Swiss Police: Meticulous — and Over the Top

Stop Swiss Police Using Trojans for VoIP Tapping!

Schneier on Security reports that the so polite and clean and neutral Swiss are thinking about it: to break the law and hack into your systems to make YOU a criminal.

Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.

VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.

This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force — not easy during a three-minute phone call. What’s more, many VoIP services are not based in Switzerland, so the authorities don’t have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.

The only alternative is to find a means of listening in at a point before the data is encrypted.

[…]

In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.

The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.