30. August 2009 · Comments Off on Skype wiretapping trojan publicly released · Categories: Malware, Risk Management, Security Management

In the 'it was bound to happen" category, a trojan that can intercept Skype calls has been developed and released by its creator. What's interesting is that the trojan was developed by the Swiss government. 

Should it be surprising that wiretapping Skype conversations is possible? As Symantec points out, it's not a flaw in Skype itself. At the point that the outgoing part of a conversation is recorded, it must be in memory in "clear text" prior to encryption. If you can capture the bits before encryption you are in business. By the same token, received bit streams must be decrypted so you can hear it. This is the same issue music encryption faces.

Does anyone believe that Switzerland is the only government to develop Skype wiretapping software?

Finally, from a business risk perspective – Do you know who is using Skype in your organization?