Feeds

Botnet control fears over IP telephony

Touching the VoIP

Internet Security Threat Report 2014

VoIP networks such as Skype and Vonage might be used to control networks of compromised machines because of security shortcomings that give hackers a better opportunity to cover their tracks, security researchers warn.

Boffins at the Communications Research Network (CRN), which involves academics from Cambridge University and the Massachusetts Institute of Technology as well as industry experts - reckon that VoIP applications provide a means to anonymously launch denial of service attacks.

Networks of virus-infected machines under the control of hackers (so-called botnets) are generally controlled using IRC networks. Attack commands might also be sent via instant message. But if control traffic were buried in streaming IP Telephony packets it would be far harder to trace it origins, and catching those responsible for DoS attacks would become much more difficult.

The Communications Research Network’s working group on Internet Security argues the ability to dial in and out of VoIP overlays allows for control of an application via a voice network, making it almost impossible to trace the source of an attack. In addition, proprietary IP Telephone protocols inhibit the ability of ISPs to track denial of service activity. Encryption for user privacy, P2P systems to assist with call routing and NAT/Firewall traversal further obscure the command traffic.

"While these security measures are in many ways positive," says the CRN’s Jon Crowcroft, the Marconi professor of communications systems at Cambridge University. "They would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks. Although one could slowly shut down and patch or upgrade the exploited machines, it would be much harder to find affected computers and almost impossible to trace the criminals behind the operation."

CRN doesn't have any evidence that hackers are using VoIP network to hide their nefarious activities. Nonetheless CRN reckons use of the technique is only a matter of time. CRN has spoken to VoIP network providers to raise its concerns prior to going public this week. It reckons the security loophole it identifies could be closed if VoIP providers were to publish their routing specifications or switch over to open standards.

Suspects in denial of service attacks have generally been arrested by tracing money offered to them as pay offs, sometimes as part of sting operations. Follow the money rather the following the packet remains a far more straightforward investigative technique.

While the points that CRN makes about the possible use of VoIP networks to obfuscate attack data (which isn't happening just yet, even according to CRN) are valid, we can't help feeling that in focusing on how attack networks are controlled it's missing the bigger picture that there an unknown, but large number of compromised Windows PCs out there that need to be identified and fixed, a problem that has become a major project for security vendors and ISPs over recent months. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.