RSSGerman police consider surveillance through Skype
By Tim Conneally | Published January 28, 2008, 5:00 PM
Leaked classified documents could point to a Skype and SSL intercepting system that could be launched in southern Germany next month.
In the wake of a foiled terrorist plot against U.S. installations in Germany in September, discussions began over granting police more freedom in surveillance. Federal interior minister Wolfgang Schäuble, member of the Christian Democratic Union, proposed a surveillance method that would involve the use of Trojan horses, allowing police to remotely and secretly search terror suspects' hard drives. Interior ministers failed to come to a conclusion regarding the legality of such a practice.
Two weeks ago, however, Bavarian Minister Joachim Hermann's spokespeople told German news magazine Focus that Bavaria would not wait for planned federal legislation on that matter, and put the bill forward to legalize enhanced police surveillance in Bavaria in February.
Classified documents from September 2007, leaked last week by the German political "Pirate Party," show one particular system that Bavarian police could have in place by February, and its high operating cost.
The system, provided by a company known as Digitask, is called a "Skype Capture Unit," and is essentially a malware client installed onto the surveillance target. It intercepts Skype voice and chat data, purportedly offering real-time streaming of hijacked content. Digitask also offered the police the ability to intercept and decrypt SSL-based communication with a "man-in-the-middle" style attack. Rental of these services would cost the Bavarian Police force €6,000 per month per instance. A further €2,500 fee would also be incurred per installation.
The document does not definitively say if this is, in fact, the system to be used. It contains language that could be construed to mean there are other companies contracted for similar services by the Bavarian police.
Hermann said he will "personally approve" everyone who is to be searched, and it will only be permitted with a justified suspicion of severest criminal offenses, like planning an act of terror.
I am curious how the SSL would be decrypted in a timely way. At least one of the keys must be obtained. I just don't know enough about this I guess.
Score: 0
Once a nazi, always a nazi. Two world wars center around one race. I'll give you a hint, it rhymes with Herman and Sherman.
Score: 0
and people complain about the USA................
Score: 0
As if they wouldn't do (or don't already do) this is in the U.S.
Score: 0
May I ask how they intend to get this malware on to the suspect's computer?
Score: 0
The documents don't detail that, but it has been suggested that it would be through Email attachments. I find that humorous.
Score: 0
I've heard is that they want to do it the old-fashioned way (break into your home and install the software/device locally).
Score: 0
I'd like to know how they are able to crack SSL through a man in the middle attack as this supposedly has not been cracked. If it has then I guess we need to stop shopping on the internet as this is how transactions are secured.
Score: 0
I bet sony could have done it cheaper !
Score: 0