In Australia, Rising VoIP Attacks Mean Huge Bills For Victims 178
mask.of.sanity writes with this excerpt from ZDNet Australia: "Australian network companies have told of clients receiving phone bills including $100,000 worth of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls. A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ... Local network providers and the SANs Institute have reported recent spikes in Session Initiation Protocol (SIP) scanning — a process to identify poorly configured VoIP systems — and brute-force attacks against publicly-accessible SIP systems, notably on UDP port 5060."
The REAL crime here (Score:5, Insightful)
It isn't the people hacking into systems they aren't authorized to, it's the price and value of phone calls. In this day and age, we still have "long distance charges" and all that? Really? I can reach web pages hosted all over the globe but I can't make a phone call? It's not the technology, it's the abusive business models. Phone calls should be as free as the internet.
When dealing with telcos... (Score:5, Insightful)
don't use unbounded plans. If your provider doesn't offer hard limits for post-paid plans, choose pre-paid and never put more money into the account than you can afford to lose. Instead of looking out for their customers and telling them when their bill climbs to astronomical heights, telcos will gladly stand by and reap the insane profit. Consumers can only reasonably choose to treat their telco like a kid with a small cash allowance instead of a platinum credit card.
Re:The REAL crime here (Score:5, Insightful)
And that website on the other side of the world totally has the same level of Quality of Service as a phone call.
People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.
Re:The REAL crime here (Score:5, Insightful)
well maybe not that free, but they certainly do run a racket. It's basically an international Collusion [wikipedia.org] or Price Fixing [wikipedia.org].
Basically the long distance phone racket is a global Price Fix. Though they don't have any way to combat voip and the increasing options such as skype and telephones tied to cable modems. (we have those here in town... one cable modem provides your house with cable tv, internet, and phone service) Though the phone service I think is still using traditional long distance, but that may change. I suppose it's possible they're working hard behind to scenes to try to keep such digital phone service reliant on their "land lines", even though the calls would be going over the same fibers either way. Kinda funny how the same bits are being priced vastly differently, isn't it?
I can sell you this nail for two cents. Or would you prefer one of my high-tensile-strength wood adhesion devices for a quarter?
Who is placing the calls? (Score:5, Insightful)
Re:why do the 'victims' get bills? (Score:1, Insightful)
The key word being "if", it isn't that clear cut. SIP is only one half of the protocol. Most "loose" VoIP configurations don't channel the RTP stream through the same server as the SIP traffic. You can have a SIP server on the other side of the planet and still enjoy low latency if the other side of the call is close and the RTP stream is sent and received directly to/from the peer. The VoIP server would have to do extra work to proxy the audio data, so the P2P configuration is often standard. In that case, the other side (in these cases the POTS gateway) does see where the caller is and where the VoIP server is.
Anyway, even if the gateway operator can not detect the fraud based on technical indications, a large call volume to foreign countries is unusual for most businesses, as is a phone bill in the four to six digits. If an operator doesn't alert their customers to the buildup of such an unusually high bill, then the operator should not expect to get paid.
No surprise - the stuff is wide open by default (Score:5, Insightful)
Re:The REAL crime here (Score:4, Insightful)
And that website on the other side of the world totally has the same level of Quality of Service as a phone call. People put up with crappy cell phone calls, d ppin ev ry ther s lla le, but complain to high hell when there's the least bit of echo or static on a (non-VoIP) land line.
Funny, but that website on the other side of the world comes through perfectly without any data corruption or loss of quality even when I'm downloading tens or hundreds of megabytes of data more than I'd be receiving through a several hour long phone call. Hell, I can stream HD video just fine most of the time, but I can't get better than 3.3 kHz on a voice call -- by design.
If voice telephone service sucked as bad as the channel I get to someone's cheap personal website, it would be a vast improvement.
Re:The REAL crime here (Score:5, Insightful)
A web site doesn't have any particular latency requirements, other than 1 second or so.
Browsing the web on a geostationary satellite connection is OK. A phone call on one is pretty crappy.
This doesn't refute the original poster, but it's not as simple as you make out either.
Re:The REAL crime here (Score:4, Insightful)
Of course I realize that. But it's tilting at windmills to wish that there were no suckers in the world.
It's easier to catch the criminals than to get rid of (or educate) all the suckers. No matter how much you educate them, they'll keep thinking that "this one is different" or that they know better than everyone else.
Comment removed (Score:3, Insightful)
Re:The REAL crime here (Score:3, Insightful)
Most of the audio issues with VoIP calls end up being caused by end-user misconfiguration (hardware or software).
Unlike a regular phone connection, you have to deal with a bunch of end-user variables: Different mics and speakers, people sitting 3 feet away from their mics, people trying to use the crappy speakers on their laptop as a speakerphone without any echo- and/or feedback-cancellation other than what's built into the VoIP software (probably even on the server end).
Just try comparing Skype with laptop mics and the built in speakers to Skype with decent headsets. It's a world of difference...
I've actually been using SIPDroid on Android lately, and it's fantastic. Extremely reliable on both WiFi and 3G (usable on Edge, but the latency is noticable), with crystal clear quality. Sounds as good as any landline I've ever used... :)
Re:The REAL crime here (Score:3, Insightful)
Most packet loss is due to congestion, which using FEC is only going to make worse. So you'll gain your phone call clarity at the expense of other traffic.
Re:The REAL crime here (Score:1, Insightful)
What proportion of radio hams are female? Probably not a coincidence.