|
Access Intelligence Editor Uncovers First Major VoIP Hacking Scheme |
|
|
|
|
Friday, 04 November 2005 |
In a copyrighted investigative story released today, Stuart Zipper, editor of Broadband Business Forecast, an Access Intelligence (www.accessintel.com) publication, uncovered the first major security attack on voice over Internet Protocol (VoIP) enterprise telephony systems. According to Zipper, hackers have figured out a way to manipulate the IP stream in order to steal long-distance service. Many in the communications industry are keeping things quiet while they assess the full extent of the potential damage, but sources admit this security breach "could expose a lot of companies to a great deal of fraud."
Telephony hacking isnt new, with fraud perpetrated on an entire phone system. Today, says Zipper, with VoIP, a hacker only needs access to the corporate network. What enables the hack isnt VoIP per se; its the fact that VoIP is simply another IP stream on the network.
"Ive been watching VoIP security issues carefully for months now, and I knew it was just a matter of time until one of the significant players found something amiss to tell me about," Zipper says. "So, in the end, it was just a matter of basic real journalism - asking the right people the right questions."
Prior to publication, Zipper spoke with softswitch developers, backbone carriers, competitive local exchange carriers (CLECs), network security experts, billing companies and others. He learned (but did not divulge in print) how hackers were breaking into enterprise VoIP networks. Shawn Lewis, CTO and systems expert at VoIP Inc., admits hackers have found a way to manipulate cost codes billing companies have used to track phone calls. Essentially, these hackers "zero out" the code so that the billing system believes a call was incomplete and, thus, should not be charged to the caller or the callers company.
Representatives of several phone billing service houses who declined to be quoted by name told Zipper they never receive call details for supposedly incomplete calls because such billing houses charge by the processed call, even if its a call billed at zero. "Literally, the zeroed calls are stripped out of the data stream before the billing data is sent - and the information relegated to an electronic cutting-room floor," Zipper says.
Dale Drew, vice president in charge of carrier Level 3s security architecture and its security-engineering group, told Zipper he "monitors a lot of different chatter in the hacker community," and that "its been in regard to PBX environments" on corporate VoIP networks. "It involves getting access to the local PBX and network, and then changing it (the billing code) or having it zeroed out," he added.
In particular, Drew said, hacker chatter pointed to Ciscos call manager and the free Asterisk open-source softswitch/feature server. Cisco did not comment on this, but two employees at Digium, the company responsible for Asterisk, told Zipper that Asterisk can be reconfigured to allow a signal to be sent via a VoIP gateway so that "certain switches and billing systems treat the call as if it had not been successful." The weakness is not in VoIP or Asterisk, they insist, but that there are "weaknesses that are exploited through a VoIP gateway."
As things stand now, VoIP experts are testing a number of switches, and there is some suspicion that the venerable 5ESS may be among those that can be hacked.
Zippers full story appears in the Nov. 1, 2005, issue of Broadband Business Forecast, published by Access Intelligence, LLC, headquartered near Washington, D.C. Access Intelligences Telecom Advisory Group publishes news, analysis and research covering all areas of telecom. Publications include TelecomWeb news break, Broadband Business Forecast, Wireless Business Forecast, Telecom Policy Report, Satellite News, Government Procurement Report and Inside Digital TV. Other programs include TelecomWeb.com, market research provider InfoTech, and virtual seminars and e-letters to serve various market sectors. |
|
|