Skype and Data Exfiltration

Few software packages have been as controversial, yet as ubiquitous as Skype. A common question on the Internet is whether Skype is safe for business. Skype makes extensive use of encryption. Encrypting traffic prevents intrusion detection systems and firewalls from inspecting the contents of the traffic. Therefore, an adversary can use Skype or traffic that simply resembles Skype traffic as the communication channel to exfiltrate a large amount of data off a network that permits Skype. Historically, miscreants have used and exploited Skype as a channel for a variety of nefarious purposes including data exfiltration. Microsoft has been active in addressing these abuses, but the overarching concern remains that Skype uses closed encryption in a highly distributed peer-to-peer network. Through the examination of prior research and utilization of tools and experimental observations, network operators can make the appropriate determination regarding the suitability of Skype for their own organizations.