Unsecured sessions with ICQ - applying forensic computing

Abstract: Digital evidence is becoming more and more frequent and important in investigations carried out by the police. To make the correct judgements, the police force needs to know what one can do with ICQ and in what ways it can be exploited. This thesis aims to point out weaknesses in ICQ that can aid the police in their work. But these weaknesses can not only be used by the police, also crackers can perform malicious acts with them. Therefore, I investigated if the use of ICQ resulted in non-secure sessions. To investigate ICQ’s security, I divided a session into an authentication phase, sending of messages, and the protection of stored messages in a history file. While investigating ICQ, I sniffed its Internet traffic and monitored files on the computer’s hard drive with MD5 checksums. I have investigated the following three ICQ applications: ICQ Pro 2003a, ICQ2Go and the Linux clone Licq. The result of the entire investigation showed that ICQ had a non-secured authentication phase, non-secured messages and no protection for stored messages. From these results the main conclusion was derived: The use of ICQ resulted in non-secure instant messaging sessions. Your ICQ account can be hijacked and another person can impersonate you and send messages that you dislike. Also, your messages can be intercepted on the Internet and their content can be read. If your computer is compromised, all your previous messages on ICQ Pro 2003a and Licq can be read.