German Bavarian gov't caught buying malware to intercept Skype calls

Documents on Wikileaks show that the German Bavarian government had planned to release trojans -- malware -- designed to allow them to intercept Skype calls. The leaked documents include wrangling over the pricing and payment for the malicious software. The docs were leaked by the German Pirate Party.


The offer dating September 4th 2007, replies an inquiry by Bavarian officials on the possibility of Skype interception, introduces a basic description of the cryptographic workings of Skype, and concludes that new systems are needed to spy on Skype calls.

It continues to introduce the so-called Skype Capture Unit. In a nutshell: a malware installed on purpose on a target machine, intercepting Skype Voice and Chat. Another feature introduced is a recording proxy, that is not part of the offer, yet would allow for anonymous proxying of recorded information to a target recording station. Access to the recording station is possible via a multimedia streaming client, supposedly offering real-time interception.

Another part of the offer is an interception method for SSL based communication, working on the same principle of establishing a man-in-the-middle attack on the key material on the client machine. According to the offer this method is working for Internet Explorer and Firefox webbrowsers. Digitask also recommends using over-seas proxy servers to cover the tracks of all activities going on.

Link

(via /.)