relative ease, because they used satellite or normal mobile phones easily traceable by British observation planes and U.S. intelligence resources.

The Skype algorithm is reportedly proving to be quite difficult to crack. British military officials have tried to introduce legislation into their Parliament requiring ISPs to track data, but the proposal raised the usual questions about privacy and government snooping on individual civilians.

Coordinated attacks based on VoIP calls are part of the Taliban's more aggressive strategy and reorganization. British officials are reportedly were working overtime with American counterparts to crack Skype encryption on suspected terrorist communications. But, as reported July 25, 2008, Austrian officials implied that Skype calls were quite easy to intercept. If that's the case, British officials need to have a chat with Vienna sooner rather than later.

For more:
- see the computerweekly.com article

Related Articles
A Skype Back Door?
Skype Wiretap Nuances

Skype Wiretap Nuances

Doug Mohney — Tue, 10 Jun 2008 20:49:24 -0400

Skype says it is unable to comply with court-authorized wiretap requests, says News.com. A closer examination of the question and Skype's reply bears examination and thought.

News.com conducted a survey asking a number of big name vendors about the privacy of instant messaging and other services they offer. One of the questions was: "Have you ever received a subpoena, court order or other law enforcement request asking you to perform a live interception or wiretap, meaning the contents of your users' communications would be instantly forwarded to law enforcement?"

Skype's reply with underline emphasis provided by this reporter: "We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."

Skype doesn't say it hasn't received any requests to perform live interception of phone calls, just that nobody's asked them for Skype-to-Skype communication. This would imply that SkypeIn and SkypeOut, the services that touch the PSTN, might be fair game. The company has said in the past that it cooperates with all lawful requests from "relevant authorities," so a reasonable person might assume that if you're making calls through Skype that touch the PSTN, those calls could be subject to lawful intercept.

However, there's a rolling assumption that peer-to-peer calls that stick to Skype's peer-to-peer network and are encrypted with 256-bit AES are potentially untouchable, while centralized voice/VoIP services operated by Yahoo, AOL, Microsoft and others could be readily tapped.

Fanning the flames of speculation is Skype's closed software architecture and a large body of work by independent researchers that have going through detail reverse engineering of the program and how it works. Since Skype is a "black box," there is no way to know if there's a backdoor of sorts to tap into a client and copy the voice stream to somewhere else or any way to know if such a process was occurring.

For more:
- News.com's speculation that Skype is secure
- For security geeks, a very cool compilation of Skype independent security analysis

Related articles:
Skype resists inter-operability
Skype: Stand-by for violence with open telephony.
Do as we say, not as we do; Skype wants open access to wireless devices