Posted on 03/16/2005 7:11:08 AM PST by holymoly
Never before in the history of telecommunications has a more important warning been needed for current and potential VoIP (computer phone) users who have joined, or will be joining, in the inevitable paradigm shift from telephone to VoIP.
Warning! Warning! Warning!
Beware of VoIP internet service providers that operate on industry standard codec and industry standard protocols because they are PUBLICLY OPEN and INTERPRETABLE! This also includes, but is not limited to, peer-to-peer (P2P) networks.
In plain terms, this means, if you subscribe to, or considering subscribing to a VoIP internet solution provider who operates on these industry standards – and over 90% do -- you have inadvertently made yourself vulnerable to the criminal activities of hackers. Regardless of the type of anti virus software you have on your computer, the publicly accessible industry standards provide a pathway by which these criminals can access your computer to plant viruses, worms, Trojan horses, and/or steal your identity.
Like sharks in a feeding frenzy, unscrupulous criminal hackers view systems operating on these industry standards as their personal “Cash Cow” because of the ease by which they can access your computer and gather your information to sell to other criminals.
Did you know that some hacker-friendly providers offer processor chips that are only sold on the Internet?
Did you know that hacker-friendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their viruses, worms, and/or Trojan horses?
For instance, “Vomit” is a free download software that was designed to convert VoIP phone conversations into a wave file which could be played with standard sound players. Hackers gleefully interpret this as a tool they can utilize to attack unsuspecting victims.
Hacker manuals are also easily accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the “command prompt” on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.
“Sniff” is another tool (originally intended to help telecommunication professionals detect and solve problems) that criminal hackers use to tamper with the protocol and “sniff out” data. When hackers sniff out a data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on conversations, gather information, and sell it to other unprincipled criminal entities.
Identity Theft
Identity theft is one of the most sinister of vulnerabilities you can inadvertently be subjected to. Identity theft is defined by the Department of Justice as
“…the wrongful obtaining and using of someone else’s personal data in some way that involves fraud or deception, typically for economic gain.”
Identity theft is the by-product of unscrupulous criminal individuals obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc. Your information is then sold to other criminal entities for profit. Using your information, these criminals can then:
·access your bank account funds
·create new bank accounts with your information
·create driver’s licenses
·create passports
Attorney General Ashcroft stated that,
"Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America's businesses.”
Don’t be naïve enough to think it won’t happen or couldn’t happen to you!
A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.
According to a Press Release issued by the Department of Justice on February 28, 2005, a hacker was convicted of several counts of fraud, one in which
“…he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts.”
If you are using a VoIP internet service provider and do not want to be a victim of Identity Theft, then take the first step to protect yourself -- don’t use VoIP internet service providers operating on industry standard codec and industry standard protocols.
Viruses, Worms, and Trojan Horses
On January 28, 2005, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by “…creating and unleashing a variant of the MS Blaster computer worm.” Christopher Wray, Attorney General – Criminal Division stated that,
"This … malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world.”
On February 11, 2005, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm, “directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoft's main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours.”
March 7, 2005, Symantec.com posted discovery of a worm named “W32.Serflog.B” that spread through file-sharing networks and MSN Messenger – networks that operate on publicly open and interpretable industry standard codec and protocols, including P2P systems, as well as Instant Messaging systems—none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.
If you don’t want to be the next victim of the devastation created by worms, STOP using services that operate on industry standard codec and protocols, and/or services that incorporate P2P systems.
Anti virus software does not incorporate protection for Instant Messaging services. In addition, Instant Messaging services, in and of themselves, do not include protection for their users.
If you like the convenience of text chatting via Instant Messaging, then use a VoIP internet service provider that includes the Instant Messaging feature -- one that does not operate on industry standard codec or industry standard protocols that are publicly open and accessible.
Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology that is hosted in a professional facility. Simply put, when a VoIP internet service provider operates on optimally secure platforms, the Instant Messaging feature on the VoIP softphone, is also protected with their technology.
A Trojan horse is a program that internet criminals use to interrupt and interfere with your security software and produces the following results
·Terminates processes
·Removes registry entries
·Stops services
·Delete files
Hackers, who have gained access to your computer, because of the programs and software as mentioned above, are having a field day incorporating this nasty little program into their arsenal of weapons.
As recently as March 4, 2005, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.
Here’s the bottom line.
1.If you are currently using a VoIP internet solution provider that operates on industry standard codec and industry standard protocols that are publicly open and interpretable, you need to make a decision:
a. Continue enticing criminal hackers and remain on their service, or
b.Take immediate corrective action.
2.If you are currently using Instant Messaging of any sort, you need to make a decision
a. Continue enticing criminal hackers and remain as a user of their service, or
b.Take immediate corrective action.
If you decide to take immediate corrective action:
1.Find a VoIP internet solution provider that has their own proprietary high end encryption codec
2.Find a VoIP internet solution provider that has their own proprietary patented technology
3.Find a VoIP internet solution provider that hosts their proprietary patented technology in a professional facility
4.Find a VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology
Here’s a place you can look over to see what a VoIP internet solution provider looks like that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND that incorporates the Instant Messaging feature.
http://www.free-pc-phone.com
I hav VOIP phone but there is no software involved. I just pick up my regular phone and dial. This is not the same thing I have. My phone is connected to a router and then goes into my cable modem. No software. No way to hack my computer by using phone software on my computer because there isn't any. Not all VOIP is equal.
The sky is falling.
See how out of the loop I am? I always understood DoS to be “denial of service” and was often as simple as flood-pinging a machine from one or more other machines to gum up the works. No “access” to any command prompt required, IOW.
Live a little, learn a little, I guess.
No, it's not - the ground is rising.
Vonage?
Yet another reason why I encrypt anything that should not get into the wrong hands...
Ping, son.
Whoever wrote that is a huge dumbf**k. It means NOTHING. It is a vast display of ignorance.
Whoever wrote it is a fraud and a huckster.
YES Vonage. I have had it for two years and like it. I make lits of long distance calls. I hockied it into my phone system and all my phones work on it.
dang now I kant tipe or speel. dang hackers!
Standards are our friends
DOS= Disk Operating Sysem
DoS= Denial of Service.
As a Telecommunications Professional, I can state categorically, that this whole piece is bunk, hokem amd FUD.
The encoding in the VOIP packets do not allow executeable files to be run, period.
Now, if someone were to send something to you during a conversation it might be a different case, we call that Application EMAIL.
What a buffoon, please do not listen to a word this Clymer says.
Cheers,
knews hound
Wait until the spammers figure out how to do phone number spoofing. Soon your friends will be complaining about the telemarketing calls coming from your phone number.
They already have.
There are websites that enable you to spoof your Caller ID so that you appear to be someone you are not.
Expect that to change shortly however.
Cheers,
knews hound
Thank you.........this is what I love about this site; the ready access to and abundance of subject matter expertise.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.