Monthly Archives: August 2007

Podcast: "The Real Risks of VoIP Security" Panel from VON Europe 2007 in Stockholm, Sweden

Were you unable to get to VON Europe ’07 in Stockholm, Sweden back in June to hear the panel session on “The Real Risks of VoIP Security“?  Well now you can hear it.  Blue Box Special Edition #19 is now available for download.

In this session, our own Martyn Davies is the moderator and the panelists are Ari Takanen of Codenomicon, Cullen Jennings of Cisco and Akif Arsoy of Verisign.  Readers of the VOIPSEC mailing list will have seen posts from Ari at various times and it’s hard to escape Cullen in the world of IETF standards!  Rather than just going through endless slides, the panel engaged in a conversation based on questions from Martyn and then the audience.   It was a lively session with lots of good questions, interaction from all three of the panelists and Martyn with the audience… and Cullen making the kind of statement “that everytime someone from Cisco makes a statement like this we make ourselves subject to attack” (you’ll have to listen to understand that teaser 🙂

I think you’ll find it both enjoyable and educational.  Thanks to Martyn for producing the recording and for Ari, Cullen and Akif for agreeing to have it distributed.  Thanks also to Carl Ford, Jeff Pulver and the rest of the VON team for allowing us to record and distribute the session.

Jonathan and I welcome any and all comments about these special editions.  You can leave them here on the VOIPSA weblog, on the Blue Box weblog, sent to or called in to our comment lines at +1-206-350-2583 or

Skype Journal: "Security, Skype and the Blackberry"

With the rise of new Skype clients for the Blackberry, such as iSkoot and IM+, one of the obvious questions raised by bloggers (including myself) was “what about the security?” Particularly since you have to give the Blackberry client your Skype username and password, essentially giving the client (and its developers) full access to your Skype account. Well, Jim Courtney over at Skype Journal also writes a good bit about Blackberries as well as Skype download, and posted his response to the issue on Friday: “Security, Skype and the Blackberry“.

I still suffer a lingering uncertainty, but I’ll admit that Jim’s digging does seem rather persuasive.

Technorati tags: , , , ,

Telecom Junkies podcast: Interview with a VoIP Hacker (Robert Moore of the Pena/Moore voip fraud case)

imageRemember the Pena/Moore voip fraud case back in June 2006? Would you like to know how the attacks were done?  And how you can protect your network?

First, for those who don’t recall, this was a case where Edwin Pena was alleged to have set himself up as a voice service provider and then, with the assistance of a developer named Robert Moore, routed his customer’s calls across the networks of other VoIP service providers.  Pena is alleged to have stolen at least 10 million minutes from other voice service providers and made in excess of $1 million dollars. Pena subsequently fled the country (and remains even today a fugitive).  We wrote about it here and also covered it in Blue Box podcasts #31 and #33 and I was a guest on a Telecom Junkies podcast back in July 2006 discussing the case.

In any event, one year later Robert Moore has been convicted for his part in the scheme and on July 24th was sentenced to a two-year term in prison, 3 years probation and a $150+K fine.  

Before he reports to prison in about 6 weeks, though, Moore got in contact with Jason Huffman from The Voice Report to ask if Jason was interested in an interview.  Given my prior involvement with the Telecom Junkies podcast, Jason contacted me to see if I would also be interested in coming onto the show.  Both he and I were concerned about interviewing someone recently convicted (i.e. not wanting to glorify the crime or criminal), but I shared Jason’s view that if we could obtain information about how the attacks were done we could potentially help people protect their systems against these type of attacks.  (Jonathan was also invited and provided great feedback but was unable to attend due to scheduling issues.)

The result is a new Telecom Junkies podcast: “Interview with a VoIP Hacker” which is available for download.

As we’d discussed in our previous coverage of the case, there were really two different types of systems that were attacked:

  1. Voice gateways of VoIP service providers
  2. Servers/routers of other businesses that were compromised to hide the source of traffic going to the voice gateways

In the interview, Robert Moore confirms that all the voice gateway attacks were H.323 (no SIP was involved) and they weren’t terribly sophisticated because the VoIP service providers didn’t have all that much security in place.

Moore also indicates that all the other boxes (#2) were compromised primarily by easy means such as weak and easily guessable passwords – or even worse, unchanged default passwords.  In some cases, there were boxes on the Internet with exposed SNMP ports that then let the attackers learn all about the box so that they could then research potential vulnerabilities.  This part really had nothing whatsoever to do with VoIP but instead with really just basic IT security practices which were (and undoubtedly still are) very obviously not being followed by many folks out there. 

In any event, the interview is now available for listening.  Meanwhile, Moore is soon heading off to prison and Pena is still somewhere out there…

P.S. If anyone listening can identify the name of the second switch vendor that Moore indicates he went after, neither Jason nor I could identify it despite my request for the name to be repeated.

UPDATE: Thank you to all who responded. The other switch was a Quintum Tenor –