Sunday, October 05, 2008

More Details on Skype Surveillance in China

As a followup to an earlier report, The New York Times published an article with further details of the surveillance of Skype communications in China. Interesting details include how the interceptions were detected:

"The researchers stumbled upon the surveillance system when Nart Villeneuve, a senior research fellow at Citizen Lab, began using an analysis tool to monitor data that was generated by the Tom-Skype software, which is meant to permit voice and text conversations from a personal computer. By observing the data generated by the program, he determined that each time he typed a particular swear word into the text messaging program an encrypted message was sent to an unidentified Internet address.

"To his surprise, the coded messages were being stored on Tom Online computers. When he examined the machines over the Internet, he discovered that they had been misconfigured and that the computer directories were readable with a simple Web browser.

"One directory on each machine contained a series of files in which the messages, in encrypted form, were being deposited. Hunting further, Mr. Villeneuve soon found a file that contained the numerical key that permitted him to decode the encrypted log files.

"What he uncovered were hundreds of files, each containing thousands of records of messages that had been captured and then stored by the filtering software. The records revealed Internet addresses and user names as well as message content. Also stored on the computers were calling records for Skype voice conversations containing names and in some cases phone numbers of the calling parties."

The original report from Citizen Lab can be found at: BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform

Surveillance of Skype Messages Found in China

No comments: