Skip to main content

Tags cyber crime

Sandro Gauci

Sandro Gauci, Enable Security

If SIPVicious gives you a ring…

Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

11 million Euro loss in VoIP fraud .. and my VoIP logs

Published on Dec 14, 2010 in , ,

And the attackers made over 1 million in profits. This just emerged from a raid (and hearing apparently) in Romania and other countries. The two main persons being fingered are Catalin Zlate and Cristian Ciuvat. It seems that they were scanning for PBX servers with phone extensions that have weak passwords. Then they abused these accounts to make phone calls for “free”, except that free has the price of 11 million EUR for the victims!…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge

Lots going on right now. The following is a summary: Recurity Labs just published the jail-break for Cisco CallManager (CUCM) v7/8 which I had something to do with ;-) Will be presenting at Athcon on VoIP insecurities and cybercrime- drop me an email if you’ll be there TFTPTheft has been updated to support template filenames Will be posting more on TFTPTheft with use cases and examples. If you do have questions, drop me an email.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

On breaking phonecall encryption and publishing fake research

Published on Feb 1, 2010 in ,

Recently, some “not so anonymous” security researcher posted research on a website called InfoSecurityGuard. It showed how he had broken the encryption provided by various mobile phone security products. Ofcourse this caught the eyes of various journalists who wrote about this without much consideration. So what did this researcher find out? The research focuses on the fact that once you get malicious software on a phone, you can listen on the phonecall even with encryption software in place, such as CellCrypt or Gold-Lock.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Phone phreaks are now using call forwarding features to make free phonecalls!

Published on Jan 21, 2009 in ,

Actually, they have been doing that for quite a while; say a couple of years. Yet it still works, and we only hear about it when some organization is hit with a hefty phone bill because their PBX server has been abused. The West Australian is running a feature article on various (undisclosed) cases where PBX systems, some traditional while others are IP-based (and exposed on the Internet) were abused to make phonecalls to foreign countries.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

VOIP Scanning on the increase

Published on Jan 6, 2009 in , , ,

Various service providers and vendors have noticed an increase in VoIP scanning traffic. Arbor Networks mentioned VoIP attacks as one of their increasing concerns. A Norwegian honeynet detected various INVITE requests trying to get VoIP systems on the internet to dial specific numbers. This scan is for open VOIP relays. VoIP attacks are nothing new really and some people in the telco-fraud business seem to have been around for quite a while.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Analysis of a VoIP Attack

Published on Oct 24, 2008 in ,

Klaus Darilion published an interesting paper explaining what happened to German VoIP users and how to mitigate. I suggest that you read this one. Looks like attacks are becoming more and more widespread / mainstream.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Homeland Security Dept’s PBX hacked?

Published on Aug 21, 2008 in

Ouch! ZDNet have a short article about a misconfigured PBX making 400 calls to some of the hottest countries around: Afghanistan, India, Yemen and Saudi Arabia. Very ugly .. hope that the details emerge. If anyone has more details email me or post here. Promotional message: SIPVicious is free - test your SIP based PBX before someone else does ;-) Update: Apparently it consisted of voicemail hacking you know that thing from the 90s.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

VoIP and identity fraud on the BBC

Published on May 15, 2008 in

The BBC News is running an article highlighting one of the most basic vulnerabilities in the majority of current VoIP providers - the lack of encryption. Indeed, this is a problem since SIP passes an md5 hash of the password as clear text and therefore anyone watching the traffic can perform an offline attack and quickly recover the credentials. The attack has been described in countless blogs, articles and papers by now and some tools are very efficient in demonstrating this issue.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Swatters using VoIP to spoof caller id

Published on Mar 14, 2008 in ,

Its no news really to whoever is familiar with swatting, but this is something that recently came into the light in the public media as a few people have been found guilty of this real bad prank. What is swatting? It’s basically someone calling the 911 service, spoofing the callerid and pretending to be under attack from some maniac. What happens then is that a SWAT team is sent to the residence on which the spoofed phone number is registered.…

Read more »