The diversity and ever changing nature of the internet also means the evolution of a new range of abuses of systems, procedures and laws. Cyber-crime is on the increase with more and more people getting online and with that comes the appearance of new types of crime. In what is thought to be the first example of its kind, a Venezuelan man was sentenced in the USA to 10 years in prison last week for stealing and reselling minutes via Internet phone services.
Labelled the VoIP hacker, 27 year old Edwin Pena was found guilty back in February for masterminding a scheme that hacked over 15 telecommunications companies and re-routed calls for no charge ‘stealing’ 10 million minutes of Internet phone service.
Over US$1 million must be paid by Pena in restitution damages and he also faces deportation once his sentence is served. VoIP sellers including Net2Phone, NovaTel and Go2Tel and thought to have lost more than $1.4 million in the scam. Using a computer program to guess the prefix codes for each provider and client – some being just four-digit codes – Pena and his team piggy-backed the legitimate services and then ‘re-sold’ the time to unsuspecting customers of their own. telephone services to businesses at deeply discounted rates.
The story brings to the fore the question of security and VOIP. So how can you prepare yourself against potential security risks?
1. Operate your voice traffic on a different LAN from data traffic
If you are reliant on VOIP as your main mode of voice telecommunicaton, a denial of service attack could be catastrophic. By separating the two types of traffic you can minimise the risk of DOS attacks but you also need to ensure that your LAN is fully protected, and that includes changing passwords from the default options.
2. Stop Spit
Spit is the VOIP equivalent of spam and many experts fear that if VOIP suffered the same fate as email – where spam now accounts for over half of all emails – the whole system will collapse. The problem with VOIP spam or spit is that normal anti-spam systems that work with email don’t have the same effect on VOIP. Some companies use speech recognition to drop ‘dodgy’ calls while others look at traffic analysis to identify where a call is coming from and blocking certain traffic. Although spit is a very small risk at the moment, the investment apparently being made into new software suggests many believe the problem is set to rise.
3. Combat fraud
Treat voice traffic as you would any other data. Put in place relevant security procedures and checks. If you get an email or letter offering really-cheap VOIP services be wary – remembering things that look too good to be true usually are. Sites like VOIP Fraud try and name and shame those running potential scams .
The current incidence rate of VOIP security issues is very small but on the rise. A report earlier this year predicted it is likely to become a “an anticipated producer of major losses in cyberspace.” so it is something that can not be ignored.
Do you have a specific security policy in place for VOIP use?
Do you think the security issues are holding back the take-up of VOIP?