Sunday, January 16, 2011

Skype: a flaw from a secrecy standpoint

Ask your technologist friend what is the most popular communication tool for activists in oppressive places, and Tor would be a likely, alas a wrong, answer. It is actually a commercial workhorse, Skype.

Skype has several properties, making it great for underground networks, even over purpose-built initiatives. It is:

  • Ubiquitous. Everyone uses Skype, so its possession is not incriminating.
  • User-friendly: running it is a no-brainer for an average non-technical activist.
  • Secure. Its decentralized nodes and encrypted data streams make it near impossible to intercept and inspect the traffic.
  • Extremely resilient. During network troubles, Skype is the last service to go down. Its P2P nature and non-standard protocol make it nontrivial to block even on purpose.
  • Flexible. You get voice, video, instant messaging and file sharing services. All for free.
This all is pretty fascinating, considering that none of that was designed with clandestine operation in mind. However, there is one property that makes it unsafe, and indeed a lot of our friends in Belarus were burned by it during the last few weeks. It typically unfolds like this:
  1. Alice, an activist, is arrested by law enforcement, and her PC is seized.
  2. Skype installation is discovered. After some persuasion by a KGB investigator, Alice reveals her account details.
  3. An officer logs in with her Skype credentials. History is then searched for chat participations.
  4. When an old IM conversation with an activist Bob is opened, the history is accessible. But, even if history was wiped, it can be obtained when Bob comes online the next time.
  5. Bob is arrested by law enforcement and his PC is seized.
Of course the more participants were in the chat, the easier it is to obtain full history. You can see how a huge network can be easily uprooted with this simple approach. It is not really a flaw but a side-effect of a clever way Skype IM system works.

So if any Skype Inc. employee ever comes over reading this, I beg you to introduce a privacy option to IM. Please allow to create chatrooms with no history logging at all. This will probably be the biggest effect on people's lives you ever done with a single check-box.

Friday, January 14, 2011

Age of surveillance: the fish is rotting from its head

On 19th of December, 2010 elections were held in Belarus, my dear home country. The apparent popularity of opposition candidates was met with a crackdown. Seven out of nine presidential candidates were thrown to jail, some of them maimed in the process. A peaceful street protest of tens of thousands was brutally dispersed, with many hundreds beaten and arrested. All NGOs and political parties shut down, with human rights activists dragged to courts.

While none of it really was new for this long abused nation, some things surfaced for the first time. The Great Belarussian Firewall debuted, shutting down SSL connections, blocking major social media websites and replacing opposition news outlets with fake dummies. Traditional wiretapping of phone networks was combined with GSM location services: thousands of people are now getting subpoenas and are dragged to police stations for being on streets in the vicinity of protests.

Similar things were happening throughout Iran elections, and are becoming increasingly more common with oppressive regimes. Unlike North Korea they don't block communications access to their citizens outright, but keep hand on the vital parts of infrastructure in order to censor or selectively bring the access down.

In case of Belarussian nation-wide firewalling, there was a combination of port filtering, to block secure access to genuine services, and DNS/IP spoofing, to introduce fake services. It is unknown whether deep packet inspection was taking place, but it is not implausible to assume so: some services allow to downgrade from SSL gracefully, thus enabling the state to collect unencrypted traffic of the victims. Ministry of Communications retains full control of backbones in the country, so events certainly occurred at that level in hierarchy. On a national scale, such an operation requires hardware of a certain performance capacity, which was probably procured long ago.

Phone tapping has long history in the country, dating back at least to young Soviet Rebublic days. The tapping is traditionally done at branch exchange service level, where law enforcement has immediate and direct access. Cell-tower triangulation services, however, were employed for the first time to locate and identify protesters with mobile phones on such scale.

None of the intervention into phone networks required consent or assistance of network operators. The equipment used provides prefab controls out of the box.

Now let us pause and let it sink a bit. Communications equipment, procured from the West, provides built-in controls for totalitarian states to monitor its citizens. How come?

Wiretapping becomes increasingly more common and accessible to law enforcement of the First World. Terrorism scares allow legal safeguards to be removed, placing the access to the cops' fingertips. As their citizenry becomes increasingly watched, Big Brother features creep into equipment specs. The equipment, produced by Alcatel, Siemens, Cisco and others is then sold to Iran, Myanmar, Belarus and other repressive regimes, as part of normal network operator procurements.

While the liberty movements in the West are busy enough doing good job fighting off the surveillance wave at home, the totalitarian customer segment remains steadily serviced, by the virtue of civil opinion there being discarded and silenced. After the crackdowns, there been much talk in EU and the USA about various sanctions against the repressive officials of Belarus. While this is an important act of solidarity, personal sanctions were not able to achieve much before, and are not going to be efficient now either. What can be done, however, is attacking the problem from communications end, curbing Lukashenko's capability to monitor and choke people of Belarus. Such steps could be:

  • Introducing CoCom-like embargo on import of equipment with surveillance capabilities. If a backbone switch has inspection capability that can't be crippled in firmware, it shouldn't be shipped to totalitarian regimes. As simple as that.
  • Banning service contracts involving Belarus for existing line of equipment with surveillance capabilities.

This may sound hard in a globalized world, but this kind of stuff is made by just a handful of corporations worldwide, with headquarters mainly in the U.S. and EU jurisdictions. Unlike token sanctions, they will involve some (relatively minuscule) loss of corporate profit, but will greatly enhance opposition's capability to organize and stay out of prison. It is a moral choice that the West can easily follow and I believe will pay back manyfold.