新闻链接:http://arstechnica.com/security/2014/05/encrypted-or-not-skype-communications-prove-vital-to-nsa-surveillance/
新闻时间:2014年5月14日,3:05am + 0800
新闻正文:新闻原文
Last year, Ars documented how Skype encryption posed little challenge to Microsoft abuse filters that scanned instant messages for potentially abusive Web links. Within hours of newly created, never-before-visited URLs being transmitted over the service, the scanners were able to pluck them out of a cryptographically protected stream and test if they were malicious. Now comes word that the National Security Agency is also able to work around Skype crypto—so much so that analysts have deemed the Microsoft-owned service "vital" to a key surveillance regimen known as PRISM.
Ars catches Microsoft accessing links we sent in our test messages.
"PRISM has a new collection capability: Skype stored communications," a previously confidential NSA memo from 2013 declared. "Skype stored communications will contain unique data which is not collected via normal real-time surveillance collection." The data includes buddy lists, credit card information, call records, user account data, and "other material" that is of value to the NSA's special source operations.
The memo, which was leaked by former NSA contractor Edward Snowden and released Tuesday by Glenn Greenwald to coincide with the publication of his book No Place to Hide, said the FBI's Electronic Communications Surveillance Unit had approved "over 30 selectors to be sent to Skype for collection."
The memo went on to state, "PRISM Skype collection has carved out a vital niche in NSA reporting in less than two years with terrorism, Syrian opposition and regime, and exec/special serious reports being the top topics. Over 2800 reports have been issued since April 2011 based on PRISM Skype collection, with 76% of them being single source."
Microsoft has remained vague about the extent of encryption protecting Skype communications. The memo suggests that those protections are limited, at least as far as buddy lists, credit card data, call records, and user account information are concerned. The data available under the "New Skype Stored Comms Capability For PRISM" may not stop there, given Microsoft's documented ability to read the plaintext inside instant messages.
