These days Instant Messengers (IMs) cannot surprise anybody. They are widely
used by people with access to the Internet, by people of any age, gender and occupation.
You can exchange jokes with your friends via your IM, discuss business questions
with your colleagues, support your customers, make a date with your girlfriend,
and even to propose marriage through your favorite messenger. An important question
arises immediately - How secure is all this communication? Are you and your recipient
the only ones who can see your conversation? Can anybody else access your history
which is probably confidential, especially when it comes to business and personal
matters? Can any malicious user or your boss or your parent learn your secrets?
The answer is, of course, yes, as it is expected. This article is devoted to
your IM history security questions and addressed the following issues:
- Can anybody else view your message history?
- How is it possible?
- Is it possible to prevent such undesirable access?
- How can you minimize this risk?
All these issues will be examined against probably the most popular Instant Messenger
- ICQ. However, keep in mind that other popular messengers are very similar in all
what is connected with message history.
We hope that this article will help you to keep all your secrets confidential.
Can anybody except me view my ICQ message history?
Yes. Are you surprised? If you are not a novice with local networks and the Internet,
you probably know about an amazing amount of different ways used by malicious users
to get unauthorized access to resources of interest to them. The list includes such
methods as keylogging, password cracking or collating, viruses distributing, DOS-attacks,
using holes in operating system or popular soft like MS Outlook and MS Word, getting
access with your help while you are opening a love letter, funny flash or pif-file
sent you via mail, and, finally, social engineering.
So it comes as no surprise that your message history is under a security threat.
Why?
- By default the message history IS stored, so it is accessible
by anyone who has access to the corresponding message file
- The ICQ history file IS NOT crypted, so it will not take
a lot of time to extract the history from the history file. If you use ICQ 200*
(e.g. ICQ 2001 or ICQ 2003b), you might have taken a look at your history file
(which is either .idx or .fpt file) and discovered that it is hardly readable.
Does it calm you? You may be probably thinking: this is a binary file, and,
in order to get my history, one should certainly run ICQ and enter my password,
but my password is secure, so my history is safe as long as nobody knows my
password. The bitter truth is that
- it IS NOT at all required to know your password to extract
the message history from your ICQ database. Moreover, new versions of ICQ store
the history in XML files which are practically the same as plain text files
and can be read with just the naked eye.
How is it possible?
Belkasoft has a number of tools that allow you to extract ICQ (as well as other
messengers') history from ICQ database. All ICQ versions starting 99b and up to
ICQ 5 are supported. These tools do not ask you for the password since, as it is
said in the point 2, ICQ history is not crypted. The only thing which is required
in order to extract ICQ history is 'read' access to the corresponding ICQ history
file. As long as a malicious user has such access, he or she could read all your
history.
But ever when no one has access to you history file, there are still a number of
ways to get access to your history. One of such ways is by using an ICQ network
packages spy programs, so-called 'sniffers'. You can find a lot of such programs
in Google just having entered 'ICQ sniffer'. With the help of such a program, a
malicious user can intercept all conversations of all users that are in the same
local network (it is not a fully correct statement, but, roughly speaking, it is
true).
Is it possible to prevent undesirable access to your history?
The answer is NO with no surprise again. You can set strict
security rights to your history file, e.g. set full control rights for only your
account and no rights to anybody else. But, please, keep in mind that the local
administrator of your computer, as well as your network domain administrator, can
simply take ownership of a such file and grant themselves required rights. So, any
user that has (or illegally obtains) administrator rights, has access to your ICQ
database file.
You yourselft can help a malicious user, e.g., bu running some attachment sent to
you on behalf of your friend. The attachment, whether it is an it exe, scr or javascript
file, runs under your privileges and - May I guess? - these are administrator privileges.
So, the game is over: This program has access to your history file, can read it
itself or, for example, send it away via email.
So,
How can I minimize the risk?
As there is no 100% guarantee of the safety of your ICQ message history, all
we can do is to minimize the risk of malicious access to it.
- The best way is, of course, NOT to store your history at
all. All messengers allow this; moreover, some of them even have message archiving
off by default.
- In case you have decided to store the history, first of all, NEVER expose
your ICQ database files across network. The database is not encrypted, and there
are a lot of programs that will extract history from such a database as a blink
of an eye.
- Place your history file to a directory available only to you (e.g. under
your Documents and Settings directory). Remove both the local administrator's
and the domain administrator's access rights from this directory properties.
- To prevent your messages from being intercepted by a sniffer, consider using
QIP (http://qip.ru), a
client that support ICQ protocol and is able to encrypt your messages. There
are also a number to plugins for ICQ client that do the same, e.g.
Top Secret Messenger or
PGP ICQ.
- Explore the same basic security rules that are recommended for other security
reasons: do not work under administrator rights, never run attachments even
when they were sent to you by a friend.
- Do not trust anything you have received via your ICQ. It is easily possible
to pretend to be any given ICQ user (well, almost any), so your ICQ friend may
not be a friend at this particular moment. Reverify all the important things
with other means of communication. Avoid using ICQ for confidential and other
important communication. Use mail with PGP encryption instead, phone calls and
personal meetings.
- Consider the following schema: using Belkasoft Universal IM History Extractor
Pro, store backup version of your history in the text or HTML file regularly.
Put this file in a directory only you have access to. Since only you choose
the name and the place for such a file, spy programs know nothing about the
file and will not find it. After backing up the history, flush your IM history
file with by means of the messenger.
Note: Such popular messengers as Yahoo! Messenger and &RQ store their history
in binary files that you could consider encrypted. But alas, they are not. Belkasoft
has extractors for &RQ and Yahoo! Messenger also that don't ask you for a password.
Conclusion
We hope that in our article we have managed to convince you that you should take
your messenger history security more seriously. We hope that our advice will help
you communicate securely with your Instant Messenger, and your secrets will always
remain only your secrets.