Whether it’s your typical Skype video chat or a secured United Nations videoconference, video communications are getting hacked. German news magazine Der Spiegel reports that the latest documents leaked by whistleblower Edward Snowden shows that the NSA broke the code for the United Nations internal videoconferencing system at its New York headquarters during the summer of 2012. Within 3 weeks of the breakthrough, the number of intercepted video calls rose from 12 to 458. Under international treaties, spying on the United Nations is illegal. However, the NSA isn’t the only one who’s been doing it. According to the documents the Chinese had previously also made attempts to hack the system.
A GigaOm post also notes that the NSA tapped the EU embassy in the U.S. and regularly monitors over 80 consulates around the world, which is discussed more at length in an English version article from Der Spiegel.
Microsoft Skype Cooperated with NSA Surveillance Program From the Beginning
A few months earlier, The Guardian published excerpts from more Edward Snowden documents which revealed that Microsoft Skype participated in the NSA PRISM surveillance program. In the past, there have been allegations of Skype keeping decryption keys (which allows them to give others access to your information) and other security weakness concerns. These papers clearly show that Skype’s design did and still does allow for secret surveillance. Indeed, Skype began its integration into the PRISM government surveillance program months before its acquisition by Microsoft. Moreover, the NSA and FBI have been able to mine Skype user data since February 6, 2011, the day right after Skype’s acquisition. Commentary from the NSA documents note:
“Feedback indicated that a collected Skype call was very clear and the metadata looked complete…. Collaborative teamwork [between NSA teams and the FBI] was the key to the successful addition of another provider to the Prism system.”
Source: The Guardian – Microsoft Hands NSA Access to Encrypted Messages
In 2012, NSA observed a 248% increase in Skype data collection with another note from the documents commenting, “exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype.” Since the acquisition NSA has gained even more ability to gather Skype data. According to a Guardian article:
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.
Despite the leaked documents, Microsoft denies knowledge of the Prism program, asserting Skype’s privacy policy: “Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content.”
Would you trust Skype for private communications?
And, of course, the call to action is to use VSee; which provides end(s)-to-end(s) 256-bit AES with FIPS 140-2 and HIPAA compliant security with no intervening server to worry about man-in-the-middle eavesdropping.