2015-09-22

Skype downtime

Hello,

As many of you have noticed, Skype has experienced a bit of downtime lately. There are numerous news sources reporting on the issue, but other than to quote Microsoft's vague official statement on the subject, nobody really knows why.

Although I do not have any more first-hand insight into the nature of yesterday's issue than the next guy, I believe it is a good opportunity to remind everybody of this excellent article (part 1 & part 2; form 3) on the way Skype functions and the way it can be brought down.

Long story short, Skype is a P2P network, similar to torrents' DHT. Skype programs connect to one-another and form a self-organizing network, where individual roles are assigned automatically, without any need for special infrastructure. The big difference between Skype's network and your average torrent, from a security perspective, is that Skype trusts other Skypes completely and is willing to do anything the others tell it to do, whereas torrent clients do not have any such trust and handle incoming traffic with ample suspicion.

This trust is what enables Skype programs to so automagically and seamlessly work in any network setup, out of the box, even in very restrictive networks. But it also enables a potential hacker, to engineer a malicious packet, that is capable of self-propagating throughout the Skype network, altering or most likely blasting every Skype client it comes across (it is easier to create a modification that breaks a program, than a modification that makes it actually do something else).

The reason why this rather gaping security fault in Skype is not more frequently exploited by hackers is because Skype has a ridiculous amount of encryption in its program. Whereas most games on your computers are protected against piracy by one or at most two different levels of witty encryption, Skype is protected by no less than 7 distinct forms of encryption and obfuscation. Most hackers just figure the program is not worth the effort and this fact alone has left the program rather untouched for a number of years.

The first evil crafty packet made it's way into the Skype network in 2007. The symptoms were very similar as those of a few days ago, with the Skype network appearing inaccessible and additionally, some Skype clients crashing upon startup. The problem was eventually resolved, no doubt after the malicious packet had stopped echoing it's way trough the network. To remedy the problem at the time, Microsoft introduced a number of Linux Skype clients on the network, which were aimed to address the over-reliance of the Skype network on the Skype clients themselves. In essence, they have added a few different kinds of Skypes, to keep the network running in case all the Skype clients on people's computers drop dead for whatever reason. In other words, they have no idea what happened and just patched it up superficially.

What we have seen the Skype network do a few days ago makes me think that apparently, somebody has produced another proof of concept evil packet and released it into the network. Since nobody has released any papers on having accomplished this, the odds are that the authors of this one do not have our best interests in mind. Most likely something dark and dangerous is brewing somewhere out there, waiting to take the world by a storm, using Skype as it's means of propagation. And Microsoft is far from being ready to deal with it.

Just thought I'd give you the heads-up.

LP,
Jure