News Analysis   More News Analysis

Experts: VOIP Attacks Are Tough to Stop

July 10, 2006 | Mark Sullivan | Comments (2)
no ratings

Security experts say a high-profile VOIP hack is setting operators into action to protect against future problems. (See Two Charged in VOIP Hacking Scandal.)

Early last month federal authorities arrested Edwin Pena and Robert Moore for allegedly participating in a scheme that exploited the network weaknesses of several VOIP providers.

The feds accused the duo of secretly routing calls through legitimate VOIP networks, forcing those companies to foot the bill for the extra traffic they were carrying. On the flipside, Pena allegedly collected some $1 million in connection fees from other phone companies that he sold minutes to. (See VOIP Hacker Blues.)

Companies familiar with the Pena/Moore debacle worry that others will try, using relatively unsophisticated means, to exploit or take down their networks.

BusinessEdge security expert Yaron Raps says the Pena/Moore attack resulted in two large Tier 1 telcos calling on his company to do full security audits of their VOIP networks. Raps is the former head of technology and engineering at deltathree Inc. (Nasdaq: DDDC).

Raps believes the security issue is changing the way big telcos view the role of VOIP in their businesses. “Before this, VOIP was just a software infrastructure that corporations introduced to reduce operational expenses and increase speed to market -- and it was not about security," Raps says. "The big telcos are realizing that VOIP is not a cheap replacement to the PSTN.” (See VOIP Gear Approaches Peak.)

IP-security expert Mike Hrabik of Omaha-based Solutionary says his company is also receiving more calls on VOIP security issues. Hrabik says the new interest in security is a normal part of the evolution of new technologies. “We see this in every new or evolving technology. It sort of goes through these phases,” Hrabik says. "They’re going to have to concentrate on this -- the security of the protocol itself, the security of the infrastructure -- and move it up in their priorities."

VOIP providers tag their own calls with a unique identifier or "prefix" so they can be admitted to the network. Pena, with Moore's help, allegedly bombarded the VOIP providers' networks with test calls -- each carrying a different prefix -- until they found one that was admitted to the network. The two then allegedly tagged all the fraudulent calls with that prefix.

Erecting a reliable wall of defense against these tactics is no easy, or cheap, proposition, the experts say.

Hrabik explains that large VOIP networks deal millions of calls each day, so it's sometimes hard to tell the fraudulent traffic from the legitimate traffic. “So you turn on your native logging to see who has logged into the router, in some cases the transaction volume is so large that finding the few the are from the attackers is the difficult part."

Operators will also be challenged, Hrabik notes, to maintain security even as hackers invent new attacks. "You may address one type of attack avenue, but what are some of the other ones somebody else might be able to find to exploit me in a different way or from a different angle?"

He adds: "We always find that to be the problem: Once the problem is controlled, and the press dies down, can you keep the intensity to find all those avenues and start to plug those holes?"

Net2Phone Inc. (Nasdaq: NTOP) was one of as many as 15 networks victimized by Pena and Moore, and the only carrier actually listed in the legal complaint. Net2Phone did not respond to numerous requests for comment on the article.

According to Rap at BusinessEdge, three basic components must be in place to achieve real-time security. “You have to have a very strong authentication at the edge, you have to have very strong fraud detection at the core, and then you have to have very strong prevention and detection in your network.”

He says the RBOCs may have an easier time absorbing these security costs than their unaffiliated or “pure play” competitors like SunRocket Inc. and Vonage Holdings Corp. (NYSE: VG).

Many VOIP providers use session border controllers to protect the edges of their networks. In fact, security functionality has become one of the main selling points of the devices.

"The messages were spoofed both at the IP-layer and signaling layer," writes Acme Packet Inc. (Nasdaq: APKT) product manager Hadriel Kaplan of Pena's and Moore's technique in an email to Light Reading Friday. "That is a non-trivial thing to do, and represents a serious sophistication and commitment on the part of the criminal."

— Mark Sullivan, Reporter, Light Reading
Newest Comments First       Display in Chronological Order
hadriel
User Ranking
Tuesday July 11, 2006 9:36:13 AM
Hi,
I want to clarify a few points as my quote was part of a broader explanation of VoIP security and is a bit out of context, and implies I agree with the heading of this article. To be clear, what I said was that based on public reports it appears they hijacked a router, set it to relay spoofed addresses belonging to an enterprise, and spoofed not only their IP-layer but also all the signaling layer. That is a non-trivial thing to do, and represents a serious sophistication and commitment on the part of the criminal.
I also went on to discuss how it could have been blocked or at least discovered quickly, but it was a long response and specific to SBC capabilities, so I understand the need to snip. :)
Thanks,
Hadriel
startup_shutup
User Ranking
Monday July 10, 2006 11:03:03 PM
UNITED STATES DISTRICT COURT
DISTRICT OF NEW JERSEY

http://www.usdoj.gov/usao/nj/publicaffairs/NJ_Press/files/pdffiles/moorecomplaint.pdf
LIGHT READING MARKET PLACE
Network Tool Guide
Fix Issues Faster. Choose the Right Portable Network Tools in Our Online Guide.
Used and Refurbished HP ProCurve Switches
Lifetime Warranties, Professional Testing & Shipping on all HP Equipment Purchases!
Free Cell Phones
Get a New Cell Phone or Upgrade for Free. Smart Phones, Blackberries and more.
TruePulse Buys&Sell Central Office Equip
Nortel, Cisco, Alcatel, Lucent, Tellabs, Calix, Occam & Anda: GigE, DWDM, SONET
Network Tool Guide
Fix Issues Faster. Choose the Right Portable Network Tools in Our Online Guide.
The blogs and comments are the opinions only of the writers and do not reflect the views of Light Reading. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Most Popular
Read
Related Content
White Papers SPONSORED CONTENT
Featured
Podcasts SPONSORED CONTENT
Services Transformation - by Alcatel-Lucent Communications service providers want to be able to bring new services to...
Rural Ops Bridge the Digital Divide - by Tellabs Tellabs helps IOCs build triple play networks
Driving Network Transformation - by Alcatel-Lucent In order to deal with competitive pressures, the change in service models...
Back(haul) to the Future - by Tellabs Tellabs works with Vodafone to meet growing mobile broadband demands.
MRS Logistica - by Tellabs Tellabs helps MRS Logistica transform its existing, largely outdated TDM networks to IP.
Carrier Ethernet Offers an Enterprising Solution - by Tellabs What is VPLS and how does it work? Tellabs takes a closer look.
Swisscom’s Network Makeover - by Tellabs Fresh off the launch of 7.2 Mbps HSDPA, Swisscom sees 3G as an opportunity to launch a unifying ...
Telecom in Namibia - by Tellabs Tellabs helps Telecom Namibia with next-gen challenges
Companies
Alcatel-Lucent (5872), AT&T (1948), BellSouth (848), BT (1287), Cablevision (615), Cisco (5297), Comcast (1910), Cox Communications (858), Deutsche Telekom (807), eBay (Skype) (345), Ericsson (1617), France Telecom (964), Google (489), Huawei (1045), Intel (1127), Juniper (2022), Microsoft (1115), Motorola (1486), Nokia Siemens Networks (2645), Nortel (3956), NTT (173), Siemens (1359), Sprint (1059), Telefonica (439), Time Warner Cable (969), Verizon (2587), Vodafone (510), Yahoo (339)

Broadband
Access equipment (2169), Access technologies (2378), Broadband loop carriers / multiservice access nodes (388), Cable modem termination systems (CMTSs) (1104), Cable TV chips (286), DSL (2425), DSL chips (227), DSLAMs (703), Free-space optics (35), FTTx (3265), Gaming consoles (58), Gaming servers (22), Media adapters (23), Municipal networks (106), PON (1364), PON chips (217), Satellite (497), WiMax (880), Wireless LAN (354)

Cable Digital
Cable Modems (681), Cable/MSO equipment (2802), CableLabs (470), Compression (MPEG-2 and MPEG-4) (279), Docsis (1046), Embedded multimedia terminal adapters (E-MTAs) (213), Head-ends (233), PacketCable (129), QAM (307)

Chips, Components & Subsystems
ASICs & FPGAs (101), ATCA (480), ATM chips (13), Comm chips (2360), Dispersion compensators (149), Lasers (920), Modulators (163), Mux/demuxes (299), Network processors (933), Optical amplifiers (349), Optical channel monitors (92), Optical components (2824), Speciality fiber (94), Switches & OADMs (397), Transceivers (1247), Transmission fiber (419), Variable optical attenuators (139)

Ethernet
10-Gbit/s Ethernet switches (1454), Access devices (272), ATM switches (333), Circuit emulation (16), Converged access (103), Ethernet chips (573), Ethernet equipment (2212), Ethernet over copper (231), Ethernet PONs (160), Ethernet services (1909), Ethernet technologies (568), Multipoint (131), Multiservice edge equipment (143), Multiservice provisioning platforms (622), Multiservice switches (389), PBT (Provider Backbone Transport) (256), Point-to-point (139), Pseudowire (Layer 2 tunnels) (132)

IP & Convergence
B-RASs (229), Cell/WLAN (77), Compression equipment (13), Core routers (1294), DNS (56), Edge routers (1686), ENUM (53), Fixed/Mobile Convergence (485), GMPLS (76), IMS (1088), IMS Control Layer (27), IMS Service Layer (27), IP equipment (1224), IP software (381), IP technologies (1482), IPv6 (99), Layer 3 VPNs (194), MPLS (1774), MPLS (687), Multicast (36), P2P (258), Pseudowire (Layer 2 tunnels) (132), QOS (350), SIP (396), Traffic managers (808), Wireline/Wireless (59)

Mobile/Wireless
3G Evolution (175), Broadcast (Mobile TV, etc.) (189), Carrier WiFi (226), CDMA (3G) (367), Core Network (173), EV-DO (126), Femtocells (30), Fixed Wireless (Microwave, etc.) (71), Fourth Generation (4G) Wireless (70), GSM/EDGE (430), HSDPA/HSUPA (321), IMS Core (47), Long-Term Evolution (LTE) (188), Mobile Advertising (24), Mobile Music (31), Mobile TV (130), Mobile Video (65), Mobile WiMax/WiBro (92), Mobile/Wireless (5877), Packet Core (61), Radio Access Network (236), TD-SCDMA (Chinese 3G) (67), Transmission (38), Ultra-Mobile Broadband (UMB) (8), UMTS(3G) (340), Voice Core (21), WiMax (880), Wireless Backhaul (272), Wireless Chips (191), Wireless LAN (354)

Optical Networking
40-Gbit/s transmission (452), Core optical switches (760), CWDM (289), DWDM (1842), Long-haul WDM equipment (654), Metro optical switches, ROADMs (1173), Metro WDM equipment (773), Multiservice provisioning platforms & add/drop muxes (375), Optical equipment (2191), Optical switches & crossconnects (398), Optical technologies (417), Sonet/SDH (1036), Sonet/SDH chips (351), Wavelength services (305)

Security
Anti-virus (29), Denial-of-service attacks (44), Encryption (97), Endpoint security (22), Firewalls (61), Intrusion detection & prevention (45), IPSec VPN (801), Security (1835), SSL VPN (862), URL filtering (12), User authentication (24)

Services Software
Activation (415), Billing systems (761), Content/software downloads (231), Customer relationship management (231), Data Integrity (61), Element management systems (36), Fault management (69), Inventory management (153), Mediation systems (204), Messaging (231), Middleware (72), Mobile location (41), OSS (2584), Performance monitoring (335), Policy control (269), Provisioning (553), Revenue assurance & fraud management (334), Service delivery platforms (SDPs) (328), Service management (220), Service-oriented architectures (310), Services (2480), Web gateways (56), Web services (124), XML (51)

Test & Measurement (Sponsored by Etaliq Inc)
Access equipment Access test & measurement equipment (126), Comm chips Comm chips test & measurement equipment (29), Ethernet equipment Ethernet test & measurement equipment (170), IP equipment IP test & measurement equipment (122), MPLS MPLS test & measurement equipment (14), Optical components Optical components test & measurement equipment (113), Optical equipment Optical test & measurement equipment (886), OSS OSS test & measurement (1059), Sonet/SDH Sonet/SDH test & measurement equipment (1599), Test & measurement (1755), VOIP equipment VOIP test & measurement equipment (145)

Video (Sponsored by Ericsson Televisionary)
Broadcast (Mobile TV, etc.) (189), Broadcast video equipment (including encoding) (730), Content delivery network (CDN) (394), Content protection (270), DVRs (665), Internet Video (840), IPTV (3461), Middleware & business support systems (845), Set-top boxes (1624), Stored video servers (379), TV (3581), Video equipment (2448), Video services (4130), Video software (1349), Videophone (185), VOD (2635)

VOIP
Application servers (186), Centrex (198), Conferencing (78), Contact centers (38), Enhanced voice (34), Enterprise (637), Media gateways (357), Messaging (73), Presence management (43), Residential (835), Session border controllers (398), Signaling gateways (104), Softswitches (1090), VOIP chips (167), VOIP equipment (3423), VOIP services (3768), VOIP software (620), VOIP VPNs (28), Wholesale (220)