Topic: Hackers target net call systems

[Clive]

Malicious hackers are turning their attention to the technology behind net phone calls, says a report.

The biannual Symantec Threat Report identified Voice over IP (Voip) systems as a technology starting to interest hi-tech criminals.

The report predicted that within 18 months, Voip will start to be used as a "significant" attack vector.

As well as prompting new attacks, Voip could also resurrect some old hacking techniques, warned the report.

Call charges

Voip has been in the news a lot in 2005 as more and more people realise how much money they can save by making some of their calls via the net instead of through old-fashioned phone lines.

But routing phone calls via the net makes Voip systems vulnerable to a whole series of security problems, notes the Symantec report.

The growing use of Voip could encourage the emergence of:

audio spam that clogs voicemail boxes with spoken adverts
voice phishing that tries to con people into handing over confidential details
caller-ID spoofing which allows conmen to make it look like they are calling from a legitimate number such as a victim's bank
call hi-jacking that re-directs calls to conmen and criminals
Ollie Whitehouse, technical manager at Symantec's research labs, said it was important not to overplay the threat from the subversion of Voip technology.

"While there are currently very few reported attacks directed at Voip systems," he said, "Symantec believes it's only a matter of time before attackers target it more intensely."

The report also said that Voip could fuel a renaissance of an old hacking technique known as war-dialling.

In its original form this involved making a huge number of phone calls to find out which ones respond with a data tone.

 THREAT STATISTICS
48% increase in Windows viruses in six months
74% of the top 50 malicious code samples steals confidential information
80% of the top ten adware programs install themselves via browsers
50% of top ten adware programs hijack browsers
61% of all e-mail is spam
51% of all spam originates in the US
Some hacker groups could trawl through Voip numbers to find what is sitting at the other end of them or to root out poorly protected servers that can then be exploited.

The report also mentions other computer security threats that continue to be a problem.

Symantec researchers have noticed the growing use by criminal hackers and hi-tech crime groups of stripped down worms, viruses and trojans to compromise machines.

Once installed, the programs contact a server and download new parts so they can cause more damage to the computer hosting them or other machines on that network.

So-called bot herds - networks of compromised PCs under the control of a malicious hacker - continue to be used as launch pads for other types of attack.

Increasingly common, Symantec researchers noted, was their use in carrying out denial-of-service (DoS) attacks which bombard target machines with so much data that they cannot cope.

The report noted that, on average, 927 DoS attacks were being carried out every day.

 http://news.bbc.co.uk/1/hi/technology/4259554.stm