Skype calls purportedly being tapped, Skype-based malware spreads

By on January 24, 2013, 5:00 PM

In terms of security, privacy and trust, it looks like 2013 is shaping up to be a tough year for Skype. The latest ding against the Microsoft-owned company comes from Reporters Without Borders' online censorship project leader Grégoire Pouget, who told The Verge, "Many journalists or activists have reported to us that their Skype communications have been intercepted." Similar claims and other questions have also prompted this open letter to Skype, backed by numerous organizations like the EFF and RWB.

Since Microsoft acquired Skype in 2011, some have questioned the company's privacy practices. The open lettered issued to Skype is requesting that the IP-based communications company re-affirm and better explain its commitment to privacy, particularly when it comes to chat logs, eavesdropping and local data retention. 

Once an Estonian-based company before it was courted by eBay and changed hands to Microsoft, Skype is now thought to be subject to U.S-based telecommunications laws. Regulations like the Communications Assistance for Law Enforcement Act (CALEA) impose certain requirements which essentially guarantee that Skype is capable of eavesdropping -- something the company explicitly denied was possible before its Microsoft acquisition in 2008.

The letter also asks that Skype periodically publish a "transparency report" -- a common way of sharing who's requesting what data and how often a company complies, along with other usage details and statistics. It points to the fact that Google, Twitter and others regularly release transparency reports for its users.

Just a week ago, it was discovered that a trojan-banker malware named "Shylock" has been updated to infect users through Skype by exploiting a security flaw in the software. This is not the first malware to propagate itself through the popular Vo-IP platform nor is this Skype's first security snafu.

"Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly." one researcher said. 

The malware essentially gives attackers full access to a PC, allowing them to upload and execute files, set up remote viewing programs like VNC and inject custom HTML into websites.




User Comments: 3

Got something to say? Post a comment
ReederOnTheRun ReederOnTheRun said:

Anybody know of good alternatives to Skype?

ReederOnTheRun ReederOnTheRun said:

As far as video chatting is concerned ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

decourl decourl said:

Skype is not some disruptive little P2P rogue anymore, it?s integrated to the Microsoft platform. Folks on some watchlist should not need any ?transparency report? to know that today?s Skype isn?t for them. Compliance with government data demands is how the whole world works today, not just major internet services. Skype is no exception. How much more can it be spelled out?

Instead of being willfully ignorant, EFF types should turn their focus to developing and evangelizing some useful A/V chat platform where the provider (if there is one) has zero data visibility, and then don?t sell it out.

Google started this thing with publishing disclosure stats and a few left-coast companies have jumped aboard, but it?s no major trend and certainly not anything you can just demand.

I get tired of people saying it?s impossible to have online privacy. The Internet is just a communications network and how you use it is up to you. If you spend all day posting to social networks and using cloud services from major corporations, keep in mind that the postcard analogy applies. Please do not bother sending a bunch of letters after the fact demanding to know who possibly has access to which data and under what circumstances.

Not every single thing on the Internet must be done via Google Chrome pointing at some Facebook, Google or Microsoft server. There are such things as protocols besides HTTP. Particularly if you are some sort of dissident or paranoid with need of secure communications, please check out a P2P protocol for encrypted chat, it?s not like there aren?t several decent options. Just be sure whatever you do involves full-on end-to-end encryption. Run your own server. Setup a VPN. Tunnel over SSH. Take your pick. Just do something besides relying on Skype for privacy, please.

People complain about a lack of easy to use alternatives to Skype, but how did the Internet become so dumbed down? Unless some functionality is packaged and delivered as a corporate-owned web application, it seems out of the question. When you rely on corporate web sites to provide all of your services and store all of your data, it?s outside of your control.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.