Counter Terror Expo News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is offering "billions" to any firm which can offer reliable eavesdropping on Skype IM and voice traffic.
The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain's GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general.
Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. The company won't disclose details of its encryption, either, and isn't required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on "security through obscurity" grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumour suggests that America's NSA may be able to break Skype encryption - assuming they have access to a given call or message - but nobody else.
The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.
"They are saying to the industry, you get us into Skype and we will make you a very rich company," said the industry source, adding that the obscure encryption used by the P2Pware is believed to change frequently as part of software updates.
The spyware kingpin suggested that Skype is deliberately seeking to frustrate national listening agencies, which seems an odd thing to do - Skype has difficulties enough getting revenues out of its vast user base at any time, and a paid secure-voice system for subversives doesn't seem like a money-spinner.
But corporate parent eBay, having had to write down $1.4bn already following its $2.6bn purchase of Skype back in the bubble-2.0 days of 2005, might see an opportunity here. A billion or two from the NSA for a backdoor into Skype might make the acquisition seem like a sensible idea.
We asked the NSA for comment, particularly on the idea of simply buying a way into Skype, but hadn't yet received a response as of publication.
I came across an interesting paper today, "Keyboard Acoustic Emanations Revisited" [PDF] Li Zhuang, Feng Zhou, and J. D. Tygar, researchers at UC Berkeley, have discovered a way to tell what someone is typing using only the recorded audio of the typing session. It works based on the fact that every
key on your keyboard makes a slightly different but unique sound. Armed with this knowledge and a standard cryptographic frequency analysis attack and a little bit of machine learning they are able to turn the sounds of the keyboard into text, with absolutely no training of the program beforehand and no previous samples. Whats more, this attack has a %96 success rate and even works against random text such as a password.
A cryptographic frequency analysis attack works like this, we know that the most commonly used letters in the english language are E,T,A and S. If we have a code where a symbol consistently represents one letter (or in this case a sound consistently represents one letter) then we can assume the most common symbol (sound) represents E, the next most common is T, and so forth. This is the basic theory that the keyboard emanations works on.
Apparently this paper came out back in 2005, but it went largely unnoticed by the media, including blogs. Definitely the most interesting thing about this attack is its ease of implementation and success rate. Keyboard acoustic sniffing attacks had been written about before, but they required sample data for training and had a much lower success rate. This attack requires no training data and even works with a microphone outside the room if using a parabolic microphone. Some might say it is similar to Van Eck Phreaking.
Interestingly while researching this I came across a patent for the "method and apparatus for masking acoustic keyboard emanations." So you may already be able to stop this attack, and you may be committing patent infringement if you do it DIY.
The ACLU has uncovered documents via the Freedom Of Information Act that detail how the FBI has been using their "Triggerfish" program to track and monitor cell phones without the aid of telephone companies or warrants.
Triggerfish is a fake cell phone tower that intercepts phone calls, keeps MIN (phone number) ESN (electronic serial number) and location information, and then forwards the call to the actual cellphone tower. I really hope one of these things turns up on ebay ;)
According to the ars technica and the ACLU:
"Triggerfish can be deployed 'without the user knowing about it, and without involving the cell phone provider.' That may be significant because the legal rulings requiring law enforcement to meet a high 'probable cause' standard before acquiring cell location records have, thus far, pertained to requests for information from providers, pursuant to statutes such as the Communications Assistance for Law Enforcement Act (CALEA) and the Stored Communications Act."
And according to the FBI's Electronic Surveillance Manual (attached below):
Although section 2703(d) generally applies only to stored
communications, nothing in that section requires that the
provider possess the records at the time the order is executed.
Moreover, use of such an order does not improperly evade the
intent of the CALEA prohibition. Section 2703(d) court orders
provide greater privacy protection and accountability than
pen/trap orders by requiring (1) a greater factual showing by law
enforcement and (2) an independent review of the facts by a
court. Indeed, the very language of the CALEA prohibition -
limiting its application to information acquired solely pursuant
to the authority for pen registers and trap and trace devices" -
indicates that Congress intended that the government be able to
obtain this information using some other legal process.
This indicates that the FBI intends to use this to subvert the normal proccess of obtaining a warrant that would be needed for a normal "trap and trace" phone tap.
You can read the ACLU's uncovered documents at: http://www.aclu.org/freespeech/gen/37748res20081112.html
You can download the FBI's electronic surveillance manual at: http://www.hackbloc.org/~flatline/elec-sur-manual.pdf
Have a tip for your editors? Send it to staff@h*ckbloc.org You can use our pgp key which can be found here.
Donate to hackbloc to help us keep it running!
Why You Should Donate
Tools, Actions, News, and more!!
hackthiszine@lists.hackbloc.org
Emails sent to the above address are publicly archived online. Want more privacy? Contact us at staff{at}hackbloc.org.
Article Deadline for Issue #14: N/A Release Date for Issue #14: N/A
HackBloc.org by The Hackbloc Collective is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License for those who respect property rights. For everyone else, you are free.