Presentation by Dan York on VoIP/UC Security

Dan York did a recent presentation on VoIP/UC security. I provided a link to the slides. I don't have the audio, I will post it if I find it. The title of the presentation is "Does anyone really give a ___ about VoIP security?".

Right now, I don't think most people really care too much about VoIP security. My take though (and I have said it efore), its not about VoIP/UC-specific security. It is and always has been about voice/communications security - attackers go after voice systems for the same reasons they have for a long time - namely, fraud/theft of service, DoS, harassment, social engineering, and more and more, for SPAM and phishing. Same old threats, it is just that VoIP/UC makes it easier and cheaper to execute these attacks.

http://www.7ducattacks.com/2011/12/slides-does-anyone-really-give-a-_____-about-voip-security.html

Social Media Used for Harassing Caller/TDoS

We have seen a number of cases where social medial/networking sites, such as facebook and twitter, were used to organized calling campaigns against corporations, the government, politicians, etc. Here is the latest example I have seen, titled "Occupy the Phones", where the organizer sets up facebook events to organize dialing campaigns. While these campaigns/attacks are very sophisticated, they can definitely tie up an organizations phone lines.

http://www.facebook.com/pages/Occupy-the-Phones/258843427490295

 

Robo-dialing/Automated Calling Website

Here is a website that offers a robo-dialing capability that you can use to send a voice message to polititians. The website states that since they are doing it to you, you may as well do it back to them. It doesn't let you dial other people or load up a ton of calls for one destination. I am sure we will see other "services" like this and also hackers using the same capability to generate harassing, spam, voice phishing, or outright Telephony Denial of Service (TDoS) calls.

http://reverserobocall.com/

New York Times Article About Toll Fraud Being Used to Fund Terrorists

Here is an article in the New York Times that describes how toll fraud is being used to fund terrorist activities:

http://www.nytimes.com/2011/11/27/world/asia/4-in-philippines-accused-of-hacking-us-phones-to-aid-terrorists.html?_r=2

 

New Version of VoIP Hopper is Available

A new version of VoIPHopper is available. Here is a link to an article describing it. For those not familiar with VoIPHopper, it allows you to hop/cross VLANs to access VoIP data.

http://www.darknet.org.uk/2011/11/voip-hopper-2-01-released-ip-phone-vlan-hopping-tool/

 

Article About VoIP DDoS Attacks

Here is an article about Distributed Denial of Service (DDoS) attacks against VoIP services:

http://www.cio.com.au/article/402962/massive_ddos_attacks_growing_threat_voip_services/#closeme

Skype Flaw Allows Tracking of User Location

Here is an article about how a researcher used/hacked Skype to determine the location of users.

http://www.foxnews.com/scitech/2011/10/24/skype-security-flaw-potential-terrorist-threat-nyu-professor-says/print

Article about A new VoIP Stenography Tool

Here is an article about using stenography and VoIP (media) to exfiltrate data. It has an interesting twist to it.

http://www.net-security.org/secworld.php?id=11952

I haven't seen any tools yet for video, but I am sure there are some on the way. Video is obviously a lot more interesting, because of the available data in which to hide messages.

VoIP Security Toll Fraud Issue Reported at Astricon

Here is a link to a short video from the recent Astricon Asterisk conference, where a $400,000 toll fraud attack was discussed. The basic idea is that the hackers break into the Asterisk voice mail system and use it to make toll calls. Here is the link:

http://blog.tmcnet.com/blog/tom-keating/asterisk/astricon-voip-security---400000-fraud---yikes.asp

Article about Caller ID Spoofing and Using it to Harvest Names

Here is an article about an attack where the hacker spoofed source numbers and made "millions" of calls to harvest caller ID. Apparently the hacker used an automated system, I presume somethink like Asterisk and public network access through SIP, to make calls with spoofed source numbers, to another number which they had set up. By doing this, the network would deliver, if the number was legitimate, the caller ID associated with the source number.

So to give an example, the caller would automatically generate a call, with say my cell phone number, directed to a number they control, which would deliver/display my caller ID, which I assume they captured. By randomly doing this for millions of numbers, they built a database of source numbers/names, presumably to be used for purposes such as telemarketing.

Not really a new attack, but something made a lot more dangerous with simple call automation, SIP trunks, and caller ID spoofing. Here is a link to the actual article:

http://www.courthousenews.com/2011/08/16/39024.htm

 

FBI Statement to Congressional Committee on Attacks Including TDoS

Here is a link to an FBI article, covering a statement to a congressional commitee about threats to the financial sector. It includes a discussion of TDoS attacks. Here is the link and the part that describes the TDoS attacks:

http://www.fbi.gov/news/testimony/cyber-security-threats-to-the-financial-sector

In 2010, law enforcement agencies and financial regulators observed a trend in which cyber criminals initiated unauthorized financial transactions from compromised victim bank or brokerage accounts. These transactions were paired with a Telephone Denial of Service (TDoS) attack, in which the victim’s legitimate phone line was flooded with spam-like telephone calls to prevent the banks or brokerage firms from contacting the victim to verify that the transactions were legitimate.

In December 2009, a victim in Florida filed a police report stating that $399,000 had disappeared from his online brokerage account while he was simultaneously targeted in a TDoS attack. The online withdrawals occurred in four increments, with progressively larger amounts being withdrawn each time.

Cyber criminals target not only those who trade in securities but also the exchanges in which the securities are sold. These TDoS and Distributed Denial of Service (DDoS) attacks show a desire by cyber criminals to focus their efforts on high-profile financial sector targets.

 

 

Speaking on VoIP Security At ITExpo in Austin this Week

I am speaking on VoIP/UC security this week at the ITExpo conference in Austin. The conference is going on this week and I am speaking at 11:00 on Thursday. Here is a link:

http://itexpo.tmcnet.com/west/attendees/w11-conferences-program.aspx

 

Speaking on VoIP Security At ITExpo in Austin this Week

I am speaking on VoIP/UC security this week at the ITExpo conference in Austin. The conference is going on this week and I am speaking at 11:00 on Thursday. Here is a link:

http://itexpo.tmcnet.com/west/attendees/w11-conferences-program.aspx

 

New Articles on Toll Fraud

I created a separate list of the articles on toll fraud. They were buried in the long list of general articles. You can find this list to the right of the blog.

Recent Article on Social Engineering/Phishing

Here is a fairly recent article on social engineering/phishing. I know I have been receiving more of these calls on my iPhone.

http://www.independent.co.uk/life-style/cybercriminals-use-computer-security-phone-scam-to-grab-credit-card-details-2298519.html