Wednesday, May 11, 2011

Hacking threat costs VOIP users

The growing move to IP-based telephony is costing SA's economy millions, as hackers are exploiting networks that aren't properly secured, a threat that will increase as more people move to voice over Internet Protocol (VOIP).

Within the next two to three years, all communication in SA is expected to be IP-based, and companies are increasingly moving to VOIP. However, hackers are taking advantage of the step-change, and a local company recently found itself with a R100 000 bill resulting from fraudulent calls made over a weekend.

Hacking into a VOIP system is as simple as exploiting the Internet, say market commentators. Yet, while companies secure data to limit the threat of having it stolen, people don't pay as much attention to their IP-based telephony, an oversight that could cost firms millions, potentially forcing them to shut shop.

Du Pont SA CEO Graeme Victor says hackers from outside SA are increasingly hacking into VOIP systems, and companies that don't secure their lines are facing huge bills. He explains that a small Johannesburg-based company recently ended up with a R100 000 invoice, and the hackers only stopped because the company had reached its credit limit.

Victor explains hackers exploit open ports, which are accessed through the Internet. The issue is becoming a big concern in the industry, he says. “More and more people are talking about it.”

Companies that don't put in security measures will bear the brunt, because the client carries the cost of the call, says Victor. “Once they find an open IP range, they make calls to their heart's desire.”

With the growing move to IP-based telephony, Victor expects the number of companies vulnerable to hacks to increase. He has heard of some companies forking out millions in phone bills because of hacking. “The numbers can be horrific.”

Massive concern
VOIP hacking is a “massive” issue and is as much of a problem as Internet attacks, says Vox Orion MD Jacques du Toit. He adds hackers break into systems on a daily basis, and companies that don't secure their networks will end up footing the bill for breaches.

Du Toit says competition is increasing in the VOIP space, and the “new kids on the block” will be more vulnerable to security breaches than those that have already put measures into place to limit losses.

Companies could easily lose thousands of rands because international calls vary between R1.50 and R12 a minute, says Du Toit. He says hackers could sit on the line for hours running up bills.

Du Toit explains the session initiation protocol (SIP), used to carry voice over the Internet, is open to abuse. He says hackers look up SIPs and exploit them if they aren't properly secured.

Vox Orion has been aware of VOIP hacking since the technology's early days, and has put systems into place that monitor unusual trends, cutting off traffic that is unusual and saving clients cash, says Du Toit. “You can never 100% prevent it if it's a breach on the customer's side, but you can limit damage.”
Du Toit anticipates companies will start requesting that providers put measures in place to limit potential breaches, which will push costs up.

Counting the cost
Andy Openshaw, sales, marketing and business development director at ECN Telecommunications, says hacking is “on the up and up”, and VOIP companies try and stay a step ahead of the hackers, but this is becoming more technically advanced and more difficult to prevent.

Openshaw says network operators will have to invest in security, which will push up costs, but the additional expense will be worth it in the long run, rather than facing the risk of a company that can't pay its bill. “It does come with a price tag.”

ECN and its customer base are regularly subjected to hacking attempts, says Openshaw. The company has developed a number of systems and solutions to protect itself and its customers from attacks, he says.

Hackers can cost companies millions, and could easily run up a bill of R600 000 over a weekend, says Openshaw. “As the hackers advance, the complexity of the measures needed to ensure you remain safe from hacking increases,” which adds costs to network operators, he says.

Openshaw says hacking is an increasing threat. “The hacking of a network becomes a challenge to the hacker, as well as a financial windfall when successful,” he adds.

Tallying the cost is very difficult, but runs into millions of rands, says Openshaw. The time spent developing systems to prevent hacks on an IP network is also a significant cost, he adds.

Openshaw explains hackers run through millions of potential IP addresses in the hope of finding an unsecured link. Open addresses allows them access to a network, opening up access to a termination party, through which they are then able to send expensive destination traffic at no cost to themselves.

Playing safe
WWW Strategy MD Steven Ambrose says people tend to use simple passwords and user names that can easily be compromised. He says hacking into a VOIP system is easier than getting into a physical landline. “They don't have to send people up poles with clips.”

Ambrose says, while the hackers could betraced through their IP addresses, this isn't easy as they could just disconnect, or could route the hack through a proxy. “It's a ludicrously simple way of making phone calls.”

In the next two to three years, all communications will be IP-based, and as VOIP grows in use, hacking will increase, says Ambrose. “It's one threat that will be more and more pervasive as we go forward.”
VOIP hacking will become a big issue and could potentially sink companies if hackers ring up huge phone bills, says Ambrose.

By Nicola Mawson, ITWeb senior journalist.

http://www.itweb.co.za/index.php?option=com_content&view=article&id=43442:hacking-threat-costs-voip-users&catid=260

No comments:

Post a Comment