Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, June 09, 2006

VoIP Security Alert: Hackers Start Attacking For Cash

An owner of two small Miami Voice over IP telephone companies was arrested last week and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines.  Hacking has become a decidedly for-profit crime, with crooks intent on theft rather than disruption.  Edwin Pena had been making easy cash for almost 18 months and sold about 10 million minutes before law enforcement caught up with him yesterday morning, prosecutors say.  He paid $20,000 to Spokane, Wash., resident Robert Moore, who helped Pena scan VoIP providers for security holes with a code cracking method called brute force.  Those companies have to pay for access to the Internet’s backbone, and they found themselves with up to $300,000 in charges for access stolen through Pena’s hacks, authorities say.

Yet it’s not only carriers that could be concerned with the type of attack Pena and Moore launched, says Seshu Madhavapeddy, CEO of VoIP security company Sipera Systems.

Madhavapeddy says these types of attacks are relatively easy to carry out and could hit at enterprises just as easily as carriers.

Infonetics Research predicts spending on VoIP will jump from $1.2 billion in 2004 to more than $23 billion in 2009.

Emerging technologies like unified communications that include voice, video, and data in one console, intended to drive collaboration through the roof, have the potential to put more and more information at the fingertips of hackers.  They warn about phishing not unlike what companies and consumers see in e-mails.

And VoIP networks are just as susceptible to crippling denial-of-service attacks as are data networks, and mass calls generated by a worm could overload networks or kill productivity with ceaseless phone calls and messages.

http://www.informationweek.com/news/showArticle.jhtml;jsessionid=CI2HW0LHSD1GKQSNDLOSKHSCJUNN2JVN?articleID=188702963

Posted on 06/09
WarningsPermalink