Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacked Skype IP Address Search Shows Who's Speaking From Where

timothy posted more than 2 years ago | from the we-see-you-mr-appelbaum dept.

Privacy 84

mask.of.sanity writes "An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information."

cancel ×

84 comments

Sorry! There are no comments related to the filter you selected.

SlashBI? (0)

Anonymous Coward | more than 2 years ago | (#39858751)

I entered "SlashBI" and it didn't come up with anything.

oh (-1)

Anonymous Coward | more than 2 years ago | (#39858759)

oh

Service temporary unavailable. (1)

devilsdean (888911) | more than 2 years ago | (#39858777)

That was quick

Re:Service temporary unavailable. (2)

Eponymous Hero (2090636) | more than 2 years ago | (#39858953)

looking at the message history, quotes like "Service is down again: skype strikes back" imply that skype is doing something to protect their users' privacy. at the least it proves that Ivan thinks so.

Hmmm. (1)

BrokenHalo (565198) | more than 2 years ago | (#39863717)

What strikes me as a bit sick (or at least sad) is that anyone might feel this project is a good use of their time. I can think of no reason why a skype user need be legitimately stalked in this way except for purposes of law enforcement, and those authorities already have resources at their disposal.

Re:Hmmm. (-1)

Anonymous Coward | more than 2 years ago | (#39863771)

Which part of "Microsoft product" do you not understand?

Re:Hmmm. (2)

Anonymous Coward | more than 2 years ago | (#39863951)

Because without people like this guy, who is probing for weaknesses and making some noise about them, you rely on a security model of 'security through obscurity', and we all know that only idiots think that's real security.

Re:Hmmm. (1)

hobarrera (2008506) | more than 2 years ago | (#39875767)

Because this sort of project proves how flawed skype's so-called security model is in the first place.
It's yet one more thing you can point at when listing skype's defects.

not surprising (3, Insightful)

v1 (525388) | more than 2 years ago | (#39858799)

Can be done very simply with a little bit of tcpdump. they're just sniffing network traffic from the machine to reveal information that skype doesn't normally display.

They make it sound like it's some awesome service hacking app when it's just displaying information the client app is just choosing not to show you.

Does this really surprise anyone? Skype directly connects you to another user. Their servers aren't a relay, they're just a meeting point to hook users together. Both users' computers simply have to have the IP address of the other person for their service to function. (though I could see them relaying just text traffic, but certainly not audio/video)

Re:not surprising (0)

Anonymous Coward | more than 2 years ago | (#39858941)

I am surprised... the user on the other end should have to "pick up" an incoming video/voice chat to initiate this direct connection. The call and text messages should be routed to preserve some degree of anonymity.

Re:not surprising (1)

plover (150551) | more than 2 years ago | (#39860847)

Why? Anonymity is not a property they promise to deliver.

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39895121)

Because in this case, it means privacy (it divulges to third party my location), and in some cases, security (ir no-one knows your IP, I guess you're pretty safe from any sort of attack).

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39863831)

Its a peer 2 peer network. Why would you expect any form of anonymity?

Skype was never designed to be Tor

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39895137)

They certainly don't advertise it as a p2p network, rather as a "free internet phonecalls" service.

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39905891)

Why would they need to, nobody outside of /. cares about any of the technical specifications.

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39914493)

Its a peer 2 peer network. Why would you expect any form of anonymity?

Let me rephrase:

"People would not expect a lack of anonymity asociated with p2p networks because skype is not advertised as a p2p network, rather as a "free internet phonecalls" service."

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39914543)

So where is the expectation to privacy? People don't complain about their normal phone being traceable, why would this be an issue?

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39914549)

Also skype has never been marketed as an Anonymous communications channel.

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39915925)

You're just trolling, right?
Users don't expect strangers to be able to track down sensitive data such as their IP address by using the service, it's generally implicit. Most IM/VoIP don't advertise this sort of feature; it's implicit.

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39916125)

Websites don't advertise that they can see your IP address either. Let alone other information such as you browser and Operating System. You IP isn't "sensitive data" it's used for routing data on the internet. If you don't want anyone to know it then don't connect to them or use a service that is designed for anonymity..

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39916397)

So when you use any IM service, it's, in your opinion, normal for any random stranger to be able to deterine your IP address, even those totally unrelated to the service providers?

I think it isn't. And skype is the only one (save for IRC) with a hole like this.

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39916615)

It's not a security hole. It's how the internet functions.

Skype isn't intended to be anonymous, if you want total anonymoity you need to use a VPN. That's true for everything you do online don't assume its anonymous just because the client doesn't show that information.

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39941361)

XMPP (by far, the most used IM client) doesn't expose you IP address to other users, unless you do a video/voice chat, in which case, it's inevitable.
Why would I except less for a closed service which has payed features?

Re:not surprising (1)

Dan541 (1032000) | more than 2 years ago | (#39942171)

Because XMPP uses a client-server topology, whereas Skype is a Peer to Peer network and therefore clients make direct connections to one another.

Re:not surprising (1)

KhabaLox (1906148) | more than 2 years ago | (#39972381)

Websites don't advertise that they can see your IP address either.

Actually, I've had several websites warn me that my IP address was being broadcast*.

*Not technically true, I know.

Re:not surprising (0)

Anonymous Coward | more than 2 years ago | (#39859051)

A flaw that they should have noticed by now.
Direct Connect isn't exactly an old idea.

If anything, the network Skype is based on should have at the very basic level been built up like Tor to a lesser extent so that you could never find the original IP of a person that you want to request to Add or send a text message to or whatever else.
And of course the usual things to prevent people abusing this by spamming like wild.
One single relay through another user would have prevented this. We don't need ultimate security like someone trying to hide from a nasty government requires, we just need a very basic relay.

Seems like a rather basic thing to not think about when designing a P2P network that is based on peoples identities.

Re:not surprising (-1)

Anonymous Coward | more than 2 years ago | (#39859211)

New idea, new idea damn it.
That's what I get for thinking about time travel and posting chronology.

I can't believe they even said on the article (yes I just RTFA, sue me) that it is an industry-wide issue.
No it isn't, it is a moron-wide issue.
P2P can be run anonymously and has already been proven several times.
If you have the numbers of a system like Skype, it doesn't matter if any government used every IP it owns, they still couldn't grab enough useful information from it even with a simple 1 deep relay.
That is as long as you force server on everyone. (it is just a simple request and absolutely basic text relay, any connection besides 56k could handle that with a breeze)
Things like Tor are inherently broken simply because you don't need to be a server to be on the network.
There are good and bad scenarios that come about this, but most are bad simply because not being a server increases your chances of being found since you aren't an exit node, just a receiver.

So, come on Skype, fix this. It can be fixed. It is trivial besides the bug that was described.

Re:not surprising (1)

Talennor (612270) | more than 2 years ago | (#39859851)

I'm sure you could run your skype traffic through TOR. Not sure the quality of service you'd get... (Ok, I'm sure, and it's not looking good.)

Re:not surprising (2)

plover (150551) | more than 2 years ago | (#39860915)

What makes you think that Skype wants or needs to preserve anonymity? Consider that you are contacting Skype yourself and saying "This is Joe Sixpack. Please connect me to J. Random Hacker at +1-123-456-7890. And yes, I understand my information is on file so you can bill me for this call." You're already not anonymous.

Re:not surprising (1)

hobarrera (2008506) | more than 2 years ago | (#39895281)

Not anonymous from them, but you'd expect third parties no to be able to trace you down through them.

Re:not surprising (2)

garaged (579941) | more than 2 years ago | (#39863965)

And what it is so important about a skype call that needs that kind of security? I've been chatting on IRC for almos 2 decades and ip info has never been an issue

Re:not surprising (5, Informative)

Anonymous Coward | more than 2 years ago | (#39859101)

Actually, the service works by sending the owner of the username a contact-info request (used for instance while searching for users to add to your contact list). The difference from what you mentions is that the target is not notified in any way (as opposed from when sending them a message or calling them), and also have no option to block the request.

Re:not surprising (1)

Lumpy (12016) | more than 2 years ago | (#39859223)

Um. no.

Skype DOES use relay servers when there is no ports open on the firewall that a user is behind. It's why skype works all the time and raw VoIP can not without opening ports.

Re:not surprising (5, Informative)

Anonymous Coward | more than 2 years ago | (#39859477)

The servers are used to facilitate UDP Hole Punching. Once the NAT/Firewall has been bypassed the communicate is direct.

http://en.wikipedia.org/wiki/UDP_hole_punching

Re:not surprising (0)

Anonymous Coward | more than 2 years ago | (#39859293)

I am not user of Skype, but I can think of a way to not informing your IP to everyone who just asks: Make client that gives IP only when user accepts to "answer". That is if Skype servers deals with bulk of meta-info such as messaging and online-statuses etc why it needs to broadcast IP until video is accessed.

Re:not surprising (1)

w.hamra1987 (1193987) | more than 2 years ago | (#39859629)

Actually, Skype DOES use relaying. I use skype from behind a NAT, and so do most of my contacts, we're all inaccessible through our external IP addresses, and sometimes, me and my contact are from the same ISP, and hence behind the same NAT, sharing same external IP address. why it works? because our communication goes through skype servers!

Re:not surprising (4, Insightful)

Talennor (612270) | more than 2 years ago | (#39859785)

http://en.wikipedia.org/wiki/NAT_traversal [wikipedia.org]

Skype servers help make the connection, but aren't involved in the data stream.

Re:not surprising (0)

Anonymous Coward | more than 2 years ago | (#39864801)

So how does NAT traversal work if BOTH parties are behind NATs that don't allow UPNP ( e.g. corporations)?

Say P is behind NAT A, Q and R are both behind NAT B.

What destination IP and destination port should P use to try to talk to Q (and not R)? How would even Q know the port P should use at this point since it would be assigned by the NAT B device. And the NAT B device might not even know if it assigns the source ports randomly since Q hasn't sent any traffic yet.

Same problem the other way round.

Re:not surprising (1)

lindi (634828) | more than 2 years ago | (#39866293)

It works easily. See e.g.  http://www.usenix.org/event/usenix05/tech/general/full_papers/ford/ford_html/

Re:not surprising (0)

Anonymous Coward | more than 2 years ago | (#39859679)

To the layman Internet user, this is 'some awesome service hacking app'.

The majority of this community, know otherwise.

Also, don't use Skype.

Re:not surprising (4, Insightful)

s_p_oneil (795792) | more than 2 years ago | (#39860395)

"Can be done very simply with a little bit of tcpdump."

Um, no. Not even close. This is a web site that can find any Skype user in the world by their Skype username. No one (not even the web server) needs to have Skype installed to use this, and no packet sniffing is being done. Since the encryption used for Skype's TCP connections starts with a Diffie-Hellman key exchange, a tcpdump would be pretty useless. Sure you could see your own Skype client talking to 100 different IP addresses, but you wouldn't have any idea who was at the other end of them, and you would have no way of sniffing the packets of every Skype user world-wide.

I agree that this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

Re:not surprising (0)

Anonymous Coward | more than 2 years ago | (#39861567)

Exactly.

Re:not surprising (1)

Zaphod The 42nd (1205578) | more than 2 years ago | (#39868691)

this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

QFT. I remember reading about the potential security exploits of skype some 5 years ago. If you speak skype to a node, it'll be happy to handle your requests with almost zero authentication, and it doesn't log it either. So you could extremely easily turn someone's skype box into a zombie to route your nefarious actions through. They'd have no clue you were doing it, no proof you did, and all evidence would show their IP was responsible. Perfect scapegoats.

I would say its trivial (0)

mehrotra.akash (1539473) | more than 2 years ago | (#39858925)

Infact, its likely that most people reading this comment would be able to do this in lass than a minute

Re:I would say its trivial (1)

mehrotra.akash (1539473) | more than 2 years ago | (#39858937)

* less than a minute

Re:I would say its trivial (2)

olsmeister (1488789) | more than 2 years ago | (#39859115)

Not if the service worked the way it should. While actual calls should be done peer-to-peer, things like requests for information, call setup/teardown, etc should be handled by Skype's servers, not exposing the IP of another user until a call has been established.

Either that, or just dial *67 first...

Re:I would say its trivial (0)

Anonymous Coward | more than 2 years ago | (#39859135)

If you know the person so they'll let you call them -- then yes. In this case you can look up info on anyone currently online without them being notified at all.

Article is ambiguous! (1)

InvisibleClergy (1430277) | more than 2 years ago | (#39858975)

The article says you just need to enter their skype username - does this mean that it works for even people who are offline? I know that I have at least one or two pseudonyms I've used for voice-chat while playing vidya games. If it does work for offline people, that would mean Skype is keeping logs of most-recent IP addresses.

Service seems to be down right now, so there's no way for me to test it.

Re:Article is ambiguous! (0)

Anonymous Coward | more than 2 years ago | (#39859037)

No, they need to be online.

Re:Article is ambiguous! (0)

Anonymous Coward | more than 2 years ago | (#39859045)

> If it does work for offline people, that would mean Skype is keeping logs of most-recent IP addresses.
Of course they are doing it, are you joking?

MY GOD !! SOME SORT OF CALLER ID !! IP ADDRESS !! (0)

Anonymous Coward | more than 2 years ago | (#39859009)

Is nothing sacred anymore ?? Someone can know my IP address !! This is MY IP address and I demand my PRIVACY !! MS can you never do nothing right !!

Yay (1)

jmDev (2607337) | more than 2 years ago | (#39859019)

Now I can have even more people tell me that they have my IP address and they know someone that can hack me!

Article summary author IP (4, Interesting)

Ziekheid (1427027) | more than 2 years ago | (#39859141)

Is it me or did the person who wrote the summary of this article accidentally include his IP when linking to the portal page?

Re:Article summary author IP (1)

slimjim8094 (941042) | more than 2 years ago | (#39859187)

Not just you. 216.34.181.45

Wow.

Re:Article summary author IP (0)

Anonymous Coward | more than 2 years ago | (#39859393)

Non-authoritative answer:
45.181.34.216.in-addr.arpa name = slashdot.org.

Re:Article summary author IP (1)

Un quebecois (621765) | more than 2 years ago | (#39859403)

whois 216.34.181.45

Savvis SAVVIS (NET-216-32-0-0-1) 216.32.0.0 - 216.35.255.255
SourceForge, Inc. SAVV-S234813-8 (NET-216-34-181-0-1) 216.34.181.0 - 216.34.181.255

Re:Article summary author IP (1)

Anonymous Coward | more than 2 years ago | (#39860411)

Actually that IP points to slashdot.org, according to whois.

Re:Article summary author IP (1)

Toad-san (64810) | more than 2 years ago | (#39867969)

And has anyone else noticed that the "portal" (well, the link anyway) is down?

http://skype-ip-finder.tk/abused#66677:43676:216.34.181.45:/ [skype-ip-finder.tk]

"Thank you for visiting

SKYPE-IP-FINDER.TK

This domain and website have been suspended because of abuse or copyright reasons."

Hacked? (0)

Anonymous Coward | more than 2 years ago | (#39859233)

Skype will happily supply your client (and consequently you) with the IP address of any user, here's what you need:
- Skype
- Any traffic monitoring application (tcpdump, Wireshark, even netstat would work)
1- Search for the user name using Skype
2- Try to call/chat with them
3- Collect the IP from your traffic monitoring application
4- ???
5- Profit!

ISP location is not your location (1)

dwillden (521345) | more than 2 years ago | (#39859279)

Wow so they think they can determine your location via your IP address and the ISP location. My ISP is HQ'd in or near Denver CO, I live in Utah, all the web-ads that try to target my location target me as being in Denver. So hack away, you'll still be hundreds of miles off, based solely on my IP.

Re:ISP location is not your location (2, Funny)

Anonymous Coward | more than 2 years ago | (#39859407)

Thank you sir for that info... We will be making adjustments to our database to compensate for the error.

Re:ISP location is not your location (1)

laffer1 (701823) | more than 2 years ago | (#39859419)

This really depends on your ISP and package. As I have a business class package with static IPs and Comcast delegates them via ARIN, one can see my home address via my IP address.

Re:ISP location is not your location (0)

Anonymous Coward | more than 2 years ago | (#39859435)

Not any more

Apparently (0)

Anonymous Coward | more than 2 years ago | (#39862417)

You have not yet heard of skyhook; either that or you aren't using wireless. http://www.skyhookwireless.com/ -- If you are using wireless, then your IP probably reveals your location to within meters.

Re:Apparently (0)

Anonymous Coward | more than 2 years ago | (#39868161)

You have not yet heard of skyhook; either that or you aren't using wireless. http://www.skyhookwireless.com/ [skyhookwireless.com] -- If you are using wireless, then your IP probably reveals your location to within meters.

hmm.. I'm using wireless and never seen any location services or ad companies (other than Google and Facebook when registered user) being able to even place me in the correct country.

Not New, But Pretty Cool (5, Interesting)

cryptizard (2629853) | more than 2 years ago | (#39859323)

I saw this presented about a year ago at a security talk. If I recall correctly they were getting IP addresses by initiating a call but then terminating it before some threshold where the other party was actually notified, so it was invisible to the people they were tracking. The cooler part in my opinion was how they showed that something like 80% of people could be located on Skype (in the directory) based on information in their Facebook or LinkedIn profiles, allowing for targeted tracking of people. They also had some more advanced geo IP stuff to the point where they could get really good location results. The example they had was a woman in Florida where they could track her whole week's routine i.e. at work at 9:00, home by 5:00, where she goes to lunch, when she is visiting her grandmother in the next town. It is especially effective against people who are logged into Skype on their smart phones. Arguably the even cooler part was where they showed that they could track the entire population of a small country with something like $20,000 in computer hardware. As obvious as the nefarious applications of this are, it could also be pretty useful for tracking large scale movement for stuff like city planning.

Don't be hasty about trying this (2)

93 Escort Wagon (326346) | more than 2 years ago | (#39859347)

At least if you're a Skype user. It sounds like Skype is banning anyone who's logged in from the same IP address they're running this tool on.

Re:Don't be hasty about trying this (2)

ilsaloving (1534307) | more than 2 years ago | (#39859701)

Really??

Great! Now we just have to figure out how to convince all those stupid "I found you online and thought you looked cool!" Skype Bots to connect to that address!

Re:Don't be hasty about trying this (1)

Anonymous Coward | more than 2 years ago | (#39860177)

That's precious. We have a potential privacy issue, and if the blackhats without skype accounts do it, well, nothing we can do about that. But if you dare research it yourself, we'll shitcan your account. Don't you know it's wrong to be curious!

Re:Don't be hasty about trying this (0)

Anonymous Coward | more than 2 years ago | (#39865531)

At least if you're a Skype user. It sounds like Skype is banning anyone who's logged in from the same IP address they're running this tool on.

Meh, I'm on a standard residential account, so my IP is dynamic. Go ahead, ban me, I'll just change my router's MAC and get a new IP from my ISP and some other schmuck will get blocked instead.

easily blocked (0)

Anonymous Coward | more than 2 years ago | (#39859359)

Just don't enable javascript. Done!

Pretty easy to roll your own..... (1)

trancemission (823050) | more than 2 years ago | (#39859375)

Although not quite as easy as just firing up tcpdump (If it was - this would have been 'exploited' a long time ago)

http://pastebin.com/rBu4jDm8 [pastebin.com]

Not sure if the version of skype client is relevant (Maybe you just need to enable debug mode)

You could replace looking at the logfile with sniffing packets if they are in plain text (Which they probably shouldn't be)

I haven't tried this.

but .. (0)

Anonymous Coward | more than 2 years ago | (#39859963)

As we all know, Geo IPs can be dreadfully misleading. btw the site seems to be down. slashdotted. LOL

Cookies error? Why does it use cookies? (0)

Anonymous Coward | more than 2 years ago | (#39860131)

Why does this site use cookies? I use Chrome's whitelist for cookie permissions, and I got a "Cookies error" when I tried to visit the site. What possible legitimate use could this site have for using cookies? Note: advertisements are not legitimate

Re:Cookies error? Why does it use cookies? (1)

Ohrion (814105) | more than 2 years ago | (#39861193)

Some people LIKE to stay logged in.

Re:Cookies error? Why does it use cookies? (1)

maxwell demon (590494) | more than 2 years ago | (#39861961)

Some people LIKE to stay logged in.

But for that you only need to send a cookie when logging in. Because if you are not logged in, you cannot stay logged in anyway.

"LOL, Skype killed us." (2)

sirdude (578412) | more than 2 years ago | (#39860321)

"LOL, Skype killed us." is what I see when I visit the site. IP ban?

Re:"LOL, Skype killed us." (0)

Anonymous Coward | more than 2 years ago | (#39867375)

Skype didn't kill them... Slashdot did.

Warning||!!! (0)

Anonymous Coward | more than 2 years ago | (#39862341)

Your computer is currently broadcasting an IP address! :)

- cmon, am i really the first to post this? Mod funny pls

There is a solution (4, Interesting)

Technician (215283) | more than 2 years ago | (#39863413)

If you must hide your IP address, you can use one of many Skype/Sip gateways. SIP to SIP to the gateway then Skype to Skype from the gateway. Since Skype does not work well in Linus, I use SIP instead. SIP is P-P too, a SIP call will reveal my IP to a SIP caller. A Skype caller will only see the gateway.

There are several gateways. IPPI.fr is only a representative example.

You can Skype me in France anytime. I have never been to France.

http://www.ippi.com/ [ippi.com]

I don't use this to hide my IP address. I use it with an ATA so calls ring my phone, even when I'm not online. With their speed dialer, I can make Skype calls without turning on the computer.

I can be called by Google Voice, an INUM number, SIP, Skype, or IPKall number and any will ring my SIP phone, provide voice mail, caller ID, etc.

Analog Telephone Adapter (ATA) http://www.voip-info.org/wiki/view/Linksys+PAP2T [voip-info.org]

Good Luck (1)

nauseous (2239684) | more than 2 years ago | (#39865451)

Yea right. Can't get my identity :-). Must be Microsoft that owns Skype now..

Shutdown (1)

zerocool6900 (197286) | more than 2 years ago | (#39867589)

Of course this site is no longer active as the US Government now follows /.

"This domain and website have been suspended because of abuse or copyright reasons."

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>