Documents posted today on WikiLeaks suggest that German police in Bavaria may have used a trojan for intercepting Skype calls as part of their surveillance of suspects. One document is an offer from DigiTask, a German company, to rent Skype surveillance technology at EUR 3,500 per month per instance. The other document is a letter between the Ministry of Justice and the Prosecutors office about distributing this cost.<\/p>\n
As explained in the DigiTask offer, Skype uses 256-bit AES encryption for its communications, and the data captured with traditional dial-up or DSL surveillance methods cannot be decrypted. Instead, DigiTask offers a “Skype-Capture-Unit” to be installed directly on the suspects computer. The trojan, they claim, would then forward the pre-encrypted Skype data to an anonymous proxy server which in turn can forward the data live to police.<\/p>\n
DigiTask also offers software for decoding SSL data with a Man-in-the-Middle attack, allowing SSL-encrypted data in an intercepted broadband connection to be decrypted and visualized by the police. According to the offer, dated September 4th 2007, they support SSL interception in both Firefox and Internet Explorer. Naturally, DigiTasks warns that it does not take responsiblity for the usage of the software or any damages caused by it.<\/p>\n
Although these documents do not give evidence that the Bavarian police actually employed trojans and MITM attacks for surveillance, if valid, the leaks do shed insight on the scale of surveillance operations. The Bavarian police, for their part, did not seem to have qualms about such an intrusion and the very existence of DigiTask, a seemingly well-established company profiting from the secret sales of surveillance software, introduces (for me at least) a new adversary in the privacy arena. For those interested in the privacy of computerized data, the scales have just been jarred.<\/p>\n","protected":false},"excerpt":{"rendered":"
Documents posted today on WikiLeaks suggest that German police in Bavaria may have used a trojan for intercepting Skype calls as part of their surveillance of suspects. One document is an offer from DigiTask, a German company, to rent Skype … Continue reading