Skype hack could have been delayed or prevented
The recent high-profile hacking of Skype could have been prevented – or at least delayed by better software protection says Russian copy protection software specialist StarForce Technologies.
Russian hacker Efin Bushmanov has cracked Skype’s protocol and data encryption mechanisms and made it publicly available for public. The cracking appears to have been achieved with a reverse-engineering method that is normally used for PC games and software cracking.
Liliya Volodina, StarForce Technologies marketing director, said: “He took Skype's client application, disassembled it and understood how the protocol and encryption work. It's not clear how much time it took but it seems that the hacker was working alone.”
Now he is recruiting other people holding the same views (say, other hackers) who, he says, ‘have enough time to finish the project.
Enough time is a loose concept and we can guess that he spent more than a year to disassemble the program when he worked alone. This is a good illustration of the fact that giving enough protection to a program's code may prevent its reverse-engineering for a long time, especially if the hacker doesn't know the basic principles of the protection.
There could be a tough times ahead for Skype. In addition to the fact that the company needs to fix program instability (in recent times it has crashed pretty often) it needs to rebuild the protocol and code protection. It has to make major changes if it doesn't want to face a new crack in short period of time. Documentation that has appeared over the internet will allow other hackers to circumvent protection much faster if the repairs are only cosmetic.
Generally, code protection can serve various purposes - not only protection of code from analysis. Code protection could be a protection against viruses which are able to modify program operations in real time. It could also be a protection against whole system penetration via a program's weak places and it can solve the issue of connection protocol security.
Traditionally program code protection has occupied only a tiny part of the IT security industry. People pay little attention to this matter and often omit it.
For example, it is hard to find a specialised exhibition or conference dedicated to this sector only. On the other hand, the subject of private data security is met on every corner.
We should consider the fact that protection of personal data starts from protection of a program that operates with such data. To make a hacker spend years understanding how a program works will build serious obstacles on the hacker's way to steal any data.
About StarForce Technologies
StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.
StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.