Skype Encryption Stumps German Police 289
TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""
Plenty of attacks left, thank you very much (Score:4, Informative)
According to this article [wired.com], our good friends at the NSA "may" have put backdoors in some of the technologies that could be used by Skype.
And, then, according to this other article [theage.com.au], it does not matter what technologies you use, if your CPU is wide open to analysis and crypto attacks.
And, of course, there is the question of using a 'secure' communication system on a completely insecure operating system, such as Windows. Why do you think they talk of intercepting the communication before it becomes encrypted? Probably because the vast majority of suspects use Windows. Using Linux, or MacOS, would not be much of an improvement either.
Conclusion? Well, the Bundespolizei (that's German police to you) may not have the means to decipher your skype communications right now. But it's getting there, thank yo uvery much. And there are agencies out there who certainly can, and will.
And what happened to free german crypto? I thought Germany had the only sane policy about crypto in the industrial world?
Re:Skype unbreakable? (Score:5, Informative)
In the case of the "Federal Trojan", it was decided in 02/07 that such measures are illegal to conduct, and decisions made by the Bundesverfassungsgericht are equivalent to laws. So what they're doing now, they're keeping the discussion (and the fear-mongering) alive and continue to develop the trojan despite it being illegal, in an effort to undermine that decision. Most notorious for this behaviour is, of all people, our Minister of Interior, Wolfgang Schäuble. He repeatedly clamored and still clamors for this and other measures which are explicitely forbidden by the Grundgesetz and the Bundesverfassungsgericht, for example shooting down abducted planes. He's one of the single largest threats to what he has to protect by job description, namely the Grundgesetz.
Lost in Translation (Score:3, Informative)
Now, while the VS certainly doesn't have the means of the NSA, it is indeed a rather sophisticated service, and I am entirely convinced it is not beyond their means to employ really good security experts.
Re:Skype unbreakable? (Score:4, Informative)
Re:Skype unbreakable? (Score:5, Informative)
- There is a severe sickness, which only one of 100,000 people gets.
- There is a test for this sickness, which is 99,9% accurate, that means, that the result of only 1 in 1000 persons is wrong. (In reality you have two numbers, one giving how high the rate is to give a false positive, and another one for the false negatives, but for the sake of the calculation we consider them equal).
How high is the chance, after you got tested positive, that you in fact have the severe sickness?
In 99 out of 100 this was a false positive.
The same goes for the search of terrorists.
Terrorists are very seldom, lets say that only 1 in 100,000 persons in Germany is a terrorist (this still gives 800 terrorists living in Germany, far too much compared with the number of terroristic acts committed!). Lets say that the police has means to be 99,9% accurate to tell beforehand if a suspect is a terrorist or not, before asking for secret computer searches.
It still means that in 99 out of 100 cases a complete innocent person's computer will be searched.
Re:Skype unbreakable? (Score:3, Informative)
a) - Communist (they may be still be)
b) - Neighbours of South Africa and supporting the ANC against the Apartheid S African government.
c) - Opposed by S African-sponsored rebel organisations (S Africa was trying to destabilise the opposition).
Both rebel organisations fit pretty much any definition of 'Terrorist' you can come up with. The US under Reagan helped finance both sets of terrorists in the name of opposing Communism.
The Contras in Nicaragua were almost as bad and they were pretty much a creation of the US.
The Taliban were also US sponsored (via Pakistan) for a while, at this point the line between terrorist and freedom fighter becomes blurred. That particular turkey has come home to roost.
Now going back to the actual article here:
Experts say Skype and other Voice over internet Protocol (VoIP) calling software are difficult to intercept because they work by breaking up voice data into small packets and switching them along thousands of router paths instead of a constant circuit between two parties, as with a traditional call.
If I was in Joerg Ziercke's position, I would probably announce that Skype's encryption was too strong once it had been cracked - to get the people you want to watch using Skype. Are the packets really sent along 'thousands of router paths'? Obviously the potential is there but I normally expect most of the packets to take the same route.
A few years ago it was announced that digital mobile phones could not be overheard, I wonder if that still applies.
Re:Lost in Translation (Score:3, Informative)
Now, while the VS certainly doesn't have the means of the NSA, it is indeed a rather sophisticated service, and I am entirely convinced it is not beyond their means to employ really good security experts.
Re:Skype unbreakable? (Score:3, Informative)
If you randomly test 100000 people, only one of them will have the sickness. 99999 are healthy. Of those 99 will be tested positive because one out of 1000 will falsely be tested positive.
Re:Great (Score:3, Informative)
I can't see how it would be that difficult to monitor traffic through an ISP's gateway.
There is no way to monitor Skype traffic at the ISP.
You can read an independent security review here: http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf [skype.com]
Last Year 'German Officials' pwned Skype? (Score:3, Informative)
So last year we heard that mysterious 'German Officials' were
So, who pwns who?