Donate for the Cryptome archive of files from June 1996 to the present

20 March 2014. Add comments.

19 March 2014

Skype and Crypto Promoted by Snowden a Ploy?


In connection with using "encrypted, secure connection" Skype for Snowden's imagery at SXSW and TED, as well as encrypted comms with journalists and event organizers, what has led these comsec advisors to believe that all too vulnerable Skype is secure, as well as all too vulnerable popular crypto pushed for journalists?

Is there any indication Snowden has deployed less vulnerable protections which have not been disclosed as backing for his encouragement to trust encryption and to allow Skype to finger his location and leak his comms?

To be sure, many of his remarks seem to be carefully scripted for low-brow consumption characteristic of journalism. So there may be a secure back-channel being used with Skype and pop crypto as diversion.

The low-brow slides, clips, short docs, redactions released by the media point to a deception of some sort yet to be disclosed until 25 years has passed. Hyperventilating press accounts of the releases suggest either deception, inexperience or technical ignorance or all.

Still, that kind of misleading comsec deception would be commonplace security measures characterisitic of NSA and wizards -- to induce the flock to churn massive amount publicity about encrypted comms -- and Skype -- to camouflage the Tor-Beyond-Tor, blacker and deeper comms, not to say the even blacker and deeper tools either not seen by Snowden or not yet released.

More sopisticated would be to use the small amount of NSA releases to cloak far greater distribution (a method used by WikiLeaks and the black market as well as the spy industry). That too would closer to what the big boys and girls do, and therefore would be exactly what they are watching for. Including watching for ploys to hide ploys.

And like the NSA, why would the Russians not carefully watch whatever comms originate there by Snowden or received by him? Skype has been ostentatiously breached by Russia and any of its variations and cloakings would be prime targets. Nothing is more carefully watched in Russia than crypto, and its vulnerabilities are meticulously studied and exploited there, in the US and globally. But there will be no Snowden-like revelations, nor disclosures of vulnerabilities -- as once there was not by NSA, presuming Snowden is not running a honey pot to bait the Russians forever fearful of just that.


Paulmd199 tweets: SXSW was a Google Hangout, TED was a Beam telepresence bot. Neither is Skype. Jus' sayin'.

Cryptome tweets: Thanks for saying. Vulns are similar. RU masterminds transceivals via sub-data. "Tor-sub-tor." As do others. 


A1 posts:

If this was a live conference stream with media types, direct Skype may have been used since:

- Training a bunch of idiots to use something secure is a pain. Perhaps traded off with a disposable location and/or that Snowden is now diplomatically safe in Russia.

- Tor's network characteristics are usually ok for some voice, but insufficient for live media video.

That said, Skype is closed source, carries no future guarantees, and has a controversial track record... therefore it should not be trusted under any circumstances. Far better options exist for approaching your private comms needs...


A2 sends:

Per your ruminations on Snowden back channels in RU:

RAPSI, "FSB, Russian police could tap Skype without court order,"

March 14, 2013, Moscow News,

"Since its acquisition of Skype in May 2011, Microsoft has added a legitimate monitoring technology to Skype, says Maksim Emm, Executive Director of Peak Systems. Now any user can be switched to a special mode in which encryption keys will be generated on a server rather than the user's phone or computer. Access to the server allows Skype calls or conversations to be tapped. Microsoft has been providing this technology to security services across the world, including Russia."