Intersections’ Consumer Security Adviser Neal O’Farrell shares some security insights into the popular Internet phone service,Skype. Let the caller beware!

If, like me, you’re one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.

Researchers at universities in New York, France, and Germany plan to publish a paper called “I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.

The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.

Here’s just an example of some of those risks:

• When person A calls person B using VoIP, person A is able to determine person B’s IP address, and perhaps even their location and the name of their ISP.

• Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know – there’s no ringing or pop-up window.

• An attacker can make some of these attacks even when they’re not on the other user’s contact list and even when they’ve been blocked from that user’s list.

• By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.

• Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.

In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user’s daily activities even if the user had not turned on Skype for 72 hours.

According to their press release “In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. ‘If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.’”

The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.

Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites – because it’s where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.

And apparently it’s not just Skype that’s vulnerable but many other VOIP services. The authors of the report claim that “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell shares 10 very important tips that could help keep your personal and employment information out of the hands of cyber spies. Read on!

Could corporate spies be stalking you?

It’s been more than thirty years ago since I followed a surge in corporate spying in Ireland, where corporate thieves were being paid small fortunes to steal data from businesses, tap telephones, and even break into offices.

Fast forward thirty years and while the game remains the same, the players and tools have changed. And there’s clear evidence over the last few years that criminals, corporations, and governments around the world are targeting employees who may be careless with what they say or how they guard corporate secrets.

In a recent story in the Washington Post, business travelers heading to China were warned not to bring with them anything that might give competitors a competitive advantage. The Post warned that China, Russia, Israel and even France were hotbeds for corporate espionage, in many cases sanctioned by their own governments in an effort to give home-grown companies a competitive or technical advantage.

According to the Post “Travelers there often tote disposable cell phones and loaner laptops stripped of sensitive data. Some U.S. officials take no electronic gear. And a few corporate executives detour to Australia rather than risk talking business in a bugged Chinese hotel room.”

Corporate and personal data are the new world currency and the thieves will stop at nothing to get their hands on whatever data you’re carrying. As far as thieves are concerned, everyone has as story worth telling and data worth stealing. If they can’t use it themselves, they can still make money selling it to someone else.

And there have even been reports of governments placing bounties on the laptops of senior executives of a long list of companies, paying handsomely for any who steals and turns over these laptops.

The risks are two-fold: that in an effort to steal company data from you while you’re travelling, the thieves end up with your personal information and identity; and you become the unwitting backdoor through which corporate spies steal invaluable data that could do serious damage to the company you work for.

American identities are considered especially valuable on the black market because, in spite of the recession and credit crunch, it’s still relatively easy to access credit lines quickly if you have the basic identity information of the victim.

Here are ten ways you can protect your personal and employer information from the sticky fingers of cyber spies.

1. Travel “data light.” Take as little sensitive information with you, both corporate and personal. It means less for you to guard and worry about, and less harm if you fall victim.

2. Encrypt everything. Encryption is the best and easiest way to protect data that has been lost, stolen, or accessed by malware. Without the proper key the data is useless to the thief.

3. Watch your laptop like a hawk and turn your back on it down for a moment.

4. Think twice about using free Wi-Fi networks when travelling, and especially at conference venues and your hotel room.

5. Avoid bringing thumb drives with you or transferring information from your laptop to thumb drive when travelling.

6. Treat your smart phone like it’s a laptop and take as many precautions as possible. Store as little information as possible on it, use the password locking feature, and don’t leave it lying around.

7. Make sure you make regular online backups of everything that’s on your laptop and phone. If they’re lost or stolen, at least you’ll still have an accessible copy.

8. Practice safe computing. A common way to steal data and breach security is to target busy employees with emails, text messages, and Facebook messages that hide dangerous Trojans and other malware. Always be vigilant when clicking on any link or opening any attachment, but give everything double scrutiny and skepticism when you’re travelling.

9. Don’t leave files or data storage devices in your hotel room. Carry everything with you, even if it’s a little inconvenient.

10. Consider using a laptop or smartphone tracking system. It can help locate a lost or stolen device.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.