[VOIPSEC] VoIP Hacking so easy a Caveman can do it.

Simon Horne s.horne at packetizer.com
Wed Oct 3 19:01:49 CDT 2007 

Leslie

This is not really a SIP issue, it mainly applies to H.323 as over 80% of
international carrier traffic is H.323.

When he says a caveman can do it he's not far off the mark.
Most switches control access via CALs with each IP allocated to a billing
code. So all you need to do is once you gain access via the default password
you add your softswitch to the CAL and also to an existing billing code (so
some-else pays for your calls) then you use a gatekeeper like GnuGk which
has a very powerful freeradius billing backend and your in business. You can
offer the route (prefix) (through the compromised switch) on the VoIP grey
market clearinghouses. There usually isn't may questions asks or
requirements for identification. There are several of these on the net where
you offer a prefix, they do a couple of test calls and that's it you've sold
the route, no questions ask.

You can easily route 1 million plus minutes a month at from 1 to 15+ cents
per minute depending on the country so it does not take long to amass a
small fortune. Customers pay on time usually on no more than 7 day terms.

I can see this type of hacking happening in countries where VoIP is tightly
regulated and the market rates for the route are very high. In these cases
nobody is going to get prosecuted as the person who is being hacked is
probably doing it illegally anyway.

Simon


-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org]On
Behalf Of Leslie Asamoa-Krodua
Sent: Wednesday, 3 October 2007 2:38 AM
To: voipsec at voipsa.org
Subject: Re: [VOIPSEC] VoIP Hacking so easy a Caveman can do it.


Cc: Dan York - Blue Box Podcast <blueboxpodcast at gmail.com>, Shawn
Merdinger <shawnmer at gmail.com>

I thought that the community here knew about this story already?

Especially Dan York or Shawn Merdinger. By the way has Dan covered
this in his Bluebox Podcast? Which episode would that be?

And Shawn, do you realise there was a whole company behind this chap?
And they were making money, via exploits and then finally jail.

Leslie Asamoa
ALT'D Inc.


On Oct 1, 2007, at 5:31 PM GMT+02:00, Simon Horne wrote:

>
> "It's so easy. It's so easy a caveman can do it," Moore told
> InformationWeek, laughing. "When you've got that many computers at
> your
> fingertips, you'd be surprised how many are insecure."
>
> "I'd say 85% of them were misconfigured routers. They had the default
> passwords on them," said Moore. "You would not believe the number
> of routers
> that had 'admin' or 'Cisco0' as passwords on them. We could get
> full access
> to a Cisco box with enabled access so you can do whatever you want
> to the
> box.
>
> http://blogs.zdnet.com/ip-telephony/?p=2456
>
> Simon
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>



Leslie Asamoa
ALT'D
: +32 475603148


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.13.35/1039 - Release Date: 29/09/2007
9:46 PM

More information about the Voipsec mailing list