Phone Phreaking infiltrating our telephone networks
Deep into the age of computer hacking, it seems ironic that the accused News of the World journalists used the remarkably old-fashioned hack of accessing or ‘phreaking’ voicemail systems of celebrities and politicians. While the journalists in question may have used a primitive method of using default PINs to access mailboxes, a more sinister form of hacking could be on the rise; VOIP phone phreaking.
Phreaking is a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. And as telephone networks have become computerised or based on VoIP, phreaking has become closely linked with computer hacking.
Apr 11, Western Australia Police investigated several cases of scammers hacking the networks to commit fraud. The WA Police said three businesses reported having their VoIP networks hacked by opportunists using the networks to make calls to international numbers. The businesses suffered losses of some $70,000.
In Feb 11, an incident involving two Guernsey firms’ phone answering systems left them with bills for £28,000. Guernsey Police’s Commercial Fraud Department, said fraudsters guessed the password to the answerphone accounts and were then able to make calls all over the world, including to North Korea and Somalia. Experts however, think ‘sophisticated “war diallers” and “password crackers” were the more likely method used to gain illegal access.
While these are all crimes for financial gain the dark art of VoIP phreaking is now being used for more sinister motives i.e. the deciphering of voice conversations. With VoIP, voice is treated as just another data service, and it’s a data service that commercial firewalls and Application Level Gateways (an additional security component to a firewall in a computer network) don’t handle well. While the blocking of incoming calls is not an option for businesses.
Most of us don’t know and are not aware of the dangers of VoIP which are very real. The example above shows VoIP will make it easier to tap into phone calls and not securing VoIP networks is as dangerous as using an internet connection without a firewall.
If you are interested in discussing the ‘real’ threat of VoIP hacking to businesses and combating VoIP phone phreaking with Jeff Kahn, chief strategy officer AudioCodes please contact: Jimmy Tse, 0208 964 0260 or jimmy@vp-pr.com for a briefing.
Kind regards
Jimmy Tse | VP Communications | Tel: +44 208 964 0260 | Fax: +44 208 964 0277 | jimmy@vp-pr.com
Cyber-crime Statistics:
According to the Communication Fraud Control Association (CFCA), the body that monitors communication fraud, the crime of “Phreaking” (hacking into a PABX and using it to route calls) actually costs UK businesses £1.3 to £1.5 billion per annum. The UK is ranked as one of the “top 5″ countries in the world affected by this crime.
Methods of VoIP-hacking are well reported. While VoIP traffic is encrypted it has been proven that catching calls and conversations are possible. Ruben Unteregger, a 33-year-old software developer from Switzerland, made public the source code of a Trojan that taps into VoIP conversations. The Trojan receives commands from a dedicated server, and then sends hackers the desired audio files. When a user opens up the VoIP client and starts a conversation, the Trojan performs a DLL injection that will allow it to attach itself to the VoIP process and record all audio/video conversations. The method not only catches the keystroke, but all data transmitted (see: http://megapanzer.com)
According to consultant firm, Detica, cyber-crime costs UK economy £27 billion every year. The research in conjunction with the government’s Office of Cyber-security showed £27 billion is lost due to Intellectual Property theft and industrial espionage.
Cyber-crime hits the government itself for around £2.2 billion, and the citizens of the UK for £3.1 billion, but businesses take most of the damage – £21 billion. IP theft represents some £9 billion and espionage £7.6 billion.
The hardest hit industries are the pharmaceutical and biotech sectors, electronics, chemicals and IT.
Audiocodes
AudioCodes is a market leader with over 17 years of product development experience, focused on VoIP network products and technology. During this time, AudioCodes has deployed tens of millions of media gateway and media server channels in over 100 countries. AudioCodes is a VoIP technology leader focused on voice quality and best-of-breed VoIP network elements with a proven track record in product and network interoperability with industry leaders in the Service Provider and Enterprise space.
An Israel technology firm, AudioCodes is involved in the prevention of VoIP infiltration techniques and attack prevention. AudioCodes developed the Enterprise Session Border Controllers (E-SBC), a perimeter defence that protects against malicious VoIP attacks.
Jimmy Tse | VP Communications | Tel: +44 208 964 0260 | Fax: +44 208 964 0277 | jimmy@vp-pr.com
