Hacked Skype IP Address Search Shows Who's Speaking From Where

mask.of.sanity writes "An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information."

Service temporary unavailable.

[devilsdean]

That was quick

Re:

[Eponymous Hero]

looking at the message history, quotes like "Service is down again: skype strikes back" imply that skype is doing something to protect their users' privacy. at the least it proves that Ivan thinks so.

Hmmm.

[BrokenHalo]

What strikes me as a bit sick (or at least sad) is that anyone might feel this project is a good use of their time. I can think of no reason why a skype user need be legitimately stalked in this way except for purposes of law enforcement, and those authorities already have resources at their disposal.

Re:

[Anonymous Coward]

Because without people like this guy, who is probing for weaknesses and making some noise about them, you rely on a security model of 'security through obscurity', and we all know that only idiots think that's real security.

Re:

[hobarrera]

Because this sort of project proves how flawed skype's so-called security model is in the first place.
It's yet one more thing you can point at when listing skype's defects.

not surprising

[v1]

Can be done very simply with a little bit of tcpdump. they're just sniffing network traffic from the machine to reveal information that skype doesn't normally display.

They make it sound like it's some awesome service hacking app when it's just displaying information the client app is just choosing not to show you.

Does this really surprise anyone? Skype directly connects you to another user. Their servers aren't a relay, they're just a meeting point to hook users together. Both users' computers simply have to have the IP address of the other person for their service to function. (though I could see them relaying just text traffic, but certainly not audio/video)

Re:

[plover]

Why? Anonymity is not a property they promise to deliver.

Re:

[hobarrera]

Because in this case, it means privacy (it divulges to third party my location), and in some cases, security (ir no-one knows your IP, I guess you're pretty safe from any sort of attack).

Re:

[Dan541]

Its a peer 2 peer network. Why would you expect any form of anonymity?

Skype was never designed to be Tor

Re:

[hobarrera]

They certainly don't advertise it as a p2p network, rather as a "free internet phonecalls" service.

Re:

[Dan541]

Why would they need to, nobody outside of /. cares about any of the technical specifications.

Re:

[hobarrera]

Its a peer 2 peer network. Why would you expect any form of anonymity?

Let me rephrase:

"People would not expect a lack of anonymity asociated with p2p networks because skype is not advertised as a p2p network, rather as a "free internet phonecalls" service."

Re:

[Dan541]

So where is the expectation to privacy? People don't complain about their normal phone being traceable, why would this be an issue?

Re:

[Dan541]

Also skype has never been marketed as an Anonymous communications channel.

Re:

[hobarrera]

You're just trolling, right?
Users don't expect strangers to be able to track down sensitive data such as their IP address by using the service, it's generally implicit. Most IM/VoIP don't advertise this sort of feature; it's implicit.

Re:

[Dan541]

Websites don't advertise that they can see your IP address either. Let alone other information such as you browser and Operating System. You IP isn't "sensitive data" it's used for routing data on the internet. If you don't want anyone to know it then don't connect to them or use a service that is designed for anonymity..

Re:

[hobarrera]

So when you use any IM service, it's, in your opinion, normal for any random stranger to be able to deterine your IP address, even those totally unrelated to the service providers?

I think it isn't. And skype is the only one (save for IRC) with a hole like this.

Re:

[Dan541]

It's not a security hole. It's how the internet functions.

Skype isn't intended to be anonymous, if you want total anonymoity you need to use a VPN. That's true for everything you do online don't assume its anonymous just because the client doesn't show that information.

Re:

[hobarrera]

XMPP (by far, the most used IM client) doesn't expose you IP address to other users, unless you do a video/voice chat, in which case, it's inevitable.
Why would I except less for a closed service which has payed features?

Re:

[Dan541]

Because XMPP uses a client-server topology, whereas Skype is a Peer to Peer network and therefore clients make direct connections to one another.

Re:

[KhabaLox]

Websites don't advertise that they can see your IP address either.

Actually, I've had several websites warn me that my IP address was being broadcast*.

*Not technically true, I know.

Re:

[Talennor]

I'm sure you could run your skype traffic through TOR. Not sure the quality of service you'd get... (Ok, I'm sure, and it's not looking good.)

Re:

[plover]

What makes you think that Skype wants or needs to preserve anonymity? Consider that you are contacting Skype yourself and saying "This is Joe Sixpack. Please connect me to J. Random Hacker at +1-123-456-7890. And yes, I understand my information is on file so you can bill me for this call." You're already not anonymous.

Re:

[hobarrera]

Not anonymous from them, but you'd expect third parties no to be able to trace you down through them.

Re:

[garaged]

And what it is so important about a skype call that needs that kind of security? I've been chatting on IRC for almos 2 decades and ip info has never been an issue

Re:not surprising

[Anonymous Coward]

Actually, the service works by sending the owner of the username a contact-info request (used for instance while searching for users to add to your contact list). The difference from what you mentions is that the target is not notified in any way (as opposed from when sending them a message or calling them), and also have no option to block the request.

Re:

[Lumpy]

Um. no.

Skype DOES use relay servers when there is no ports open on the firewall that a user is behind. It's why skype works all the time and raw VoIP can not without opening ports.

Re:not surprising

[Anonymous Coward]

The servers are used to facilitate UDP Hole Punching. Once the NAT/Firewall has been bypassed the communicate is direct.

http://en.wikipedia.org/wiki/UDP_hole_punching

Re:

[w.hamra1987]

Actually, Skype DOES use relaying. I use skype from behind a NAT, and so do most of my contacts, we're all inaccessible through our external IP addresses, and sometimes, me and my contact are from the same ISP, and hence behind the same NAT, sharing same external IP address. why it works? because our communication goes through skype servers!

Re:not surprising

[Talennor]

http://en.wikipedia.org/wiki/NAT_traversal [wikipedia.org]

Skype servers help make the connection, but aren't involved in the data stream.

Re:

[lindi]

It works easily. See e.g.  http://www.usenix.org/event/usenix05/tech/general/full_papers/ford/ford_html/

Re:not surprising

[s_p_oneil]

"Can be done very simply with a little bit of tcpdump."

Um, no. Not even close. This is a web site that can find any Skype user in the world by their Skype username. No one (not even the web server) needs to have Skype installed to use this, and no packet sniffing is being done. Since the encryption used for Skype's TCP connections starts with a Diffie-Hellman key exchange, a tcpdump would be pretty useless. Sure you could see your own Skype client talking to 100 different IP addresses, but you wouldn't have any idea who was at the other end of them, and you would have no way of sniffing the packets of every Skype user world-wide.

I agree that this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

Re:

[Zaphod The 42nd]

this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

QFT. I remember reading about the potential security exploits of skype some 5 years ago. If you speak skype to a node, it'll be happy to handle your requests with almost zero authentication, and it doesn't log it either. So you could extremely easily turn someone's skype box into a zombie to route your nefarious actions through. They'd have no clue you were doing it, no proof you did, and all evidence would show their IP was responsible. Perfect scapegoats.

I would say its trivial

[mehrotra.akash]

Infact, its likely that most people reading this comment would be able to do this in lass than a minute

Re:

[mehrotra.akash]

* less than a minute

Re:

[olsmeister]

Not if the service worked the way it should. While actual calls should be done peer-to-peer, things like requests for information, call setup/teardown, etc should be handled by Skype's servers, not exposing the IP of another user until a call has been established.

Either that, or just dial *67 first...

Article is ambiguous!

[InvisibleClergy]

The article says you just need to enter their skype username - does this mean that it works for even people who are offline? I know that I have at least one or two pseudonyms I've used for voice-chat while playing vidya games. If it does work for offline people, that would mean Skype is keeping logs of most-recent IP addresses.

Service seems to be down right now, so there's no way for me to test it.

Yay

[jmDev]

Now I can have even more people tell me that they have my IP address and they know someone that can hack me!

Article summary author IP

[Ziekheid]

Is it me or did the person who wrote the summary of this article accidentally include his IP when linking to the portal page?

Re:

[slimjim8094]

Not just you. 216.34.181.45

Wow.

Re:

[cdrudge]

According to my source [hostip.info], that IP traces back to a railroad track [binged.it]. Better call Steven Seagal to investigate [imdb.com].

Re:

[Anonymous Coward]

Actually that IP points to slashdot.org, according to whois.

Re:

[Toad-san]

And has anyone else noticed that the "portal" (well, the link anyway) is down?

http://skype-ip-finder.tk/abused#66677:43676:216.34.181.45:/ [skype-ip-finder.tk]

"Thank you for visiting

SKYPE-IP-FINDER.TK

This domain and website have been suspended because of abuse or copyright reasons."

ISP location is not your location

[dwillden]

Wow so they think they can determine your location via your IP address and the ISP location. My ISP is HQ'd in or near Denver CO, I live in Utah, all the web-ads that try to target my location target me as being in Denver. So hack away, you'll still be hundreds of miles off, based solely on my IP.

Re:

[Anonymous Coward]

Thank you sir for that info... We will be making adjustments to our database to compensate for the error.

Re:

[laffer1]

This really depends on your ISP and package. As I have a business class package with static IPs and Comcast delegates them via ARIN, one can see my home address via my IP address.

Not New, But Pretty Cool

[cryptizard]

I saw this presented about a year ago at a security talk. If I recall correctly they were getting IP addresses by initiating a call but then terminating it before some threshold where the other party was actually notified, so it was invisible to the people they were tracking. The cooler part in my opinion was how they showed that something like 80% of people could be located on Skype (in the directory) based on information in their Facebook or LinkedIn profiles, allowing for targeted tracking of people. They also had some more advanced geo IP stuff to the point where they could get really good location results. The example they had was a woman in Florida where they could track her whole week's routine i.e. at work at 9:00, home by 5:00, where she goes to lunch, when she is visiting her grandmother in the next town. It is especially effective against people who are logged into Skype on their smart phones. Arguably the even cooler part was where they showed that they could track the entire population of a small country with something like $20,000 in computer hardware. As obvious as the nefarious applications of this are, it could also be pretty useful for tracking large scale movement for stuff like city planning.

Don't be hasty about trying this

[93 Escort Wagon]

At least if you're a Skype user. It sounds like Skype is banning anyone who's logged in from the same IP address they're running this tool on.

Re:

[ilsaloving]

Really??

Great! Now we just have to figure out how to convince all those stupid "I found you online and thought you looked cool!" Skype Bots to connect to that address!

Re:

[Anonymous Coward]

That's precious. We have a potential privacy issue, and if the blackhats without skype accounts do it, well, nothing we can do about that. But if you dare research it yourself, we'll shitcan your account. Don't you know it's wrong to be curious!

Pretty easy to roll your own.....

[trancemission]

Although not quite as easy as just firing up tcpdump (If it was - this would have been 'exploited' a long time ago)

http://pastebin.com/rBu4jDm8 [pastebin.com]

Not sure if the version of skype client is relevant (Maybe you just need to enable debug mode)

You could replace looking at the logfile with sniffing packets if they are in plain text (Which they probably shouldn't be)

I haven't tried this.

Skype replaces P2P supernodes with Linux boxes

[readandburn]

http://arstechnica.com/business/news/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft.ars [arstechnica.com]

Re:

[Ohrion]

Some people LIKE to stay logged in.

Re:

[maxwell demon]

Some people LIKE to stay logged in.

But for that you only need to send a cookie when logging in. Because if you are not logged in, you cannot stay logged in anyway.

"LOL, Skype killed us."

[sirdude]

"LOL, Skype killed us." is what I see when I visit the site. IP ban?

There is a solution

[Technician]

If you must hide your IP address, you can use one of many Skype/Sip gateways. SIP to SIP to the gateway then Skype to Skype from the gateway. Since Skype does not work well in Linus, I use SIP instead. SIP is P-P too, a SIP call will reveal my IP to a SIP caller. A Skype caller will only see the gateway.

There are several gateways. IPPI.fr is only a representative example.

You can Skype me in France anytime. I have never been to France.

http://www.ippi.com/ [ippi.com]

I don't use this to hide my IP address. I use it with an ATA so calls ring my phone, even when I'm not online. With their speed dialer, I can make Skype calls without turning on the computer.

I can be called by Google Voice, an INUM number, SIP, Skype, or IPKall number and any will ring my SIP phone, provide voice mail, caller ID, etc.

Analog Telephone Adapter (ATA) http://www.voip-info.org/wiki/view/Linksys+PAP2T [voip-info.org]

Shutdown

[zerocool6900]

Of course this site is no longer active as the US Government now follows /.

"This domain and website have been suspended because of abuse or copyright reasons."