Surveillance of Skype messages found in China
EBay created the joint venture with the Tom Group, which holds the majority stake, in September 2005. The Tom Group itself was founded in October 1999 as a joint venture among Hutchison Whampoa, Cheung Kong Holdings and other investors. In its annual report this year, the Tom Group, based in Hong Kong, said that the number of Tom-Skype registered users had reached 69 million in the first half of 2008 and revenue had increased tenfold in the last year.
The researchers stumbled upon the surveillance system when Nart Villeneuve, a senior research fellow atCitizen Lab, began using an analysis tool to monitor data that was generated by the Tom-Skype software, which is meant to permit voice and text conversations from a personal computer. By reading the data generated by the program, he determined that each time he typed a particular swear word into the text messaging program an encrypted message was sent to an unidentified Internet address.
To his surprise, the coded messages were being stored on Tom Online computers. When he examined the machines over the Internet, he discovered that they had been misconfigured and that the computer directories were readable with a simple Web browser.
One directory on each machine contained a series of files in which the messages, in encrypted form, were being deposited. Hunting further, Villeneuve soon found a file that contained the numerical key that permitted him to decode the encrypted log files.
What he uncovered were hundreds of files, each containing thousands of records of messages that had been captured and then stored by the filtering software. The records revealed Internet addresses and user names as well as message content. Also stored on the computers were calling records for Skype voice conversations containing names and in some cases phone numbers of the calling parties.
Villeneuve downloaded the messages, decrypted them and used machine translation software to convert the Chinese messages to English. He then used word frequency counts to identify the key words that were flagging the messages. The exact criteria used by the filtering software is still unclear, he said, because some messages on the servers contained no known key word.
He said that in addition to capturing the Skype messages sent between Tom-Skype users, international conversations were recorded as well, meaning that users of standard Skype software outside China were also vulnerable to the surveillance system when they had text conversations with Chinese users.