October 25th, 2014

Tracing “anonymous” skype users

I thought this post from Bruce Schneier was pretty interesting:

Kobi Alexander fled the United States ten days ago. He was tracked down in Sri Lanka via a Skype call:

According to the report, Alexander was located after making a one-minute call via the online telephone Skype service. The call, made from the Sri Lankan capital Colombo, alerted intelligence agencies to his presence in the country.

Ars Technica explains:

The fugitive former CEO may have been convinced that using Skype made him safe from tracking, but he — and everyone else that believes VoIP is inherently more secure than a landline — was wrong. Tracking anonymous peer-to-peer VoIP traffic over the Internet is possible (PDF). In fact, it can be done even if the parties have taken some steps to disguise the traffic.

Let this be a warning to all of you who thought Skype was anonymous.

Update: So I read most of the the PDF described in the previous quote, and while interesting, it still doesn’t explain how they could track him down in another country without being able to control or at least monitor the traffic from that end-point. The paper does describe a way to verify that two parties are talking, but it requires that you can modify the traffic at one end, and monitor the traffic at the other. They inject a timing “watermark” into the traffic, so that you can see that it’s the same connection by the patterns of packet timing on the recieving end even if the traffic is sent through an anonymizing blackbox network like tor.

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS