A hacker claims to have cracked the Skype’sproprietary encryption protocols that protect the VoIP company’s intellectual property.
The Luxembourg IP telephony company has zealously guarded its protocol but a hacker going by the name of ‘Sean O’Neil’ claims that he’s broken through the protection.
Skype uses SSL which uses electronic certificates and 128 bit encryption (standard for credit card transactions online also) This level of encryption is NOT appropriate for even top secret level communications. How many times have credit card numbers been stolen online?
Gold Lock Enterprise uses 4 different encryption methods. One of which is 16,384 Bit Authentication. That is 2 multiplied by 2, 16,384 times over (not just 128 times). This method IS appropriate for top secret level communications. Enterprise uses 16,384 Bit Authentication Elliptic Curve 384 Bits (RSA 7680 Bits Equivalent) AES 256 Bits Diffie Hellman 4096 Bits
AES – http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Top Secret appropriate
RSA – http://en.wikipedia.org/wiki/RSA Top Secret appropriate
Diffie Hellman – http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange Top Secret appropriate
In addition to this technical “stuff” the facts remain that Skype provides a key to governments for lawful interception (which means all the security in the world in now a mute point) and Skypes 128 bit encryption has been broken, and hackers now easily intercept their calls.
As you can see Enterprise has significantly higher encryption capabilities than Skype. Skype encrypts just enough to satisfy their customers. Gold Lock takes pride in having the best and highest encryption software on the market. Gold Lock Enterprise is a military grade encryption software. No military uses Skype to relay orders or pass top secret information.
Earlier this week, Swiss programmer Ruben Unteregger who has been reportedly working for a Swiss company ERA IT Solutions responsible for coding government sponsored spyware, has released thesource code of a trojan horse that injects code into the Skype process in order to convert the incoming and outgoing voice data into an encrypted MP3 available at the disposal of the attacker.
“When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices. Note: Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level.
Note: The incoming and outgoing audio data are stored in separate .mp3 files. The Trojan also opens a back door on the compromised computer, allowing an attacker to perform the following actions:
- Send the .mp3 to a predetermined location
- Download an updated version
- Delete the Trojan from the compromised computer”
And while some of these governments are reportedly spending surreal amounts of tax payer’s money (Rental of the Skype-Capture-Unit per month and instance EUR 3.500) in order to achieve their objectives, others are taking the cost-effectiveness path by attacking the weakest link in the process – the end user infected with a targeted DIY government sponsored spyware recording all ongoing and incoming Skype calls, thereby bypassing the need to attack the encryption algorithm.
Off the cuff remarks by Austrian government officials suggest that Skype conversations might be intercepted.
Speaking at a recent meeting on lawful interception between ISPs and Austrian regulators, an unnamed “high-ranking” official at Austria’s interior ministry said that listening into a conversation over Skype presented no particular problems, Heise security reports.
The opinion contrasts with the view of Joerg Ziercke, president of Germany’s Federal Police Office (BKA). At a meeting last November Ziercke said that the inability to decipher the encryption used by Skype in order to intercept VoIP calls had become a problem in counter-terrorism investigations. Weeks after this, leaked documents outlining plans by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions, along with related costing and licensing proposals, surfaced through Wikileaks.