Bavarian Skype Trojan

[Osiris]

Two, seemingly authentic, documents have been leaked to the German Pirate Party on Wednesday containing information about costs and technical information about a Skype trojan that could be used to eavesdrop on Skype communications. The documents contain indications of at least one operation of the Skype Trojan in Germany.
Some of the key elements of both documents were the following:
The installation of the Skype trojan could be by email or by the police in the apartment.
The software could be updated, extended and removed without leaving traces on the system.
Data would be send through a computer located outside German jurisdiction.
Access to internal settings of the Skype client and access to SSL-encrypted websites.
The two zipped PDF documents contain information about the company that designed the Trojan, the costs of the Trojan and the federal agencies. The second document contains detailed information about the technique used to eavesdrop on communications, especially what the so called Skype Capture Unit does.
The Skype Capture Unit is installed on the client’s system, capable of recording voice and chat among other things, and directs the data to a recording server. A Recording proxy was not part of the offer but would be possible to install as well. Members of the police would be able to access the data on the recording server in real time.
The document further mentioned that Skype Capture Units were only available for Windows XP or Windows 2000 at the moment.
Besides offering the Skype Trojan Digitalk also offered Man in the Middle attacks on SSL encrypted web traffic if the client would be using Firefox or Internet Explorer.
The costs for the operations are the following:
Skype Capture Unit €3500 per month
Installation of Unit €2500 once
Man in the Middle Attack €2500 per month
You are currently safe if you use Windows Vista, Linux or have a Mac. You are safe with Opera or Safari.
The question that a lot of people in Germany are currently asking are about the low costs of the software. Some see it as an indication that there had to be an agreement to use those units on a large scale.
Before everyone else says: Yeah, that’s Bavaria, part of Germany. I live in XXX, why should I care ? I would like to point out that other countries are most likely using techniques like that as well. Or, they simply ask Skype for assistance which is possible if you read the Skype Privacy Statement:

Please be informed that, notwithstanding the abovementioned, in the event of a designated authority lawfully requesting Skype or Skype’s local partner to retain and provide personal data, communications content and/or traffic data, Skype and/or its local partner will provide all reasonable assistance and information to fulfil this request.

Bavarian Skype Trojan : Welcome To Tech-Dump