Q

Criminal abuse of VoIP

A law enforcement professional charged with understanding the ways that crimincals might abuse VoIP, gets expert advice from Andrew Graydon, Chair of the Security Requirements Committee at VoIPSA. .

I am the detective inspector in charge of the Garda Hi-Tech Crime Unit in Ireland. I am part of a team looking at the threats and abuse VoIP will receive by criminals. I would appreciate any comments you have on what threats you perceive will occur with this relatively new technology.

VoIP communications opens up a whole set of concerns previously unconsidered in voice communications. As you know, each country has regulated communications and provisions for 'legal intercept' which is widely known as wiretapping. In VoIP systems, not only is this more difficult, but IP to IP communications has been removed from having this requirement in the U.S. under CALEA. This is of major concern to law enforcement, as IP-to-IP...

communications is not limited to PCs anymore, but can now be done using WiFi SIP phones in hotspots, which are becoming widely available. This type of communications is difficult to monitor, but not impossible. However, legislative bodies and their advisors need to be better informed of the issues involved.

Technical solutions in the area of IP communications are already in use by legal entities for IM, e-mail and Web traffic, allowing investigations into online illegal activities to be carried out. The real-time aspect of VoIP introduces some extra complexity, but solutions can be implemented at the ISP level through packet sniffing and protocol analysis leading to media forking. Think of it as a high speed, high bandwidth Ethereal.

On another note, IP PBX attacks can be classified into two areas, transport and application layer attacks. Transport layer attacks are well known IP layer attacks such as DOS, DDOS, SYN, ACK, etc. These attacks are identical to the type of attacks faced every day by current IP systems and can be remedied in the standard ways we secure networks. The application layer attacks introduce some new concerns. Attacks at this layer are quite difficult to protect against, as many of the attacks are based on common usage of the systems, for example DOS attacks, phone calls for SPAM/SPIT, voice mail messages, or protocol exploitations -- such as cutting off calls, making phones ring and faking caller ID. Of course, there are also 'man-in-the-middle', session hijacking, and sniffing attacks just to mention a few, which are blended attacks. These attacks are a combination of transport layer and protocol vulnerabilities.

All of these areas can be contained and protected in today's networks. A combination of network design, traffic flow design and a SIP Firewall or SBC will mitigate many of the issues mentioned above.

This was first published in November 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchMobileComputing

SearchNetworking

SearchTelecom

SearchITChannel

SearchEnterpriseWAN

SearchExchange

Close