Russian FSB Can Reportedly Tap Skype Calls 136
An anonymous reader writes "Previous reports of a Microsoft provided backdoor to Skype has been unconfirmed. However, there are now reports that Russian federal security service FSB is able to tap call and locate users. 'FSB and the Internal Affairs Ministry (MVD) have been capable to wiretap and locate Skype users for some years already, reported Vedomosti on Thursday [Google translation of Russian original]. The newspaper is citing experts on information security. "Special services have been capable for several years not only to wiretap but also to locate a Skype user. That's why, for instance, employees of our company are forbidden to discuss business-related topics on Skype," General Director of Group-IB, Ilya Sachkov, says to Vedomosti. "After Microsoft acquired Skype in May 2011, it updated the software with technology allowing legitimate wiretapping," says Maksim Emm, Director of Peak Systems.'"
Re:Ah, the consequences of closed-source (Score:5, Interesting)
no one with a smart mind cracked it, microsoft just rolled over for the russian government
Re:Ah, the consequences of closed-source (Score:4, Interesting)
they're acting as if they were a phone company and russkies are probably asking them to comply as if they were one.. to provide taps.
and they're just locating the ip address of course. it's not like their tap is made of magic sauce.
+they would spread fud about it anyways.
the big problem with it if you're discussing sensitive things is plain and simply that it has centralized control.
SECOND OPTION: it's entirely possible the russkies are tapping them on client side. if not by other means then by bugging the headsets. that would certainly explain how they know EXACTLY where the call is taking place since they're spying the site in person. it's fsb/kgb after all.
Re:Ah, the consequences of closed-source (Score:4, Interesting)
This would never happen with an open-source protocol.
Why not? If a protocol was open source, writing backdoors into it would be even easier. I mean, how many people know how to inspect code and remove the parts that are malicious?
Not many, I'm sure. But even one is sufficient. And unlike closed-source, that one person may pop up any time, anywhere in the world, including places where it's not possible for interested governments to muzzle him in time to raise the alert.
One of the reasons WHY open-source is so popular is that things like that can occur, hence open-source people are more likely to pay attention to how secure the stuff they're using is. And conversely, paranoid people will prefer open-source.
The best time to worry about security is before you need to. Afterwards, it may be too late.