Forgot your password?
typodupeerror
Communications Crime Security The Almighty Buck IT

In Australia, Rising VoIP Attacks Mean Huge Bills For Victims 178

Posted by timothy
from the that's-off-the-hook dept.
mask.of.sanity writes with this excerpt from ZDNet Australia: "Australian network companies have told of clients receiving phone bills including $100,000 worth of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls. A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ... Local network providers and the SANs Institute have reported recent spikes in Session Initiation Protocol (SIP) scanning — a process to identify poorly configured VoIP systems — and brute-force attacks against publicly-accessible SIP systems, notably on UDP port 5060."
This discussion has been archived. No new comments can be posted.

In Australia, Rising VoIP Attacks Mean Huge Bills For Victims

Comments Filter:
  • by erroneus (253617) on Sunday October 10, 2010 @07:25PM (#33855160) Homepage

    It isn't the people hacking into systems they aren't authorized to, it's the price and value of phone calls. In this day and age, we still have "long distance charges" and all that? Really? I can reach web pages hosted all over the globe but I can't make a phone call? It's not the technology, it's the abusive business models. Phone calls should be as free as the internet.

  • by Anonymous Coward on Sunday October 10, 2010 @07:31PM (#33855190)

    don't use unbounded plans. If your provider doesn't offer hard limits for post-paid plans, choose pre-paid and never put more money into the account than you can afford to lose. Instead of looking out for their customers and telling them when their bill climbs to astronomical heights, telcos will gladly stand by and reap the insane profit. Consumers can only reasonably choose to treat their telco like a kid with a small cash allowance instead of a platinum credit card.

  • by Duradin (1261418) on Sunday October 10, 2010 @07:39PM (#33855228)

    And that website on the other side of the world totally has the same level of Quality of Service as a phone call.

    People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.

  • by v1 (525388) on Sunday October 10, 2010 @07:40PM (#33855230) Homepage Journal

    well maybe not that free, but they certainly do run a racket. It's basically an international Collusion [wikipedia.org] or Price Fixing [wikipedia.org].

    Basically the long distance phone racket is a global Price Fix. Though they don't have any way to combat voip and the increasing options such as skype and telephones tied to cable modems. (we have those here in town... one cable modem provides your house with cable tv, internet, and phone service) Though the phone service I think is still using traditional long distance, but that may change. I suppose it's possible they're working hard behind to scenes to try to keep such digital phone service reliant on their "land lines", even though the calls would be going over the same fibers either way. Kinda funny how the same bits are being priced vastly differently, isn't it?

    I can sell you this nail for two cents. Or would you prefer one of my high-tensile-strength wood adhesion devices for a quarter?

  • by OnePumpChump (1560417) on Sunday October 10, 2010 @07:44PM (#33855246)
    Is this stolen VOIP service being resold via phone cards, or what?
  • by Anonymous Coward on Sunday October 10, 2010 @07:45PM (#33855250)

    The key word being "if", it isn't that clear cut. SIP is only one half of the protocol. Most "loose" VoIP configurations don't channel the RTP stream through the same server as the SIP traffic. You can have a SIP server on the other side of the planet and still enjoy low latency if the other side of the call is close and the RTP stream is sent and received directly to/from the peer. The VoIP server would have to do extra work to proxy the audio data, so the P2P configuration is often standard. In that case, the other side (in these cases the POTS gateway) does see where the caller is and where the VoIP server is.

    Anyway, even if the gateway operator can not detect the fraud based on technical indications, a large call volume to foreign countries is unusual for most businesses, as is a phone bill in the four to six digits. If an operator doesn't alert their customers to the buildup of such an unusually high bill, then the operator should not expect to get paid.

  • by dbIII (701233) on Sunday October 10, 2010 @08:14PM (#33855388)
    Some idiots turned up to install a phone system here, and after a Darwin award attempt by sitting their drinks on the UPS they asked for telnet to be open to their system from the internet - and it has no password! They also wanted 5060 open so they could do remote tests.
  • by Angst Badger (8636) on Sunday October 10, 2010 @09:26PM (#33855668)

    And that website on the other side of the world totally has the same level of Quality of Service as a phone call. People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.

    Funny, but that website on the other side of the world comes through perfectly without any data corruption or loss of quality even when I'm downloading tens or hundreds of megabytes of data more than I'd be receiving through a several hour long phone call. Hell, I can stream HD video just fine most of the time, but I can't get better than 3.3 kHz on a voice call -- by design.

    If voice telephone service sucked as bad as the channel I get to someone's cheap personal website, it would be a vast improvement.

  • by GigsVT (208848) on Sunday October 10, 2010 @09:36PM (#33855698) Journal

    A web site doesn't have any particular latency requirements, other than 1 second or so.

    Browsing the web on a geostationary satellite connection is OK. A phone call on one is pretty crappy.

    This doesn't refute the original poster, but it's not as simple as you make out either.

  • by GigsVT (208848) on Sunday October 10, 2010 @09:53PM (#33855778) Journal

    Of course I realize that. But it's tilting at windmills to wish that there were no suckers in the world.

    It's easier to catch the criminals than to get rid of (or educate) all the suckers. No matter how much you educate them, they'll keep thinking that "this one is different" or that they know better than everyone else.

  • by hairyfeet (841228) <bassbeast1968 AT gmail DOT com> on Sunday October 10, 2010 @10:04PM (#33855828) Journal

    I'm sorry, but I gotta call bullshit. I'm a smoker, and I'd be MORE than happy to sign a "contract with America" that says in return for NO TAXES on my cigarettes the ONLY treatment I'll be given for a smoking related disease if I get one will be generic morphine which I'LL PAY FOR. Propose THAT to your local congressman and see how far it goes. I'd also look into how much of that tobacco settlement money actually went into treating smokers. my guess? Pretty damned little.

    As we have seen with the IOUs that are our social security ponzi scheme if you give a politician money THEY WILL SPEND IT full stop. Don't think for a New York minute that a "fat tax" will actually be used to pay for fat people any more than the smoking tax was socked away to pay for ailing smokers. I'm sure I'm not the only one who would be happy to tell them where they can stick their substandard "nanny care" and actually keep our money to pay for ourselves, but we don't get a choice and time and time again the government has shown anything you can do yourself they can do with massive amounts of waste, kickbacks, and 40 levels of bureaucracy.

    As for TFA? Phone lines are going the way of the 8 track. You know it, I know it, the telecos know it. Therefor they are gonna gouge like mad for every dime they can. Hell nobody I can think of, even my 70 year old mom, uses POTS anymore, thanks to their refusing to get with the times. Yeah I'm sure that if the world switched to VoIP there would be some dropped frames, and you know what? We wouldn't care because it ain't costing us $$ a minute. I've been on VoIP through my cableco going on 3 years and can't imagine ever going back. Sure I get the occasional bit o' static or glitch when I'm also slamming my network, but my GF lives 2 hours away and on POTS a 2 hour call was simply insane without signing for some stupid plan. Now I can talk as long as I want and never even think about it, as anything on the North American content is included in my $35. The phone companies are gonna gouge every bit they can from long distance because they know their time is nearly up, same way you should see the contracts they offer new bands now. You have never seen anything so blatantly one sided before in your life, but they know they are nearly out of time and are gonna snatch as much IP as humanly possible to coast on their back catalogs. Pure greed my friends, pure greed.

  • by bemymonkey (1244086) on Monday October 11, 2010 @01:24AM (#33856772)

    Most of the audio issues with VoIP calls end up being caused by end-user misconfiguration (hardware or software).

    Unlike a regular phone connection, you have to deal with a bunch of end-user variables: Different mics and speakers, people sitting 3 feet away from their mics, people trying to use the crappy speakers on their laptop as a speakerphone without any echo- and/or feedback-cancellation other than what's built into the VoIP software (probably even on the server end).

    Just try comparing Skype with laptop mics and the built in speakers to Skype with decent headsets. It's a world of difference...

    I've actually been using SIPDroid on Android lately, and it's fantastic. Extremely reliable on both WiFi and 3G (usable on Edge, but the latency is noticable), with crystal clear quality. Sounds as good as any landline I've ever used... :)

  • by Rising Ape (1620461) on Monday October 11, 2010 @03:25AM (#33857160)

    Most packet loss is due to congestion, which using FEC is only going to make worse. So you'll gain your phone call clarity at the expense of other traffic.

  • by Anonymous Coward on Monday October 11, 2010 @09:04AM (#33858384)

    So go back to the old Ham Radio protocol. One party talks while the other listens.

    What proportion of radio hams are female? Probably not a coincidence.

"How do I love thee? My accumulator overflows."

Working...