When Nart Villeneuve couldn't remember the password to his Chinese MySpace page, the industrious Canadian hacker began examining China's version of Skype, and in the process, unlocked the inner workings of an Internet surveillance network tracking thousands of political activists in the world's most populous nation.
From his tiny research lab at the University of Toronto, Mr. Villeneuve uncovered a system of servers containing the archived communications and personal information of thousands of dissidents and ordinary citizens using the popular online messaging service Skype.
"You can see that they've been tracking people who have been using Skype as a platform to promote freedom of expression and to criticize the communist party in China," Mr. Villeneuve said.
"We don't know who they gave access to those logs."
Researchers say more than 30,000 state-employed
watchdogs keep a close eye on all Web traffic flowing in and out of China.
During the Beijing Olympics, Chinese officials faced harsh criticism for
restricting online access for foreign journalists, shuttering them behind the
"Great Firewall of China."
Mr. Villeneuve was working at the U of T's Citizen Lab -
a research group that tracks how countries engage in censorship and surveillance
on the Internet - and turned his attention to China.
When he couldn't remember the password to his Chinese
MySpace account he decided to take a look at Skype.
(Skype is a free communications tool whose software
allows users to carry on voice or text conversations over the Internet. In
China, eBay is a minority partner in TOM-Skype, a joint venture with a Chinese
Using a TOM-Skype account on one computer and a regular
Skype account on a nearby laptop, Mr. Villeneuve would type a word into one
computer and see if the other computer received the message, to see what
information would be filtered out by the service's censorship tools. When he
typed in a common four-letter expletive and hit send, it didn't show up on the
other computer. But he noticed something else.
Mr. Villeneuve was also running a program called
Wireshark, which monitors the information packets being sent through a
computer's network card - think of it as putting a phone wiretap on Internet
data. Whenever he punched in that swear word, the TOM-Skype software would
intercept the data and transmit it to another server.
Someone was spying on him and creating a record of his
He quickly discovered the messages were flowing to eight
servers that, upon closer inspection, were found to contain 166,766 censored
messages from 44,254 users, as well as their personal information.
When he started combing through the data, patterns began
to emerge. Messages containing phrases such as "Taiwan independence," "Falun
Gong," and "Tiananmen Square" were common.
After he contacted Skype on Wednesday to inform them of
the breach, the company moved quickly to plug the holes in the TOM-Skype
servers, Mr. Villeneuve said.
"TOM, like every other communications service provider
operating in China, has an obligation to be compliant if they are to be able to
operate in China at all," Skype president Josh Silverman wrote in an apology to
users that was posted on the company's website.
Mr. Villeneuve admits that there is no way to know if
the Chinese government ever saw the contents of the TOM-Skype servers, but he
hopes that his research encourages companies to think twice about the
human-rights impact of their business decisions when entering the Chinese
"Just because a company has a good brand reputation
outside of a repressive country, that doesn't mean that they're not going to
hand over your information when asked," he said.
A group of computer security experts say the Chinese
partner of the Skype online text messaging service has spied on Skype users in
Number of captured messages containing sensitive
Voice of America
Quit the party
KATHRYN TAM/THE GLOBE AND MAIL
SOURCE: CITIZEN LAB