Voice of VOIPSA

Is the voice service outage that TelePacific Communications experienced today the result of cybercriminials attacking TelePacific’s SIP infrastructure?

TelePacific offers a service called “SmartVoice” that appears from their website to be the basic type of SIP service provided by many service providers these days. On March 24th, they started experiencing an outage and their Twitter page tells the tale, from the initial report to the beginning of a recovery to a 50% recovery to more reports on March 25th through to full restoration on the 25th.

Today, however, there is a report in Channel Partners Online provocatively titled: “TELEPACIFIC NETWORK OUTAGE: CYBER-TERRORISM?” The article quotes TelePacific President and CEO Dick Jalkut:

Jalkut said the “cyber attack choked our servers and resulted in a significant loss of service to customers – in most cases an inability to make and receive calls.” But the attack did not impact customers’ Internet or data services.

He goes to say that they have implemented further monitoring and protection, particularly in their session border controllers.

At this point TelePacific indicates they have engaged the FBI to assist in tracking down the external sources of the attack. TelePacific also indicates that they plan to more information during upcoming industry forums and I look forward to hearing more about this. From the bare details provided thus far, it certainly sounds like an attack focused on their SIP infrastructure – and it would be good for the rest of the industry to hear about and learn from.

P.S. Kudos to TelePacific, too, for what appears to be a solid use of Twitter as a way to keep customers and others informed of what was going on during the outage.

If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.

We at SecureLogix are hosting a webinar today to cover the Voice and Unified Communications: State of Security Report today at 1:00 CST along with the folks from NoJitter. Here is a link to the webinar registration page.

The Digium security team issued two security advisories this week for Asterisk:

• AST-2011-003: Resource exhaustion in Asterisk Manager Interface
• AST-2011-004: Remote crash vulnerability in TCP/TLS server

The second one, AST-2011-004, is the far more concerning because it indicates that a remote attacker could connect to an Asterisk system and cause it to crash.

The solution, in both cases, is to upgrade to the latest Asterisk releases.

UPDATE: 3/18/11 – Olle Johansson pointed out on Twitter:

Either upgrade or do not use SIP/TCP. Installations only using SIP/udp is not affected and do not need to upgrade.

Thanks for the clarification, Olle.

Here is a link to the SecureLogix State of Communications Security Report. It is currently at the NoJitter site. We will post it to our website and here in a couple of weeks.

http://www.nojitter.com/sponsoredcontent/view/cid/3900003

This is the first time ever that anyone has released a security report that is focused on voice/VoIP/communications. The report describes voice security trends and includes a ton of data from 100′s of assessments, that backs up the trends we present.

By way of the Infosthetics site, I learned this morning of a video produced by Dataviz Australia that uses data from a VoIP honeypot server to visualize what the attack looks like. The Dataviz Australia blog post has more information about what they are specifically showing here. I am always intrigued to see how people can come up with new ways to enable us to look at data differently, and this is an interesting video for that. Enjoy…

Visualizing a cyber attack on a VOIP server from Ben Reardon, Dataviz Australia on Vimeo.

If you have been at the Enterprise Connect show this week in Orlando, Florida, one of the perhaps unexpected booths on the exhibit hall floor was that of the National Security Agency (NSA). The booth was staffed by two great guys (who rapidly moved away when I raised my iPhone camera) who explained that they were there as part of the agency’s “Commercial Solutions Center” looking to find commercial technology that can help with the secure mobile solutions they are looking to deploy for the NSA.

One of the NSA staff will be on a Enterprise Connect communications security panel at 9:00am in the “Sun B” room of the Gaylord Palms tomorrow (Thursday, March 3, 2011). They are also hosting a private meeting tomorrow at the Gaylord Palms from 1-3pm for people interested in learning more. The best way to find out more about that meeting would probably be to attend the 9am session. (They were promoting details at their booth, too, but the exhibit area is now closed.)

Good to see the NSA reaching out to the commercial sector and when more information is available about their program (they said it would be soon) I’ll update this post.

Over on the Tekelec blog today, Dorgham Sisalem writes on “DNS and SIP: Threats and Protection“, an area of discussion that, quite frankly, hasn’t really received much attention. DNS plays a vital role in VoIP and unified communications, and so the security around DNS and SIP definitely deserves consideration. The post is not too long, so rather than summarize, I’ll just point you over there…

Can you trust “the cloud” to be there for communications? What about latency issues? availability? What should you be most concerned about?

Those are issues that I (Dan York) will be discussing on a panel on Friday, Feb 4, 2011, at the Cloud Communications Summit in South Beach, Miami. The abstract is:

There’s a general consensus that Cloud Communications improves the bottom line while reducing both financial and technology risks. What about from a security perspective? This session identifies the differences between premise based and cloud based offerings from a security perspective, and provides the audience with a checklist of what to worry about as they move into the cloud. This session is appropriate for both business and technologists.

I’ll be on the panel along with folks from Rackspace, Pac-West and Path Solutions and the whole session will be moderated by analyst Dave Michels. It should be a fun discussion… if you are down in Miami, do come and join us!

Will you be in South Beach, Miami, next week for the collection of conferences around TMC’s ITEXPO event? If so, I’ll be there participating in two sessions in Ingate System’s SIP Trunking Workshop.

First, on Wednesday, February 2nd, I’ll be on a panel at 1pm about “SIP, UC and Security”. We’ve done this panel at other ITEXPO events and it has always created some interesting conversations and discussions.

The following morning, February 3rd, at 9am, I’ll be part of a panel on “Unified Communications” where security will be one of the many factors discussed.

If you are down in Miami for ITEXPO, the Cloud Communications Summit, Digium/Asterisk World or any of the other events, please do stop by and say hello… or find me down at one of the sessions I’m in (my schedule is online). You can always email me or ping me on Twitter.

It may be a wee bit of a late notice for folks to join the call live, but in about 50 minutes, the VoIP Users Conference will have their weekly live call talking this week with folks from Humbug Telecom Labs about their tools for detecting and analyzing VoIP fraud.

You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call.

If you can’t attend the call live, a recording of the session will be made available later from the episode’s web page.

If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.