Category Archives: Privacy

Skype Trojan Records Your Calls

Apparently there’s a new piece of malware floating around that targets audio processors like Skype:

The Trojan has the ability to record audio from the computer — including any Skype calls in progress — and store the files locally in an encrypted MP3 file, where they can later be transmitted to the attacker.

The Trojan, which Symantec calls Trojan.Peskyspy, can be downloaded to a computer by tricking the user with an email scam or other social engineering tactic, Symantec says. Once a machine has been compromised, the threat can exploit an application that handles audio processing within a computer and save the call data as an MP3 file.

European legislation will force usage of encrypted VoIP

Last year Sweden effectuated a law giving the Powers That Be the right to listen in on all Internet traffic passing the border of the country. Sweden was just the first country to put such legislation into play. When I was visiting the CeBIT fair in Hannover earlier this year, I learned the Germany also are putting such legislation in place and that other EU countries will follow suit.

The really grave issue here is that the Powers That Be can monitor and intercept such traffic without needing a court order. Yes – you read this correctly. It is no joke.

So what does this have to do with your legal VoIP traffic?

The huge problem with this scenario is that you will have low-level clerks listen in on your business conversation. In theory, the VoIP packets passing through the wire will never get into the hands of a 3rd party modulo the person monitoring your conversation. In certain parts of the business world the climate is so harsh that corporate espionage is more the rule than the exception. The easiest way to get to information is to pay someone to leak that information to you. So what you really need is access to the right one of those low-level clerks and just pay enough money to get hold of your information.

Do not get me wrong – I am not saying that every people on the planet is corrupt, but it would be sticking your head in the sand if you do not believe that corruption does exist. Even in, what appears to be, more open European countries corruption exist. It would thus be very strange if a low paid clerk would not give away information to the wrong people.

Also, if a clerk is approached by a company from their own country and is asked to “help out with the foreign competitors” – this may be deemed morally acceptable. After all – who does not want to help their own kind. In fact, this is really nothing new and it is not uncommon that this is even done pro bono. From time to time we read about Powers That Be handing over secret information to domestic companies regarding their foreign competitors.

Especially in a country like Germany people are not happy. People from the former East Germany still have the workings of the Stasi fresh in their mind. Most Germans seems to be very weary to issues regarding monitoring and signal interception.

The current legislation’s in the various countries regarding signal interception is still too new to have had any negative impact on law abiding citizens. However, it is only a matter of time before we are going to read in the press about company secrets being spilled by persons close to, or working in, the Powers That Be. When this happens the press will have a field day.

The net result is that when this happens, many more people will actively begin to seek encryption capabilities for their business communication. First out will be email. Second out will be VoIP traffic. Telephony is still a very important business tool

A very interesting observation so far is that European VoIP equipment manufacturers are putting readily available encryption schemes into their offerings – this to a bigger extent than their American counterparts. This may have to do with what the market wants. A recent BBC Digital Plantet podcast outlined the same view: It seems that in Europe we are much more concerned about privacy than elsewhere.

Currently there are a slew of providers offering encrypted telephony solution and there are even a few that do encrypted VoIP. If the offering is done right these companies will become the heroes of 2010.

After reading this article you should really ask both your equipment vendor and your service provider if they are planning to offer encrypted VoIP. My guess is that they will probably look at you with blank eyes and not understand what you are asking.

Judge Rejects Feds’ Attempts to Eavesdrop On DTMF Without a Warrant

Score one for sanity.  Apparently the FBI believed that while eavesdropping on the audio of a conversation required a warrant, capturing any DTMF transmissions sent during the call did not.  From the CNet report:

Just about everyone knows that the FBI must obtain a formal wiretap order from a judge to listen in on your phone calls legally. But the U.S. Department of Justice believes that police don’t need one if they want to eavesdrop on what touch tones you press during the call.

Those touch tones can be innocuous (“press 0 for an operator”). Or they can include personal information including bank account numbers, passwords, prescription identification numbers, Social Security numbers, credit card numbers, and so on–all of which most of us would reasonably view as private and confidential.

That brings us to New York state, where federal prosecutors have been arguing that no wiretap order is necessary. They insist that touch tones cannot be “content,” a term of art that triggers legal protections under the Fourth Amendment.