VoIP SECURITY: THE RETURN OF THE PHREAKERS
Phreaking, the illegal gaining of access to a provider’s telephone infrastructure, is on the increase as a new generation of phreakers seek to exploit their growing knowledge of today’s VoIP networks and technology.
Phreaking is a practice that has been around for quite some time. In fact, before computer hacking took over, it was seen as the dominant form of technological subversiveness.
But now, with the rise of VoIP technology, phreaking has re-emerged as an even more serious threat to corporate network security. And there are also new issues to deal with such as Spit and Vishing – the VoIP equivalents of SPAM and Phishing – as well as malicious DoS (Denial of Service) attacks.
MORE THAN JUST A NUISANCE
Traditionally, phreakers would break in and explore telecommunications systems for fun, or sometimes help themselves to a free long distance service. But modern VoIP phreakers tend to be far more ambitious in their criminal objectives.
In fact, telephone systems hackers have established a thriving black market in reselling stolen VoIP minutes.
These phreakers break into gateway servers used to connect a carrier's phone network to the internet and resell this access to smaller, unscrupulous operators, sometimes via web-based wholesale minutes markets.
Wholesale purchasers of the stolen access are often small telco operations that then resell access to consumers via printed phone cards.
The phreakers themselves have become much more sophisticated in their abilities to remain elusive. Many are escaping detection by leaving complex trails behind them.
CATCHING THEM ISN’T EASY
Business magazine Newsweek reported that uncovering the perpetrators of this illicit trade is extremely difficult, if not impossible.
For example, a Panamanian telecoms company recently lost $110,000 as a result of VoIP fraud and hired a specialist international consultancy to track down the phreakers involved. The trail led through Bulgaria, Canada, Costa Rica, Hong Kong, and the US before going cold.
INCREASING AWARENESS
And the message is clearly getting through to business customers, who are starting to ask serious questions about VoIP security of their providers. Decision-making tends to revolve around call quality, cost, interoperability of equipment and security for VoIP. Call quality remains a top priority but a growing number of informed customers are aware that VoIP security for issues such as spit, vishing, and DoS are increasingly important when considering an IP based voice strategy.
READ BETWEEN THE LINES
BT Wholesale takes the issue of security very seriously. We have a history and experience in dealing with DoS attacks.
Our new IP Exchange service delivers a carrier grade VoIP SIP/ TDM and IP/3G interoperability solution.
Many of the VoIP security issues mentioned above are inevitably associated with VoIP transport across the public Internet. So IP Exchange is deployed with a carrier grade security policy.
For public Internet access to IP Exchange, the IP Exchange hardware and software configurations allow IP voice and multimedia transmissions to occur from behind a firewall, providing heightened levels of safety and further protecting IP communications networks from malicious activity, such as Denial of Service attacks.
Direct connections from ITSPs and customers onto IP Exchange's resilient platform and managed IP backbone will in the future ensure a protected means of transport. This will make the interference and security problems associated with transmissions over the public internet much less of an issue.
Read more about IP Exchange in this issue of Between the Lines