[VOIPSEC] Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy - Desktop Security News Analysis - Dark Reading (UNCLASSIFIED)

[Craig]

Classification:  UNCLASSIFIED 
Caveats: NONE



http://www.darkreading.com/document.asp?doc_id=166029


The attached link goes to an article that highlights a report put out by the
Georgia Tech Information Security Center (GTISC) regarding five emerging
threats that the authors see coming down the pipe in 2009.  One of those
threats is against VoIP.... as usual.  It talks about how VoIP DoS attacks
will be used to blackmail organizations.

As has been discussed before by many, the main reason there haven't been
more documented attacks is due to the fact that most VoIP implementations
are not exposed to the raw Internet.  Without that exposure, is it possible
to launch an effective VoIP specific DoS blackmail scheme against a company?


And considering the two most well known publicly used VoIP services, Vonage
and Skype, are they vulnerable to a VoIP DoS?  While I know of some
government organizations that would love to DoS Skype (at least in their
domain), it doesn't seem likely that an infrastructure as Skype has could be
DoS'd easily.


On a side note, regarding the fact that it seems VoIP is always on the lists
of emerging threats about to happen, perhaps we, as an industry of VoIP
security types, need to be wary that we don't push the panic button too
often.  VoIP is still new, is still developing and still has many known and
unknown security risk, but I wonder if someone is always saying something
'bad' is about to happen, will the message start getting ignored because
nothing major has happened before despite 'dire' predictions?

Anyway, just some thoughts..



Craig L. Bowser
CISSP		SANS GSEC (Gold)
-------------------------------
Hard work spotlights the character of people; some turn up their sleeves,
some turn up their noses, and some don't turn up at all!  




Classification:  UNCLASSIFIED 
Caveats: NONE