Tags › cyber crime
Vishing alarming rise
Published on Jan 21, 2008 in cyber crime, voip security
As phishers keep searching for new ways to dupe their victims into submission, they will start eying VoIP more and more. Check out this the register article where the FBI issued a new warning. Nothing really new from a security social engineering perspective. image stolen from blogantivirus…
Read more »How to get the job done - a short story
Published on Oct 23, 2007 in sipvicious oss, cyber crime
Just published a short story called “How to get the job done”. The plot is a scenario showing how SIPVicious tool suite can possibly be used in a corporate environment by a malicious intern. Hope you guys like my shameless self promotion.…
Read more »Another interview with Robert Moore
Published on Sep 26, 2007 in voip security, cyber crime, default passwords
Information Week published an interview with the notorious VoIP hacker who was charge with fraud last year. The main point that came out of the interview is that the password is the weakest link. He mentions two VoIP vendors - Cisco and MERA and how he felt comfortable with breaking into these systems because of default or easily guessable passwords. In a previous interview we learned that he mainly attacked H323 devices rather than SIP boxes, however the attacks that the attacker pulled off are quite similar to what you can do with SIPVicious tools.…
Read more »MediaDefender Phone Call was over VoIP
Published on Sep 18, 2007 in cyber crime, voip security
If you’re not familiar with the leak, this article on TorrentFreak talks about phonecalls between a New York attorney and MediaDefender which were leaked out. Funnily enough (for some), during the phone call one of the parties says: “what we could do if you wanted, change the port … change the login, obviously the password, if you guys need to know the password that we’re using we can just communicate that by phone.…
Read more »Interview with a VoIP hacker
Published on Aug 3, 2007 in h323 security, cyber crime, default passwords
Telecom Junkies published an interview with Robert Moore, who has been convicted of VoIP hacking / fraud. In the interview, Moore explains that they used easily guessable passwords as well as default ones to get free VoIP service. The VoIP-based attacks targeted H.323 not SIP. Similar attacks to ones described in the interview can be launched on SIP based PBXs by making use of svmap, svwar and svcrack. Moral of the story: audit your PBX now before someone else does ;-)…
Read more »