In the aftermath of the MegaUpload seizures we’ll hopefully learn more about how the FBI gained access to Skype transcripts. As reported by CNet,
TheFBI citesalleged conversations between DotCom and his top lieutenants, includinge-mailand Skype instant-messaging logs. Some of the records go back nearly five years, to MegaUpload’s earliest days as a cyberlocker service—even thoughSkype says“IM history messages will be stored for a maximum of 30 days” and the criminal investigation didn’t begin until afew months ago.
Sources told CNET yesterday that Skype, the Internet phone servicenow owned by Microsoft, was not asked by the feds to turn over information and was not served with legal process.
The U.S. Department of Justice told CNET that it obtained a judge’s approval before securing the correspondence, which wouldn’t have been necessary in the case of an informant. “Electronic evidence was obtained though search warrants, which are reviewed and approved by a U.S. court,” a spokesman for the U.S. Attorney for the Eastern District of Virginia said.
Skype saves chat records with contacts in a directory on the local hard drive, which could be accessed by FBI-planted spyware.
While it wouldn’t necessarily be surprising if spyware was used, it would be interesting to see more details of this come to public light. Moreover, was the spyware/electronic access authorization acquired in the US and then the malware implanted on computers in foreign jurisdictions, or did it target local (American) computers? If it was implanted on foreign computers, were local authorities aware of what was going on and did they have to give their approval?
Surveillance technologies are a double-edged sword, one that often lack a hilt guard.
According to the report, a top German security official installed a trojan on his own daughter’s computer to monitor her Internet usage. What could possibly go wrong?
Nothing—well, at least until one of the daughter’s friends found the installed spyware. The friend then went after the dad’s personal computer as a payback and managed to get in, where he found a cache of security-related e-mails from work. The e-mails, in turn, provided the information necessary for hackers to infiltrate Germany’s federal police.
That was bad, but it got worse. The hackers got into the servers for the “Patras” program, which logs location data on suspected criminals through cell phone and car GPS systems. Concerned about security breaches, the government eventually had to take the entire set of Patras servers offline.