Blue Box: The VoIP Security Podcast: Blue Box #31: VoIP Fraud case, CALEA tutorial/commentary, VoIP security news, comments and more

June 26, 2006

Blue Box #31: VoIP Fraud case, CALEA tutorial/commentary, VoIP security news, comments and more

Synopsis: VoIP fraud case, CALEA tutorial/commentary, VoIP security news, listener comments and much, much more...

Welcome to Blue Box: The VoIP Security Podcast show #31, a 53-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 10-minute segment on the recent Pena/Moore VoIP fraud case and about a 15-minute discussion of the recent FCC decision about CALEA and what that means. There is of course the usual coverage of VoIP security news and comments from listeners

Download the show here (MP3, 61MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated - I am trying out a new audio encoder. Thanks.

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey - PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 - Please drop us a note if you are going to be there. Check out VOIPSA's blog if you have not already done so.
10:28 - Feature discussion of recent VoIP fraud scam that was all over the news:
- DOJ News Release
- DOJ complaint against Pena
- DOJ complaint against Moore
- Business Week: Is Your VoIP Phone Vulnerable? (and my VOIPSA blog response as well as Slashdot: VoIP Security Vulnerabilities)
- New Telephony: VoIP Network Security: How a Hacker Took Advantage of Vulnerabilities
- Networking Pipeline: VoIP’s Real Security Threat
- TMC.net: VoIP Security Hack Highlights the Need for Proactive Solutioins (by Bogdan Materna)
- FOX News / Eweek: Alleged VoIP Scam Highlights Looming Security Threat
20:26 - Feature discussion on CALEA and the recent FCC decision:
- VOIPSA blog
- Computer World: Court upholds VoIP wiretapping
- Jeff Pulver blog: The Week I Wish that Wasn’t—Down and Out in Washington, DC
- InfoWorld: Internet pioneers: VOIP wiretapping complicated (and VOIPSA blog )
- IT Assoc of America: CALEA and VoIP: Study Finds Wiretaps in Cyberspace Problematic
36:43 - Core Technologies Uncovers Vulnerabilities
37:41 - VOIPSA Blog: Not Just SPIT but SPOG and SPOM by Martyn Davies
38:19 - Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
38:53 - Burton Group session on VoIP
39:14 - VON Magazine online: Black Hat tracks VoIP
40:53 - Webtown – Jan in Malaysia: Ipoque PRX Traffic Manager now able to detect, control and block Skype Version 2.5. (trackback to http://www.typepad.com/t/trackback/5124548 )
41:23 - Steve Gibson’s Security Now covered NAT in #42 and Open Ports in #43.
42:02 - Upcoming Shows:
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
42:47 - Email comment from Mark Trifiro about having links launch in new windows
44:44 - Audio comment from Adrian Braun
45:27 - Email comment from Miguel Garcia – will be at IETF
45:51 - Email comment from “verizon user” pointing to ITAA report being on RISKS list
46:24 - Email comment from David Belle-Isle (threat vs vulnerability)
47:40 - Email comment from Chris Serafin about giving a customer case study
49:28 - Review of the last week's traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
51:26 - Shoutout to Sasha, the host of the Skype podcast
51:50 - Wrap-up of the show
- Mention of our Frappr map
53:15 - End of show

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on June 26, 2006 at 10:48 PM in Podcasts, VoIP Security, VOIPSA | Permalink

Comments

Dan, Jonathan,

First of all, let me say that I very much enjoy your podcasts. It's good to get a regular summary of what's been going on in the world of VoIP security.

Now, I have more info for you on Edwin Pena's alleged VoIP fraud, that I got from a guy in Houston whose company was scammed.

In his case, the protocol was H.323 and not SIP. He tells me that his VoIP-PSTN gateway was expertly hacked, apparently using a supervisory account, and its configuration was altered. To verify that the hack worked, test calls were made to a cellphone in New Jersey, according to logs in the equipment, which also revealed that they were made from locations in Brazil.

Once it was verified that the calls got through, traffic was directed to the hacked gateway from (presumably) an H.323 gatekeeper, apparently located at the NAP of the Americas in Miami.

The fraud was discovered by the unusual traffic patterns that resulted, when all the circuits on the gateway became busy. The destination of most of the calls was Jamaica, with origins in the UK, Australia and the US.

Once alerted to the fraud, the aggrieved business owner did some investigation, and traced the cellphone to Fortes Telecom in New York.

What surprised me about this story is that it doesn't involve hacked networks at New York hedge funds, decoy servers at hosting companies, nor brute force attacks to discover account prefixes, as laid out in the criminal complaints against Edwin Pena and Robert Moore. It seems as though a variety of attacks were made, not all of which were described by the US Attorney's office.

Nevetheless, it does stress the need for adequate perimeter security around VoIP softswitches and gateways, a case I think the proponents of session border controllers have made fairly convincingly on the VOIPSEC list recently.

Regards,

Rob Welbourn

Posted by: Robert Welbourn | June 27, 2006 at 06:17 PM

The comments to this entry are closed.

Contact Information

E-mail
[email protected]
Syndication

Subscribe to this podcast
Follow Us
Twitter: @blueboxpodcast
Google+: Blue Box page
Comment Line
+1-415-830-5439
Direct Telephone
(Dan) Skype danyork or
+1-802-735-1624
Subscribe via e-mail
Enter your email to subscribe:

Powered by FeedBlitz

Full Disclosure

Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.
Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.
This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.