« Firefox Add-ons for Teachers | Main | Data Deletion Done Right »
DoS, Vishing, and SPIT – Oh My!
Meet the Dark
Side of Internet Telephony
By: Eric
Durrand
Internet Telephony, or VoIP (Voice over Internet Protocol), is quickly replacing traditional telephony, as more organizational and home users opt to use their broadband connections for phone communication. The number of VoIP phone lines in the US has grown from 1.8 million in 2002, to 9.9 million in 2005, and is projected to go up to 26 million by 2008, according to a research by the Telecommunications Industry Association (TIA). Providers like Cablevision, Vonage and others turn VoIP to a reality for many, providing quality telephone services for a fraction of the cost, or sometimes for a fixed price.
But not all bodes well for early adopters making the transition into Internet Telephony. As prices of calls plummet, spammers who are used to send millions of junk messages over E-Mail for free, start eyeing the new medium, dreaming of the potential to one day be able to make millions of pre-recorded commercial calls! Experts call this new threat SPIT: Spam over Internet Telephony, and unlike regular E-Mail spam, there is currently no simple filtering solution.
Qovia, a telecom company based in Frederick, Maryland, ran a simulation showing how a single PC can make 1,000 calls a minute using VoIP. In VoIP networks with unlimited calling or “peering”, where there is no financial penalty for making thousands of calls, a spammer (or, rather, SPITer) might find it profitable to make infinite calls even with a very small percentage of response.
Another threat involving VoIP is dubbed Vishing, a paraphrase of Phishing, a common type of E-Mail fraud. In an ingenious fraud perpetrated recently for the first time, individuals got a scam call from what appeared to be the number of a respected financial institution, and told that their credit card had been used illegally. They were then asked to call a fake 1-800- number, and when they did an automated system collected their credit card details and promised to take care of the problem. In fact, the numbers went into the criminal’s database of stolen credit cards, which they could later use to empty their victim’s account.
Denial of Service attacks (DoS), is a final scary scenario to consider. If SPIT spammers can make a thousand calls a minute using a single PC dialing to different locations, what can they do if they keep calling the same number? The answer: temporarily take down the phone line, which could mean considerable disruption to an organization, and potential loss of income.
As with any new medium of communications, VoIP too will inevitably be abused by those who seek to profit at the expense of others. The solution, as always, is not to avoid new technologies, but to embrace them with open eyes and stay wary of the risks involved. As certain nuisances become more acute, various solutions will undoubtedly be developed to fight them. We’ll keep you up to date with what you need to know.
Posted on August 14, 2006 at 02:05 PM in Telecomm | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341d42b753ef00d83531de3253ef
Listed below are links to weblogs that reference DoS, Vishing, and SPIT – Oh My!:
Comments
The comments to this entry are closed.
