TELECOM Digest OnLine - Sorted: Re: VoIP Security Alert: Hackers Now Working VOIP For Cash


Re: VoIP Security Alert: Hackers Now Working VOIP For Cash


hancock4@bbs.cpcn.com
12 Jun 2006 09:09:56 -0700

J. Nicholas Hoover wrote:

> IP phone crooks are learning how to rake in the dough. An owner of two
> small Miami voice-over-IP telephone companies was arrested last week
> and charged with making more than $1 million by breaking into
> third-party VoIP services and routing calls through their lines. That
> let him collect from customers without paying any fees to route calls.

Since VOIP is a relatively new feature, I would've thought the
providers had built in extensive security features to prevent hackers
and other sabotage attacks.

Another area of concern is intercepting calls, that is, developing
logs of who called whom and listening in to conversations.

I find it ironic that when the govt does this it's front page news and
raise the outrage of so many people. But when a criminal exploits
inherent and apparently obvious weaknesses in the Internet, it's a
yawner. Sorry, but I'm more worried about criminals listening in to my
phone calls than the govt.

> Prosecutors claim he paid $20,000 to Spokane,
> Wash., resident Robert Moore, to help send VoIP telecoms millions of
> test calls, guessing at proprietary prefixes encoded on packet
> headers. Eventually, the right one gave them access.

How (though what internet access points, computer resources, etc) did
the hackers generate "'millions' of test calls"? Presumably ISPs,
even those providing professional services, have limits on traffic
coming out of a short time. (Mine has very low limits to prevent
spammers).

Also, most computers shut off access after a few unsuccessful log on
attempts (like 3 [THREE]). After "millions" of hits, shouldn't the
computer have blocked access or raised a warning to a human operator?
This isn't only necessary for security, but also reliability--suppose a
failed computer someone else is in an "infinite loop" and sending out
calls repeatedly. Without protection (ie a "circurit breaker"), the
networks will get flooded.

Power systems have physical circuit breakers to isolate faults that
could damage equipment. These go off fairly often, but there is
redundant lines so troubles are rare. It seems the Internet should
have 'logical circuit breakers' to do the same thing for protection.

This is one of my concerns about the safety and security of the
Internet. If anyone can just get on and send out millions of
transactions unchecked by any protocol, the risk for disruption is
extremely great.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: (no name): "Deal on Net Neutrality in US Senate is Elusive"
Go to Previous message: 3z3k3l: "Re: beware of VONAGE! Don't sign up! I whish someone had warned me..."
May be in reply to: J. Nicholas Hoover : "VoIP Security Alert: Hackers Now Working VOIP For Cash"
TELECOM Digest: Home Page