News you may have missed #527

  • Has Microsoft broken Skype’s encryption? The US Congress has finally discovered Skype. But the timing may be bad, since there are rumors that Microsoft has found a way to break the encryption behind Skype communications, rendering all Skype calls potentially open to surveillance by governments. The company (Microsoft) has even filed a related patent application. Communications interception experts have been trying for some time to achieve this.
  • Ex-CIA agent loses legal battle over ‘unauthorized’ book. A former CIA deep-cover operative, who goes by the pseudonym ‘Ishmael Jones’, may have to financially compensate the Agency for publishing a book without the CIA’s approval, after a US judge ruled against him. Jones maintains that the CIA is bullying him because of his public criticism of its practices.
  • Family of accused Australian spy seeks support. The family of Australian-Jordanian citizen Eyad Abuarga, who has been charged with being a technical spy for Hamas, have called on the Australian government to do more to help him, with less than a month before he is due to face trial in Israel.

About intelNews
Expert news and commentary on intelligence, espionage, spies and spying, by Dr. Joseph Fitsanakis and Ian Allen.

2 Responses to News you may have missed #527

  1. losky says:

    From a cryptographic perspective Skype (the company) has always had the means to intercept calls, namely control over the signing key that signs the name and user key. So technically it’s possible for the owner of Skype to intercept the encrypted communications.

    Note that this attack may require an active man-in-the-middle attack modifying traffic between the communicating parties and it might therefore not be possible to execute it at will.

    If you own Skype, you could also be forced or be willing to distribute or create a modified version of Skype, e.g. one that sends off the user’s traffic to a third party.

    If governments or well-funded adversaries are in your threat model, it would be utterly naïve to excpect any form of privacy or security from an obscure and closed system like Skype. The Skype protocol can be considered somewhat secure, as long as you trust the owner (for which there is no reason at all).

    (By the way, this text box is really tiny…)

  2. intelNews says:

    You are correct in pointing this out. The privacy of Skype VOIP depends on the trustworthiness of the owner company, which cannot be ensured, especially in the post-STELLAR WIND environment. One valid question, however, is this: if Skype is in fact cooperating with government-authorized surveillance requests, then why is the US government –as well as third-party entities like Microsoft– going through the trouble of devising independent interception platforms? [JF]

We welcome informed comments and corrections. Comments attacking or deriding the author(s), instead of addressing the content of articles, will NOT be approved for publication.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: