German Police Skype Hack Leaked

By Dave Nixon

Leaked documents appear to indicate that company has been hired by German police to create Trojans capable of capturing traffic from Skype and SSL.

Appearing on the Wikileaks website in their German form, the two scanned documents are difficult to authenticate, but one appears to describe how a security company, Digitask, was asked to create a “Skype Capture Unit” based around Trojans planted on targeted PCs covertly transferring data to a remote server.

The company hired to carry out the hacking states “As requested by you, we hereby submit an offer for a surveillance method of the encrypted VoIP protocol Skype”

The other document, on how to divide up the costs of this system, relates to an apparent exchange between the Bavarian police, the Ministry of Justice and the Prosecution office. This originally appeared on German website Piratenpartei, but was removed, speculating that this could be due to legal threats, according to Wikileaks.

Implying that the system could have been operational for some time, the description of the Skype Capture Unit is dated September 4, 2007 with a ‘delivery timescale’ for a targeted system in weeks.

The specific capabilities of the system are hard to determine, but its designers appear sure of its competence to capture Skype’s voice, chat and video sessions, and possibly also hacking SSL. Since both are encrypted, it is expected that the data streams are first copied to remote servers first before being decrypted once the key used to scramble them has been recovered.

“Encryption of communication via Skype poses a problem for surveillance of telecommunications. All traffic generated by Skype can be captured when surveilling a Dial-in- or DSL link, but it cannot be decrypted. The encryption of Skype works via AES wih a 256-Bit key. The symmetric AES keys are negotiated via RSA keys . The public keys of the users are confirmed by the Skype-Login-Server when logging in. To surveil Skype communication it thus becomes necessary to realize other approaches than standard telecommunications surveillance,” the document explains.
How Digitask proposed planting Trojans on to targeted PCs without breaking German law is not detailed.

With each effectively compromised machine costing net Digitask 3,500 euros per month for at least three months and with SSL interception is said to cost 2,500 euros this is not an inexpensive hack for inquisitive policemen.

The interest German authorities have in hacking Skype has been known about for a while. In November 2007 – after the time period covered by leaked documents – a source in the German police suggested that they had been unsuccessful in cracking Skype’s encryption.

Unencrypted VoIP calls are a totally different matter. Also in November, VoIP authority Peter Cox produced a VoIP-hacking proof-of-concept program called SIPtap, which does precisely what the Skype Capture Unit claims to do, without the functionality to do this for encrypted Skype calls.