Posted on 06/09/2006 8:39:45 PM PDT by saganite
IP phone crooks are learning how to rake in the dough. An owner of two small Miami Voice over IP telephone companies was arrested last week and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. That let him collect from customers without paying any fees to route calls.
Hacking has become a decidedly for-profit crime, with crooks intent on theft rather than disruption. Voice over IP hasn't been a big target, but only because crooks haven't figured out how to make money off breaking in.
In that sense, Edwin Pena is a pioneer if federal prosecutors' allegations are true. Edwin Pena had been making easy cash for almost 18 months and sold about 10 million minutes before law enforcement caught up with him yesterday morning, prosecutors say. The newfound magnate is alleged to have lavishly spent his takings on luxury cars, a 40-foot Sea Ray motorboat, and Miami-area real estate. Now he faces losing all that and spending up to 25 years in jail, in addition to paying $500,000 in fines.
Pena didn't carry out his plan alone, according to authorities. He paid $20,000 to Spokane, Wash., resident Robert Moore, who helped Pena scan VoIP providers for security holes with a code cracking method called brute force. They sent these companies millions of test calls, guessing at proprietary prefixes encoded on packet headers used to show that VoIP calls are legit, until the right one gave them access. The two also hacked into computers at a Rye Brook, N.Y., investment company and set up other servers to make it seem like they were sending calls from third parties through more than 15 VoIP providers.
Those companies have to pay for access to the Internet's backbone, and they found themselves with up to $300,000 in charges for access stolen through Pena's hacks, authorities say. Yet it's not only carriers that could be concerned with the type of attack Pena and Moore launched, says Seshu Madhavapeddy, CEO of VoIP security company Sipera Systems.
In general, Pena's attack was a spoofing attack, designed to let his calls masquerade as those of another carrier. Madhavapeddy says these types of attacks are relatively easy to carry out and could hit at enterprises just as easily as carriers.
One possibility is stolen access, but there are others. For example, a hacker might spoof call-forwarding features to make all calls route to him. Customers trying to reach a help line could be tricked into giving credit card information to the hacker. "People remember the 'voice' and forget the 'over IP' part," says Mark Rasch, SVP of security company Solutionary Inc. "Just like data can be rerouted without authorization, VoIP can be rerouted without authorization."
The exponential growth of VoIP can only add targets. Infonetics Research predicts spending on VoIP will jump from $1.2 billion in 2004 to more than $23 billion in 2009. Meanwhile, IP communications are inherently more complex than traditional phone calls and are getting even more so.
Emerging technologies like unified communications that include voice, video, and data in one console, intended to drive collaboration through the roof, have the potential to put more and more information at the fingertips of hackers. And just as e-mail and the Internet opens the door for vulnerabilities, these next-generation tools could allow hackers to spoof a call and send illicit information and files to end users.
For now, VoIP is a wilderness for hackers, and there have been very few publicized attacks. But security companies like Symantec predict a coming epidemic of spam over Internet telephony, so-called SPIT. They warn about phishing not unlike what companies and consumers see in e-mails. And VoIP networks are just as susceptible to crippling denial-of-service attacks as are data networks, and mass calls generated by a worm could overload networks or kill productivity with ceaseless phone calls and messages.
That's another way hackers could make money from VoIP networks. "If I can take down the enterprise network, and I'm showing you demonstrably how I can do it, I can blackmail you," Madhavapeddy says.
And this case? "These modern day cyber-thieves had hoped they had engineered a brilliant 'toll free' calling network for themselves," Newark FBI Special Agent in Charge Leslie G. Wiser Jr. said in a statement. "They hoped wrong."
BUMP
BUMP
There's an echo in the line.
Prefixes? What prefixes?
there's there's there's an an an echo echo echo in in in what what what?
It is like a combination lock on your front door. A cracker doing what it says here would be like a thief putting a robot there to punch in combination after combination until the lock opened.
There oughtta be some kind of better security check, just like if you heard punching at your front door lock sustained for hours you'd call the cops.
The right packet sniffer software can also listen to your VoIP phone calls (as your voice data packets cross the infected/infiltrated servers)...which is more than just Vonage, it's also your cell phone calls as 80+ % of cell phone calls are routed via IP by the cell phone providers (e.g. Verizon).
[I do this stuff for a living] I want to know what prefixes they are talking about. Specifically, what header fields are they talking about from RFC 3261, RFC 3702, etc. Were they randomizing Authentication fields? Where they randomizing passwords? Were they spoofing FROM: URIs. IP Source addresses?
The Slashdot article of a few days ago was no more helpful, by the way.
Of course, I'm assuming this was SIP, and not H.323
I'm sure you can find a voip internals book on a nerd site, if not Amazon. Then you'd know more than I, but from the nature of the description it sounds to me like a not very strong cryptographic hash in the transmissions coupled with nil security in the telcos against brute force attack.
This is why I was wondering about the article's use of the term "prefixes". It means nothing in terms of any of the standards docs I have ever worked with.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.