Researchers ID Skype users who also use BitTorrent
The research chips away at the perceived privacy protections of using Skype's encrypted service
IDG News Service - Entertainment companies seeking to trace people who are illegally file sharing may be interested in new research that could identify filesharers through their Skype accounts. A research team has figured out how to link online Skype users to their activity on peer-to-peer networks, a correlation that could represent a major threat to users' privacy.
The study focused on how a Skype user's IP address can be determined without that user knowing, and then linking that same IP address to files that are being shared through peer-to-peer networks such as BitTorrent.
Using information that users publish in Skype's directory, such as their name, location and birth date, the researchers were able to get very close to identifying the person doing the sharing. They note, however, the method will just identify a machine rather than an actual person behind the computer.
A Skype user's IP address can be figured out even without their knowledge due to a major privacy vulnerability, the researchers wrote. Skype was notified in May -- the same month that it was announced Microsoft had acquired the company -- but the issue has not been fixed.
Skype's Chief Information Security Officer, Adrian Asher, said in an e-mailed statement that "just as with typical internet communications software, Skype users who are connected may be able to determine each other's IP address. Through research and development, we will continue to make advances in this area and improvements to our software."
Skype's peer-to-peer routing system means many machines are involved in setting up a Skype call. But the team figured out a way to sift out the nodes through which calls are routed and determine the user's real IP address by sniffing the packets.
Because Skype uses a proprietary protocol and encrypts the payloads of its messages, packets coming from the called party can't be inspected, the researchers wrote. Instead, they looked at the patterns between a caller and the Skype nodes.
Due to Skype's privacy vulnerability, an IP address could be extracted even if the caller wasn't in the called party's Skype's contact list, or if the caller had been blocked. The researchers also found a way to exchange packets with a user without them ever receiving a notification of a call.
The researchers built a Skype tracker that selected a set of 100,000 identified users. To correlated those IP addresses with files shared on BitTorrent, they also built tools to collect BitTorrent file identifiers, called infohashes, a BitTorrent crawler to collect IP addresses on the network and a verifier to match an online Skype user with an online BitTorrent user.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts