Russian security services have the ability to monitor Skype communications, IT security experts said Thursday.
Ilya Sachkov, general director of the Group-IB computer security firm, said Russian security services have been able not only to eavesdrop on communications over Skype, but also to determine users’ locations “for a couple of years now,” Vedomosti reported.
“That’s why our company’s employees are prohibited from discussing work-related issues via Skype,” Sachkov said.
According to Peak Systems head Maxim Amm, when Microsoft bought Skype in May 2011, it fitted it out with a special technology for legal eavesdropping of online communications. The technology involved switching users to a special mode in which their messages are encrypted on a server where security agencies can decipher and read messages and voice conversations.
In the original Skype settings, messages were encrypted and thus impossible for third parties to read.
Another industry expert said that Microsoft provides monitoring capabilities for all secret services worldwide, not only Russian ones, Vedomosti reported.
Mikhail Pryanishnikov, the head of Microsoft’s Russian branch, said earlier that the company could legally give the Federal Security Service access to Skype’s source code.
Neither the Interior Ministry nor the Federal Security Service have commented on the news, but a source in the police said that “monitoring Skype cannot be considered an insurmountable task for Russian law enforcement agencies.”
Two experts on information security told Vedomosti that Russian security services do not always need a court decision to get access to private communications on Skype, and that in some cases they can eavesdrop “simply by request.”
RUSSIAN spy Anna Chapman was outfitted with a $US2300 Chanel bag featuring a hidden, high-powered wi-fi device so she could secretly communicate with her Moscow-led overseers.
The bag, still in FBI custody, is expected to join a bevy of other Chapman goodies going on display as part of an exhibition about spies and their gadgets – including Chapman’s – opening in New York.
“If she had been here another six months, Anna Chapman could have become the most dangerous spy in American history,” said spy-book author and former CIA operative H. Keith Melton, who is curating the exhibition.
“She could access anyone,” he said.
Melton believes Chapman was well on her way to severely compromising US business interests until she foolishly handed off her Toshiba laptop – chock full of sensitive information – to an FBI informant posing as a Russian agent.
The laptop’s hand-off came during a meeting at a Manhattan Starbucks the day before she was taken into custody in June 2010, when she complained the computer did not work properly and the “Russian” agent – who told her his name was “Roman” – offered to have it fixed at the Russian consulate.
Melton owns or gained access to most of the hundreds of pieces of spy paraphernalia on display in the exhibit – including one titled “Anna Chapman’s Laptop.”
He described the Russian as so friendly, personable and beautiful that her mission of gaining access to wealthy or influential American businessmen was a snap.
After gaining their trust, the modern-day Mata Hari would hand off information about the men to her handlers, who would then decide if their businesses were worth targeting for espionage to help boost Russia’s efforts to become a global economic powerhouse.
Canadian officials are attending the trial of a Canadian engineer accused of corporate espionage in Indonesia, though the government remains tight-lipped about the extent of its involvement.
In May, Rick van Lee, 63, was accused by his employers â€” a branch of Asia Pacific Resources International Limited (APRIL Group), one of the largest pulp and paper producers in Southeast Asia â€” of what they say was illegal copying of sensitive company information.
According to Timothy Inkiriwang, van Lee’s lawyer, the accused and his wife had their car confiscated and on May 31 were placed under house arrest for six weeks, guarded by APRIL’s private security staff in the company’s residential compound in Kerinci, Sumatra.
Inkiriwang believes his client was detained because he didn’t want to sign a new contract, preferring to take a job that would move van Lee back to Vancouver.
APRIL denies preventing the couple from leaving the compound, and say van Lee was collaborating illegally with a competitor.
According to his lawyer, van Lee was transferred July 5 into the custody of Indonesian authorities and charged based on an Indonesian criminal law that prohibits stealing or altering electronic documents belonging to others.
Inkiriwang told the Sun earlier this month that Canadian consular officials were not attending van Lee’s hearings. Since then, a pair of Canadian officials appeared in court on Nov. 14, Inkiriwang said Tuesday.
A spokesman for the Department of Foreign Affairs and International Trade wouldn’t comment on the matter, but noted Canadian officials in Indonesia are aware of the situation.
“The way we see it, Rick is not getting a fair trial,” Inkiriwang said. “(The injustice) shows by the lack of evidence and the awful handling of the case by the police investigators.” The judges, he said, act as if they are public prosecutors and take part in questioning witnesses directly, including van Lee. “We feel as if we’re opposing the judges, and not the public prosecutor, which we find very unusual and strange.”
The lawyer said police never performed digital forensics on van Lee’s computer, and the defence team fears evidence contained on van Lee’s laptop and external storage devices has not been handled properly by investigators.
“The laptop and USB (drive) . . . wasn’t confiscated from Rick, but from the company,” he said. “The right procedure . . . is that the evidence should be confiscated from the person that owns it,” he said.
APRIL spokeswoman Jamie Menon said they found evidence of several months’ worth of collaboration with a direct competitor by van Lee. That discovery triggered an internal company investigation, which led APRIL to involve the police.
At no point were van Lee and his wife prevented from leaving the compound or meeting with his lawyers, she said.
But, said Inkiriwang, “Rick was not allowed to leave the company’s compound, even during the time when we (his legal team) . . . came to visit him. They (APRIL’s security) escorted us to the hotel inside the complex, and brought Rick and his wife there to meet us. We couldn’t even meet outside of the complex until it (was) time to be interviewed by the police.”
Van Lee, who has suffered a minor stroke and lost 45 pounds while in custody, is slated to appear in court again Thursday, with a verdict expected sometime before Dec. 11.
If convicted, he could face up to eight years in Indonesian prison.
GATINEAU, Que. ” Corporate espionage ” ranging from Dumpster diving for industrial secrets to plying vulnerable employees of competitors with booze, drugs and sex in exchange for information â€” is a common tactic in Canada for companies to get ahead, says a former CSIS spy and private investigator.
Tuesday, at the Canadian Industrial Security Conference, Ron Myles said that Canadian companies often perceive corporate spying and infiltration as something out of Hollywood and insists the amount of cases that are exposed is but a mere fraction of the problem in this country.
“As Canadians, we undervalue our abilities in research and development, we’re a little bit naive in the sense that the rest of the world is doing this (but not in Canada),” Myles said in an interview after presenting to a packed room on the opening day of the two-day conference. “We carry that attitude into our business and I think it costs Canadian businesses quite a bit.
“I don’t think even the tip of the iceberg is showing. (Corporate espionage) is more prevalent in small- and medium- sized companies because they’re often just starting up and don’t have massive (security) budgets.”
Myles, who was a CSIS officer for 13 years before working another 13 years as a private investigator, said a number of methods are used by competing interests in terms of stealing ideas and other intellectual property â€” noting the technology sector is targeted most.
In addition to rummaging through another company’s trash with the hope of acquiring secrets, he said other, more involved techniques are employed.
Long-term infiltration, by which a person that is compensated by a competing company, lands a job with the target group and feeds information back as trust is gained.
It only took a scolding letter from a Senator, a class action lawsuit and a few thousand news stories, but smartphone software makers Carrier IQ finally responded to allegations of logging keystrokes and spying on users on Thursday night. The company’s denying the most serious user-tracking allegations, a number of questions about exactly what the software does and how users can turn if off remain. Among them, how long has this been going on and what the heck was Carrier IQ (and its clients) thinking in the first place?
Related: Yes, Even iPhones Can Spy on You, Too
In case you haven’t kept up with the controversy, Carrier IQ’s software is deeply embedded in the software of about 150 million smartphones around the world, including Android, iPhone, BlackBerry and other devices. It logs a large amount of data, the company says in an updated press release, “to monitor and analyze the performance of [mobile operators'] services and mobile devices to ensure the system (network and handsets) works to optimal efficiency.” Carrier IQ describes itself as “the consumer advocate to the mobile operator, explaining what works and what does not work.” But over the past couple of months, escalating concerns from data security experts and hackers alike have questioned whether or not Carrier IQ is actually overdoing it, collecting so much data that it may be violating federal wiretapping laws. On Wednesday, Senator Al Franken raised this concern in a (very detailed) letter he sent to Carrier IQ’s CEO on Wednesday, commenting how recent revelations about Carrier IQ’s tracking practices were “deeply troubling.” On Thursday, a group of angry consumers sued Carrier IQ as well as device manufacturers HTC and Samsung for violating the Federal Wiretap Act, demanding hundreds of millions of dollars in damages — $100 per violation per day. Meanwhile, a collective protest against the company’s tracking practices is gaining steam. Not even Carrier IQ headquarters’ listing on Google Places is safe from scorn. (“Did I agree to be wiretapped? Hmmmm… let me think… HELL NO!” reads one review.)
Related: Your Smartphone Is Spying on You
As the mounting class action lawsuit would suggest, Carrier IQ’s clients — both device manufacturers and mobile carriers — are distancing themselves from the backlash. Apple said in a statement that it “stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update.” Both Samsung and HTC passed the buck, claiming that mobile carriers like ATT, Sprint and Verizon should shoulder the blame for installing the software. “Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier,” HTC said in a statement. Verizon denied using the software. ATT admitted to using it “to improve wireless network and service performance,” and Sprint similarly said it only collected “enough information to understand the customer experience with devices on our network.” The Huffington Post made a slideshow of all the various denials.
Related: Your Social Media Will Be Monitored
Like many of the great digital privacy scandals of our age, this all started with social media. Security researcher and Android developer Trevor Eckhart scared the hell out of everyone earlier this week when he posted a 17-minute-long YouTube video detailing how much data Carrier IQ actually collected, showing how it logged every keystroke, tracked your encrypted Google searches and even recorded the contents of your text messages. The company flat-out denies that last bit and “vigorously disagrees” with allegations that its software violates federal wiretapping laws. From its latest press release:
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
As paidContent’s Ingrid Lunden and Tom Krazit point out, this response leaves a lot of unanswered questions. “Is that the full list, or is there more?” they wonder. How long does the company store the data? What about the encrypted search data? When does Carrier IQ send information to carriers? And why, oh why, can’t the user simply opt-out of the service? As Eckhart made clear in his video and blog post, it takes an advanced mobile developer to find the Carrier IQ software deeply embedded in the phone’s firmware.
Related: A Smartphone Map of Our Nation
Which brings us to the big question: how do you get rid of it? Android users are in luck. A quick fix is the brand-spanking new, unapologetically named “Voodoo Carrier IQ detector,” but since it can’t remove the software, it’s not exactly a fix. For that we turn back to Eckhart, who Eckhart wrote a Logging Test app (currently in its seventh revision) that you can download and run to find out exactly what’s going on with your phone. Run the “CIQ Checks” once installed to see if you have Carrier IQ installed. If it is, you can pay $1 to upgrade to the Pro version of Eckhart’s software which will remove Carrier IQ from your phone. Folks with Apple, BlackBerry and other devices are less lucky as we haven’t identified an equivalent app-based solution, but TechCrunch has some good tips on what to do.
Related: Android’s Browser Leaves the iPhone’s in the Dust
Jayde Consulting's team are experienced practitioners of technical surveillance countermeasure (TSCM) sweeps, vulnerability assessments and counter-espionage consulting. We work within Australia and regularly internationally. We also maintain close associates in Europe and the USA.
Please telephone us on our Sydney number for a confidential discussion:
Posts By Month
Keep it Confidential
Jayde Consulting are the preeminent providers of services to protect against information theft both physically and electronically. We are the preferred choice for a significant number of global corporations. Discretion is assured.
Don't risk your most sensitive corporate information to fly-by-nighters or inexperienced operators.