January 25, 2016

Ne’er-do-wells have long abused a feature in Skype to glean the Internet address of other users. Indeed, many shady online services that can be hired to launch attacks aimed at knocking users offline bundle so-called “Skype resolvers” that let customers find a target’s last known location online. At long last, Microsoft says its latest version of Skype will hide user Internet addresses by default.

“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users,” Microsoft’s Skype team wrote in a blog post about the latest version, v. 7.0.18.109 for most users. “This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.”

A Skype resolver service in action.

A Skype resolver service in action.

Typically, these Skype resolvers are offered in tandem with “booter” or “stresser” services, online attack tools-for-hire than can be rented to launch denial-of-service attacks (most often against online gamers). The idea being that if you want to knock someone offline but you don’t know their Internet address, you can simply search on Skype to see if they have an account, and then use the resolvers to locate their IP. Thus far, the resolvers have worked regardless of any privacy settings the target user may have selected within the Skype program’s configuration panel.

Redmond purchased Skype in 2011, and since then has changed many features of the peer-to-peer (P2P), voice-over-IP and messaging service, which now comes bundled with Windows 10. But it hasn’t heretofore changed the core P2P component of Skype, a feature that acts much like popular file-sharing applications in that it dynamically routes bandwith-intensive tasks that would otherwise need to be handled by centralized servers. However, this flexibility and scalability comes at a cost: The IP address of every user must be shared across the Skype network so that individual users can talk and connect directly to one another.

It remains unclear what tweaks Microsoft made to achieve this result, and whether this fix will remain effective. This isn’t the first time Microsoft has promised to put a stop to IP address leaks in Skype: In May 2013, Microsoft released a beta version of Skype that was designed to mitigate the issue, but booter service operators quickly figured out ways around the new protections.


34 thoughts on “Skype Now Hides Your Internet Address

  1. Huh?

    Pros and Cons to this, good guy OSINT will be limited as well

    1. Brian

      They should just leave the loophole open so the “good guys” can do their “open source intelligence”?

      1. Edward

        same argument for building backdoors to cryptograpy that is only open to governments and law enforcement

    2. CooloutAC

      They do more harm and then good, and imo it should be against the law.

  2. Alex

    Looks like skiddies/booter nerds will be forced to find something else to make themselves look gangster on the interwebs. Still downsides to this though.

  3. Jonathan Jaffe

    the barn door has swung closed and that is good. Unfortunately the last update is causing Skype to crash about every 10 minutes (call or not) and that is bad.

    We’re looking for something else!

    Jonathan @NC3mobi

  4. Mike

    This is just an on-the-surface move that only “looks” like something good. It might give pause to the lesser kiddies but it does not change the fact that one machine/device connects to another. Since nothing goes online without an IP, there is still an IP to be seen. It might not be so upfront, but it’s still there. The more likely reason for going this route is the cloud. Since more and more things are being transferred away from the local machine and moved into a cloud server, the point to certain things changes. Skype is part of Windows now. That one fact changes the attack surface. Who needs a Skype resolver anymore?

    Besides, with Shodan……nothing is truly hidden.

    1. Tim

      You certainly still have an IP address to attack, but previously you could pull anyone’s IP address by only knowing their Skype handle, without being on their contact list, and having no way to stop it. That’s pretty awful and changing it is certainly a good thing – I don’t know if you could see someone’s IP if you are in a call with them, but I assume you could. But you would have a much harder time convincing an opponent that they want to get in a chat with you…

    2. Todd

      Nothing in your comment makes any sense.

      Shodan is irrelevant. And are you suggesting script kiddies will now have to compromise Microsoft’s servers to get IPs, as if that’s trivial?

      What is likely true is that if you add someone as a contact on Skype and start a call with them, you can still probably get their IP. But you can’t get just anyone’s IP simply by knowing their username anymore.

      1. Mike

        “And are you suggesting script kiddies will now have to compromise Microsoft’s servers to get IPs…”

        I said (or suggested) no such thing. I’m not sure where you’re getting that from.

        Back in the days when Yahoo had their heyday of ‘instant messaging’ (before iphones and other smart phones ended it all), it was nothing to get someone to engage in text conversation as a one-on-one thing through the messanger. This happened alot when in their chat rooms. This was often done simply to obtain the IP of other users since this process was actually connecting two machines across the net. A simple netstat was really all that was needed. Most people never knew anything about what was going on.

        Part of what I said was that the IP addresses are not going to be so obvious and up-front anymore so they will require just a little more effort. So the lesser skilled kiddies get dropped off. But there is STILL an IP to be seen. A would-be hacker/attacker/badguy just has to work a little harder to reach his goal.

        It sounds to me like your making this thing out to be so much more than it really is.

  5. Anonymous

    I wonder if there’s any link between the people behind these services and the occasional spambot requests on accounts that few people have.

    1. JCitizen

      The Skype console just seems like a den of thieves anytime I’m using it. That is why I limit its use to short sessions of only necessary communication, and then shut it all down.

  6. George G

    The latest version I just downloaded was 7.18.85.109, not 7.0.18.109.

  7. Michael Elling

    Jonathan @NC3mobi I was watching State of the Internet streams from DC today. Because of snowstorm a number of speakers were “skyping in” and they were having problems maintaining connections. How ironic if the change was the cause.

  8. JCitizen

    It takes a really good hardware and also a software firewall to block attacks coming in from Skype! At least that was the way it used to be. I once got an incoming alert from Comodo that I was under attack and to shut down my internet connection before that function failed to block them. I did just that, and reviewed the logs offline to see what was up, and of course the IP was just the last tier 1 backbone before entering my neck of the woods. I called the manager of that node, and complained, just so they’d know it was going on, but of course it isn’t his job to protect everyone from anything like that.

    Since then, I’ve learned to turn Skype on just as long as it required me to use it then quit the application immediately afterward. It seems like the only fairly safe way to use this service!

  9. tor

    If you’re not using Tor, you can’t hide IP address forever.

  10. j

    Nice excuse for Microsoft to route traffic by default through its servers.

  11. IA Eng

    I do not use Skype. Never cared to.

    So, having a conversation with some one via Skype and using the good ole dos commands

    netstat -abn (or other combinations) will not work?

    Just because they hide it from view means its probably still there some where.

    Give a crook a reason and a little motivation to use uncharted time and they will figure out a way.

  12. CooloutAC

    I banned my family from using this service years ago on our network. I’ve also banned them from using teamspeak back then and preferred the use of ventrilo for their gaming. Besides the fact ventrilo for me at the time used less resources and bandwidth and never had weird issues, Teamspeak was always another den of thieves to me as well. I was reminded of this when getting back into gaming a couple years ago and using ts3 with people online for a while. What a scary nightmare. I would talk about some of the issues i had with it to other gamers and the admins and they would just think i was paranoid and crazy. Now ventrilo is rarely used and teamspeak, skype along with mumble are the most popular.

    I’ve always felt one of the things that determine which service is most exploited and attacked has alot to do with how free or public or easy to access it is., which relates to how popular. And of course how bloated it is.

    I also feel like nowadays, there is nothing but disinformation online. Safer products and practices are actually discouraged and deemed unsafe, or deemed useless and unescessary. I feel its because the biggest voices on the internet now are either cyber thieves, spammers, peeping toms, or government spies. Or the so called “good guy security researchers” who i actually place in one of the former categories and consider just as bad. Because none of them really want society using safer programs or best practices because it would impede on their fun or their agenda. They have all made the digital world a more hostile place whether that was their intention or not.

    The so called “experts” that constantly repeat rhetoric like there is no one size fits all” or telling people to secure themselves based on their “threat model” is a cop out and makes me cringe every time i hear it. The computer security industry is an abysmal failure, because they consider exploiting people = computer security, or they still just want to always blame the user. It almost feels like the wolves or incompetent sheep are guarding the hen house.

    Although, I still think one of the main issues that even the so called “experts” still don’t realize, is that the digital world has to be treated with the same respect and morals that are in the physical world. There are no victimless crimes and the the two are just extensions of each other. Society is affected in the same way. No matter what safeguards are put in hardware or software there will always be bugs till the end of time. The main thing that has to change is peoples minds. This industry’s philosophies are so twisted, arrogant, and fake, that i don’t see anything getting better in the future since this is what the newer generations are being taught.

    I don’t blame the epidemic we live in on “more complicated systems”. I blame it on the fact the internet is more popular, people are more twisted and corporations are less responsible. The real virus are the people who have taken over or infiltrated all the internet and computer communities of the world for the worse. I miss the 95-2005 decade and some of the amazing communities that no longer exist. The nerd circles back then, while still very arrogant, were at least generally safer and more educating, while at the same time the internet and computers were way more free and limitless. Something the newer generations will not get to experience now.

    1. Jonathan Jaffe

      CooloutAC:
      > were at least generally safer and
      > more educating, while at the same
      > time the internet and computers
      > were way more free and limitless.

      Hit that one dead-center brother.

      Jonathan @NC3mobi

  13. Randy

    And how are you going to get that cash? From an ATM? with a card?

    It’s the Circle of Life!

    1. Randy

      That was weird. My comment on another story ended up here. I think this has been hacked.

  14. test0r

    The usual way worked through udp requests but not the one I have.

    The last people who know about the relay search will hopefully not share anything because some people really can’t stop with that stressing jokes.

    However, a resolver can really be usefull in some cases.

  15. Lloyd

    Skype resolvers have indefinitely been around for years, the “Only allow direct connections to your contacts” blocked Skype resolvers. This feature was present from 6.0 (BETA) onwards.

    This “Skype resolving” was achieved through using de obfuscated versions of Skype which output logs (a registry value had to be change to do so, if it was the obfuscated version of Skype the logs would be encrypted) in plaintext. You’d have to make a “direct connection” to the user you’re wanting to “resolve”. To do so, people would just get up a contact information box about their Skype username, which is better than making a call/sending a message etc. Their IP would then be in this log file, then viola. Skype’s feature of the direct contacts option meant resolvers would get Microsoft IP addresses, which was bad for them.

    This will do good, yes, but again this takes away the peer to peer aspect of Skype in some sense – which isn’t good. When the “Only allow direct connections to your contacts” features came out from Skype they ditched peer-to-peer supernodes too.

    Is this Skype fronting something as being good; but is doing quite the opposite by driving us all through their nodes?

  16. optout

    It’s [Skype] a proprietary program. While they say it now hides your IP, what information about your system does it collect?

    Remember, it’s One Microsoft Way.

  17. good security cameras for home

    I think that is one of the so much significant information for me.
    And i’m happy studying your article. However should statement on few general
    things, The site taste is perfect, the articles is actually great : D.
    Just right process, cheers

Comments are closed.