Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

How law enforcement sees VoIP

Published on Jul 27, 2009 in

While browsing Wikileaks, I came across a document titled “An Overview of VOIP for Law Enforcement, 23 Dec 2008”. It reads as a “VoIP explained” document for law enforcement , explaining the basics and the restrictions that law enforcement agencies have when it comes to VoIP. Here’s a summary:

  • The difference between a traditional phone call and a VoIP phone call is discussed (signals and circuits versus packets)
  • With VoIP various devices may be used: software (softphones) installed on a pc, VoIP gateways and IP Phones
  • Discussion of caller id spoofing, how it makes it harder for LE to tell if the call is from a VoIP provider or a real number or not (anonymous calls)
  • Vishing, the act of phishing by involving VoIP
  • Actively tracing VoIP calls is almost impossible
  • 911 emergency calls or VoIP E911 is mentioned
  • There are 4 ways to identify VoIP usage: the Caller ID (which may be spoofed), Phone records (where tracing is similar to tracing the source of email), VoIP hardware (eg. phones connected to ethernet) and VoIP software
  • CALEA was updated in 2005 to cover VoIP providers so that LE to allow tapping, recording and tracing of phone calls
  • Due to the international nature of the Internet, if the provider is not US-based, then it does not have to comply with these laws or LE requests

Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.