Skype is secure; Skype is secure; Skype is secure...

I was astonished to read more reports that the German police are still casting around for utilities, as well as coding their own software, to eavesdrop on Skype calls. With a warrant, of course.

The bad news, it seems, is that the BKA is going at the problem like a bull in a china shop and has developed snooping software that monitors all the IP activity - and not just the Skype traffic - on the user's machine.

According to Heise Online (http://www.heise.de), which has a leaked memo from the Bavarian Ministry of Justice, the software centres around a Trojan that carries out this nefarious task.

The curious thing is that no-one is actually saying how the BKA is managing to remotely load the Trojans onto suspect's computers, although it's safe to assume it has developed this technology.

The BKA's problem is that Skype uses a 256-bit AES key to encrypt its calls, with the symmetric keys negotiated via RSA keys (1,536 to 2,048-bit).

So what's wrong with getting a warrant and forcing Skype to tap the calls for the BKA? Major problem dude, as Skype has ingress and egress ports on to national PSTNs around the world, but maintains high levels of secrecy where they are, or which telcos it is partnering with.

So the BKA has developed a portfolio of Skype tapping software which it calls DigiTask, and which it seems to be offering for use by other German agencies, at 3,500 euros a month per PC, with a three month minimum charge.

Oh, and don't forget the 2,500 euro installation charge. Nice work if you can get it. More on the BKA Trojans here...

Topics