Skype Eavesdropping

Data that travels over the air and how to protect (or decipher) it

Skype Eavesdropping

Post by Muskelmann098 on Sat Dec 05, 2009 4:18 pm
([msg=31051]see Skype Eavesdropping[/msg])

*Before we begin: This is no "plz hax mi buddys skype for mee" thread ;) *

Hello folks,

I was thinking about the subject, and stared doing some research about it. At first I thought it wouldn't be too hard, figuring someone would have done it by now anyway, but as I started searching around, every other thread is about "Billion dollar rewards" for anyone who can do it. Apparently, Skype uses a 256 bit encryption key (no, I'm not an encryption specialist and wouldn't know exactly what that means) which supposedly is extremely hard to figure out. Something in me tells me that Skype cannot possibly have existed without people finding away to "wiretap" it.

Now the other half of the links I see talks about a Skype Trojan, but my common sense tells me that downloading a Trojan that promises to do what people are offering billions for just seems like one of those really bad ideas...

My question to you guys then is: What do you know about Skype? How does it work? Where is it encrypted, and in theory, how would you attack it? I hope that's not going too far, and if it is, please tell me. The ultimate question would of course be: Have anyone here done it successfully? But then again, they probably wouldn't say :D

Thanks :)
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by Goatboy on Sat Dec 05, 2009 4:25 pm
([msg=31052]see Re: Skype Eavesdropping[/msg])

As long as you are only asking questions about the program itself, you are entirely safe. People get in trouble when they ask specifics on how to break/crack the program.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by TheNightFox on Thu Jan 21, 2010 9:42 pm
([msg=33718]see Re: Skype Eavesdropping[/msg])

It's interesting. I personally don't use Skype, but that's just because I have no reason to use it. I reckon the government or some other agency does tap it, most likely with the use of tags, like they do everything else. Since it's impossible to monitor every conversation, they set certain tags that flag the conversation. For example, if you were to use words like...I dunno, assassinate Obama, that conversation would be flagged and odds are someone would have to check it to make sure you weren't really talking about assassinating Obama. I'm can't be sure this is how they do it, but it makes sense, and would work better then monitoring every conversation. It would be harder with Skype, as most of it is voice, but I guess they would have some damn good speech to text software. Or, maybe they just monitor people they're already suspicious of, just as they would with a wire tap.
As for the 256 bit encryption, 256 is powerful, but I don't even think that's being used yet. 128 is the best you get on most bank websites, and other websites that hold sensitive information. I've heard of 256, but I thought it was still in development.
It's interesting, they can and probably do monitor every line of communication.
Sorry, can't help with how you would go about hacking it, however this sort of thing does interest me and I'll keep an eye on this thread.
He alone, who owns the youth, gains the future.
TheNightFox
New User
New User
 
Posts: 33
Joined: Thu Jan 21, 2010 12:22 pm
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by tgoe on Thu Jan 21, 2010 10:24 pm
([msg=33720]see Re: Skype Eavesdropping[/msg])

I don't know anything about skype but maybe it works like this:
encrypted stream -> skype -> audio driver -> speakers

Install a trojan that modified the audio drivers to log and/or transmit the audio data and you're good to go :)
User avatar
tgoe
Contributor
Contributor
 
Posts: 668
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by sanddbox on Fri Jan 22, 2010 12:41 am
([msg=33723]see Re: Skype Eavesdropping[/msg])

Of course, if an attacker was specifically targeting someone he didn't have physical access to it'd be a good deal harder to install a trojan. I've definitely not a fan of viruses - they rely too much on a victim not using their head.

To successfully recover a conversation, you'd need to first intercept the encrypted stream (should be easy for the attacker if he/she is on the same network as the victim) and then crack the encryption. Cracking the encryption would involve a large amount of bruteforcing-- so much that you'd need some massive processing power.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by tgoe on Fri Jan 22, 2010 1:25 am
([msg=33726]see Re: Skype Eavesdropping[/msg])

>>> trojan != virus
True

Cracking modern crypto is much harder than getting a trojan to work.
User avatar
tgoe
Contributor
Contributor
 
Posts: 668
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by sanddbox on Fri Jan 22, 2010 1:34 am
([msg=33727]see Re: Skype Eavesdropping[/msg])

Agreed. Both of the methods have a lot of drawbacks and limitations.



tgoe wrote:trojan != virus


I'm by no means an expert on viruses/trojans - what exactly is the difference?
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by tgoe on Fri Jan 22, 2010 1:49 am
([msg=33728]see Re: Skype Eavesdropping[/msg])

A trojan doesn't spread autonomously and is generally tailored to a specific target. Viruses are pretty much 'spray and pray' :)
User avatar
tgoe
Contributor
Contributor
 
Posts: 668
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by TheNightFox on Fri Jan 22, 2010 2:15 am
([msg=33730]see Re: Skype Eavesdropping[/msg])

Yeah, but think about it: why? Why would someone want to hack Skype? Petty hackers who just want to stalk people, is that what we're thinking, or a large scale surveillance operation?
Also, another thing of mention is Chinese Skype. If people in China try to go to the Skype website they are redirected to a similar one which does pretty much the same thing, but it allows the government to monitor every conversation.
He alone, who owns the youth, gains the future.
TheNightFox
New User
New User
 
Posts: 33
Joined: Thu Jan 21, 2010 12:22 pm
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by insomaniacal on Fri Jan 22, 2010 6:18 am
([msg=33736]see Re: Skype Eavesdropping[/msg])

Why would people hack skype? Just cause it'd be fun to see what others are saying. Of course, there's malicious purposes possible, but hey.

If the stream is in fact encrypted with 256 bit encryption, you can probably forget about hearing it, unless you allow it to reach the other end, get decrypted, and then try the audio driver approach. The problem there is that you'd ultimately get bunch of other sounds, music, games, movies as well, but it'd work , at least in theory.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests