British intelligence agency, the Government Communications Headquarters (GCHQ), appears to be able to intercept most functions of Microsoft's Skype voice and messaging application, according to documents leaked by Edward Snowden.
Published by The Intercept, the documents state that the GHCQ's Joint Threat Research Intelligence Group (JTRIG) has made it possible for government agencies to surveil Skype communications in real-time without users of the application being aware of it taking place.
“Active Skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO)
- JTRIG document
Microsoft has previously stated that it "will not provide governments with direct or unfettered access to customer data or encryption keys", but will comply with valid legal requests for specific user account information.
The leaked documents do not reveal how JTRIG achieved its claimed Skype interception capability, nor did it say if it has been used or how often.
Beyond Skype monitoring, JTRIG also appears to have assembled tools to manipulate online polls, access private Facebook photos and send mass emails with spoofed sender addresses. It can also engage in SMS flooding, lock people out of their computers and several other measures otherwise considered to be abusive and potentially illegal.
The leaked documents are marked as being protected by Crown copyright from 2008, indicating that the GCHQ has had the ability to monitor communications and to disrupt internet activities for many years.
In the documents, JTRIG exhorted other agencies to involve the group early in operations. The tools listed in the Wiki-style document are all ready to "fire" or are close to be used, and JTRIG said if a certain capability is missing, it could build it for the agency requesting it.
Errata Security analyst Robert Graham commented on the list of JTRIG tools, saying it wouldn't take long for an average skilled person to put them together.
"Few of these projects require more than a couple lines of code, or would take an average hacker more than a weekend to accomplish," Graham wrote.
Graham says that some of the bigger projects simply leverage existing large open source ones to potentially deliver scary results.
He adds that while many people incorrectly believe intelligence agencies are ahead on technology, their real advantage over anyone else is that they have access to secret information.
Intelligence agencies also operate with brute force, being able to spend large amounts of money on each project, such as the XKEYSCORE program utilised by Australian spies. Graham described XKEYSCORE as basic packet-sniffing technology - only scary because it is spread out over the internet in thousands of places, on fibre-optic cables, or in data centres in hostile countries.
In February this year, documents leaked by Snowden showed that JTRIG had launched denial of service attacks against Internet Relay Chat (IRC) networks used by the Anonymous hacktivist collective, to disrupt the group's planning.
Until then there had been no firm evidence of Western governments utilising DoS attacks against political and other targets on the internet.
DoS attacks are illegal in many jurisdictions, but the GCHQ continues to insist that its activities are carried out in accordance with a strict legal and policy framework and subject to parliamentary oversight.
Claims by the spy agency that its operations are known and sanctioned by Parliament were disputed last year by former Liberal Democract MP Chris Huhne, who told the Guardian that the cabinet were not informed of the large-scale Tempora fibre-optic wiretapping program and other surveillance activities.