RSSSkype admits security breach in China
By Tim Conneally | Published October 3, 2008, 2:15 PM
Skype's Josh Silverman admitted yesterday that a security breach enabled Chinese Skype users' instant message conversations to be recorded and made accessible on public Web servers.
"It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years," said Silverman. He went on to cite Skype's public disclosure in 2006 of putting text filters in place to block certain words the Chinese authorities found "offensive."
However, what came as a shock to Silverman, and the rest of the Skype-using community, was that Chinese mobile Internet company TOM Online had been uploading and storing chats containing questionable keywords. Furthermore, a security breach allowed outside users to access and read the intercepted communications.
Silverman's announcement follows the release of a document from University of Toronto Citizen Lab researcher Nart Villeneuve, who discovered that TOM-Skype was not only filtering out swear words and seditious phrases, but also intercepting and saving them on eight servers in China.
Inspection of these servers found that terms related to political issues such as Taiwanese independence, the spiritual practice Falun Gong, and Communist Party of China opposition were all recorded. Further analysis from the group found that it may not even be strictly keyword driven, and it may have been targeting specific users.
These terms and more have been at the forefront of China's online censorship exploits. The Ministry of Public Security has dispatched as many as 30,000 "cybercops" to monitor Web content and activity since 2007.
According to state council decree number 343, which focuses on publishing (including online), all content "shall adhere to the principle of serving the people and socialism, and shall continue to be guided by Marxism-Leninism, Mao Zedong Thought, and Deng Xiaoping Theory. Publishing shall disseminate and accumulate all scientific and cultural knowledge that is beneficial to the elevation of the national character, the development of the economy, and the improvement of society, and shall enhance the outstanding characteristics of the national culture, promote international cultural exchanges, and enrich and elevate the spiritual lives of the people." The government's vigilance is a testimony to how seriously it considers dissenting speech.
Silverman said, "We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach. In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM."
So the messages are no longer visible to just anyone, but the IM-tapping will continue.
Silverman closed his statement by saying "Our challenge is to bring this valuable service to people all over, including China, while being transparent to our users and staying within the boundaries of the local laws. We are committed to meet this challenge."
TOM says that 39.7% of Internet users are signing on primarily to use instant messaging services, making this the number one reason the Chinese go online. It seems unlikely that this realm will ever be untouched by the Chinese government.
BETACHECK
For more:
- Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform by Nart Villenueve. From Citizen Lab, Munk Centre of International Studies, October 1, 2008.
- Skype's response to news: "Skype President Addresses Chinese Privacy Breach" by Josh Silverman. From share.skype.com, October 2, 2008.
- TOM.cn public usage statistics (as of Nov. 2007).
- "Falling Short." From the Committee to Protect Journalists, August 2007.
- "Human Rights Watch Reporter's Guide to Covering the Beijing Olympics." From Human Rights Watch, June 2008.
Is anyone really surprised? Does anyone think that in these days most, if not all governments are on he lookout for terrorist threats and activities of groups that pose a risk to political and civil security? This stuff has been going on in other countries for many years. I couldn't care less if they read my chats. They would just be putting the scanners to sleep. Now if I was planning acts of civil disobedience, like bombing buses, that would be another matter and I suspect that there are a lot of folks that would be glad that the authorities are watching and taking action. Well, thats what is happening. Does anyone really think that any government cares about who is sleeping with who or what they do under the sheets. It's a dangerous world out there today. Let them read all they want.
Score: 0
|Except with China, they are not simply concerned with terrorism! They are concerned if you think or speak differently from the approved party line!
It may be hard for you to understand, but for all of the end runs around much of the Internet censorship (such as displaying webpages vertically instead of horizontally ;-); most there still have no clue about the occurances in Tienanmann Square in 1989! And they are surprised to see pictures of the Tank Man and horrified to learn of the true extent of the carnage (of which most here are clueless as well - such as the wanton shooting of aid/ambulance workers and families simply trying to recover bodies for several days afterwards!)
In a free country, I agree, one should not NEED to worry. But China is NOT free, despite the loosening of the financial reigns allowing the people to make more money at the price of retaining a one party totalitarian government!
Your logic does NOT apply to mainland China!
And now, thanks to the @ssholes at Skype, who have evidently compromised the security of Skype for economic expediency WITHOUT INFORMING THE USERS!!!!!!!!!!!!!, we must now employ independent means of endpoint encryption independent of the carrier!
THAT is the REAL story here!
Score: 0
|So what we need are endpoint encryption tools to encrypt what is sent over Skype.
Score: 0
|Am I missing something? I thought Skype encrypted all its communications.
Score: 0
|Obviously Skype has made concessions as the price of doing business in China as all others have had to do!
Score: 0
|It seems that Tom-Skype provides the decipher key to the authority.
Score: 0
|I'm pretty surprised that Chinese people still use Skype knowing that it is insecure. WOw! ;|
Score: 0
|Insecure?
http://www.nzherald.co.n...5&objectid=10477899
Score: 0
|How would they ever know it was insecure? The media is government-monitored and the internet is behind the great firewall of China. How would the information that Skype was insecure ever get through to them?
Score: 0
|