Along with keyloggers that track what you type, now we have to worry about malicious software that listens in on our voice over Internet Protocol conversations.
Gerry Egan
(Credit: Joris Evers/CNET)A Symantec security blog on Thursday disclosed a new Trojan horse, Tojan.Peskyspy "that records VoIP communications, specifically targeting Skype." The posting, based on analysis from Symantec's Karthik Selvaraj, pointed out that "its existence isn't due to any problems with Skype itself" but that Skype may have been targeted "simply because it has such a large install base."
Gerry Egan, Symantec's director of security response, says the Trojan is capable of "hooking...through some Windows APIs into some audio streams" that "can be intercepted, turned into MP3 files, and then sent over a remote channel to a remote electronic eavesdropper."
A PC can be infected through the usual channels for malware, including an executable file in an e-mail you click on and a "drive by download" that's automatically triggered when you visit an infected Web site. The most recent trend, Egan said, "is a shift toward socially engineered attacks like a fake video site."
The code has been published on the Web by a Swiss researcher, Egan said, adding that "we've not seen any indications of it being used maliciously, but the published code opens up endless possibilities in the mind of a hacker."
The code would affect Skype or any other VoIP software on a Windows PC that uses an audio stream, Egan said.
Unlike most malware, Symantec does not anticipate the code being used to launch widespread attacks.
"To do this en masse really isn't practical," Egan said. Even if a "piece of malware gets on the machine of someone who is using (VoIP), and they are talking about interesting things, finding those interesting things among the many hundreds of thousands of hours of phone calls would be like trying to find a needle in a haystack." He said it might be more valuable in a targeted attack against a specific individual.
Eavesdropping is a risk, when it comes to industrial espionage, prying spouses or significant others, and political campaigns, as well as political dissidents. U.S. law requires a court order before a phone or a computer can be legally tapped by government or law enforcement officials.
The best way to avoid being infected with this or any other malware is to use good up-to-date security software and to be sure that your operating system and browser are updated. It's also a good idea to avoid clicking on e-mail attachments and consider using security software that warns you when you're about to visit a potentially malicious Web site.
You can listen to my interview with Gerry Egan here:
Listen now: Download today's podcast
Skype's president said that the company was largely unaware of a major security breach affecting Skype users in China.
In a blog published Thursday, Josh Silverman, Skype's president, explained he did not realize that TOM-Skype, Skype's partner in China, was logging and storing users' instant messages that were deemed offensive by the Chinese government.
He said the company knew that instant-messaging chats were monitored by the government, as all communications in China are. And he explained that Skype disclosed this to users in 2006, explaining that a text filter was being used to block certain words in chat messages. But he added that his understanding was that messages deemed unsuitable were "simply discarded and not displayed or transmitted anywhere."
"It was our understanding that it was not TOM's protocol to upload and store chat messages with certain keywords," he writes in the blog. "And we are now inquiring with TOM to find out why the protocol changed."
Earlier this week, Canadian researchers at the Citizen Lab at the University of Toronto published a report in which they said that "TOM-Skype was censoring and logging text chats that contain specific, sensitive keywords and may be engaged in more targeted surveillance."
The report also said the service was logging and capturing millions of records that include personal information and contact details for any text chat and voice calls placed to TOM-Skype users, including calls from Skype users. In addition, TOM was storing this information in a way that was inadequate in protecting the privacy of TOM-Skype users, the report said.
Silverman said that once Skype became aware of the problem it contacted executives at TOM, and the security issue regarding stored personal information has been resolved. But he also noted the company's concern that TOM has been storing this information.
"We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach," he said. "In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM."
Silverman pointed out in his blog that TOM, like all other ISPs in China, is required by the Chinese government to monitor all communication. And he said it is "common knowledge that censorship does exist in China." Keywords that triggered action included words related to Taiwanese independence, the banned religious group Falun Gong, and political opposition to the Chinese Communist Party.
But he tried to reassure Skype users that Skype's computer-to-computer voice calls are completely secure.
"(The security breach) does not affect communications where all parties are using standard Skype software," he said. "Skype-to-Skype communications are, and always have been, completely secure and private."
TOM-Skype, eBay's joint venture in China, is recording customer text chats and censoring them if they contain certain keywords related to topics the government deems objectionable, according to a report released on Wednesday (PDF) by researchers in Canada.
"TOM-Skype is censoring and logging text chat messages that contain specific, sensitive keywords and may be engaged in more targeted surveillance," the report concludes. "What is clear is that TOM-Skype is engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding their policies in China."
The keywords that trigger action include words related to Taiwanese independence, the banned religious group Falun Gong, and political opposition to the Chinese Communist Party, says the report from the Citizen Lab at the University of Toronto.
The service also routinely logs and captures millions of records that include personal information and contact details for any text chat and voice calls placed to TOM-Skype users, including calls from Skype users, the researchers found.
Not only is the data collection suspect, but there are inadequate safeguards to protect the privacy of the TOM-Skype users, according to the report. The records and information needed to decrypt the log files are kept on servers that are accessible by the public.
"This is the worst nightmares of the conspiracy theorists around surveillance coming true," Ronald J. Deibert, an associate professor of political science at the University of Toronto, told The New York Times. "It's X-Files without the aliens."
Representatives from eBay did not immediately respond to e-mails seeking comment on the report.
- prev
- 1
- next
