Skip to main content

Tags cyber crime

Vishing alarming rise

Published on Jan 21, 2008 in ,

As phishers keep searching for new ways to dupe their victims into submission, they will start eying VoIP more and more. Check out this the register article where the FBI issued a new warning. Nothing really new from a security social engineering perspective. image stolen from blogantivirus…

Read more »

How to get the job done - a short story

Published on Oct 23, 2007 in ,

Just published a short story called “How to get the job done”. The plot is a scenario showing how SIPVicious tool suite can possibly be used in a corporate environment by a malicious intern. Hope you guys like my shameless self promotion.…

Read more »

Another interview with Robert Moore

Published on Sep 26, 2007 in , ,

Information Week published an interview with the notorious VoIP hacker who was charge with fraud last year. The main point that came out of the interview is that the password is the weakest link. He mentions two VoIP vendors - Cisco and MERA and how he felt comfortable with breaking into these systems because of default or easily guessable passwords. In a previous interview we learned that he mainly attacked H323 devices rather than SIP boxes, however the attacks that the attacker pulled off are quite similar to what you can do with SIPVicious tools.…

Read more »

MediaDefender Phone Call was over VoIP

Published on Sep 18, 2007 in ,

If you’re not familiar with the leak, this article on TorrentFreak talks about phonecalls between a New York attorney and MediaDefender which were leaked out. Funnily enough (for some), during the phone call one of the parties says: “what we could do if you wanted, change the port … change the login, obviously the password, if you guys need to know the password that we’re using we can just communicate that by phone.…

Read more »

Interview with a VoIP hacker

Published on Aug 3, 2007 in , ,

Telecom Junkies published an interview with Robert Moore, who has been convicted of VoIP hacking / fraud. In the interview, Moore explains that they used easily guessable passwords as well as default ones to get free VoIP service. The VoIP-based attacks targeted H.323 not SIP. Similar attacks to ones described in the interview can be launched on SIP based PBXs by making use of svmap, svwar and svcrack. Moral of the story: audit your PBX now before someone else does ;-)…

Read more »