VoIP toll fraud, TDoS, and Malformed Packets, Oh My!

Posted on November 19, 2013 by Andrea Mocherman

The world of VoIP can be dangerous if you’re not paying attention. Protecting yourself and your business starts with knowing the threats.

Mark Collier knows telephone security. As CTO and VP Engineering of Securelogix, co-author of “Hacking Exposed: VoIP”, and composed the curriculum for the VoIP security course at the SANS Institute, Collier is well aware of the most threatening threats to your VoIP telephone system.

If you want to bone up on the risks associated with VoIP, and how to safely maneuver around them, Collier is the person to talk to.

The most prevalent kind of attack is toll fraud. But Collier says it’s not the reselling of your minutes it used to be. Nowadays, web villains are breaking into your telephone system to reroute calls to high cost numbers that pay them. Or, they’ll even clog up your IVR by playing automated DTMF patterns to stay in as long as possible, racking up minutes on a carrier they’re paid to score minutes for. Either way, you’re paying for premium minutes that aren’t yours.

You and I know these attacks are nothing new. But Collier explains the advent of VoIP and the proliferation of carriers has made call generation so much simpler, “and that’s what’s made it so nasty.” Attackers can throw literally thousands of calls at you very easily without spending more than a few bucks.

And that takes us to the monster casting an even bigger shadow over your telephone system. Telephony Denial of Service (TDoS) attacks have caused major problems for companies by overloading phone lines and essentially shutting them down. Some assaults hit out of the blue, and others are used as ransom. Foreign-based operations have been set up to call businesses and announce they will shut that number down unless they are paid for an erroneous debt.

And it’s working. This type of attack has taken down call centers and even emergency services. Collier told me his contacts at AT&T are aware of as much as $5,000,000 paid out on that particular scam. But as we all know, blackmail artists are like dogs under the dinner table, feed them, and they’ll be back.

A much newer form of threat comes from malformed packets. As you know, VoIP is transmitted in packets of data, coded and decoded on either end of the transmission. Maybe because they were force fed too much broccoli as a child, some attackers use these packets to do harm. A simple example is loading typically short fields, like Caller ID, with giant piles of data that stall or crash your phone system by making it work too hard. The worst case in these scenarios is that attackers can gain access to your network.

What all this means is, you need to be vigilant. Collier has a few ideas about how you can protect yourself, like black listing, and implementing algorithms to block uncivilized behavior. You’ll have no problem finding companies able to give you a hand.

But there’re are many ways you can build up defenses to fortify your system on your own. Too many to reasonably fit in this post. So in the coming weeks and months, we’ll examine best practices for keeping you, your phone system, and your budget safe from harm.