You may think Microsoft’s Skype is only used for contacting distant relatives or awkwardly interviewing for jobs, however, according to one cybersecurity firm, the software is also a popular communication method for English-language hackers and cybercriminals.
Flashpoint, a US enterprise security firm specialising in dark web analysis, this week (20 April) released a study called “An Analysis of Criminal Communications Strategies” that probed how hackers use mainstream services including WhatsApp, Skype, Jabber, Telegram and more.
Leroy Terrelonge, a threat intelligence analyst at Flashpoint, said the choices are determined by a combination of factors including ease of use, country/language and security or anonymity concerns. Since the Edward Snowden NSA leaks in 2013, users generally favour strong encryption.
“In 2016, Skype was still the leader among instant message services mentioned in English-language communities,” Terrelonge wrote in the paper.
“[However] numerous encrypted chat messengers such as Telegram, Wickr, and WhatsApp joined the ranks of the most discussed services,” he added.
On a global scale, the situation is more nuanced. The study used mentions of the services on underground communities monitored by Flashpoint to analyse a series of language groups including Russian, English, Spanish, French, Arabic, Chinese and Persian/Farsi.
Russian hackers, which the security firm described as “universally considered the most innovative and sophisticated actors in the cybercrime ecosystem” are one of the few groups deviating from the pattern, instead preferring to use Jabber and Telegram.
“This evidences a shift in user preferences towards messaging platforms that are more secure, provide better anonymity, and are either decentralised or otherwise make it difficult for law enforcement to access logs of user activity,” the report stated.
Iranian speakers were another interesting sample, with the research finding Telegram has become the “undisputed leader” in chat software used by the country. It listed many reasons, the most salient of which was the clampdown on chat applications by Iran’s government and police.
In China, the market is dominated by two applications, QQ and WeChat.
The reliance on these, almost exclusively despite feared government surveillance, suggests the Chinese underground is “relatively isolated” from other language communities, Flashpoint said.
And while competition – especially with the apps offering encryption – was clear, the security researchers concluded that for most people “Skype is King”.
The paper said criminals use it to spread expertise and to share “tips and tricks” that help them defeat security measures and evade detection. “Criminal communities provide a place for actors to collaborate,” the researchers asserted, noting the dark web also plays a major role in operations.
“Analysts observed that Skype is by far the most frequently mentioned messenger across the language communities in this study,” wrote Terrelonge, adding: “Microsoft’s bundling of Skype with its devices has likely played a large role in the application’s popularity.”
He added: “Skype was among the top five messengers in all of the language groups, and only in the French, Persian, and Chinese language communities did Skype not constitute a significant share of the most mentioned messengers.”
The research suggested future cybercriminals will lean towards applications and software that is bolstered by end-to-end encryption. Pushing this is ever-increasing coverage of surveillance, intelligence agency spying and the fact no service is considered 100% secure.
Ultimately, it remains unclear why so many cybercriminals would choose to use Skype to chat. In 2014, it was revealed the service had been totally compromised by the US National Security Agency (NSA), which allegedly had “full access” to targeted communications sent via the software.