VoIP (Computer Phone) Warning
Never before in the history of telecommunications has a more important warning been needed for current and potential VoIP (computer phone) users who have joined, or will be joining, in the inevitable paradigm shift from telephone to VoIP.
Warning! Warning! Warning!
Beware of VoIP internet service providers that operate on industry standard codec and industry standard protocols because they are PUBLICLY OPEN and INTERPRETABLE! This also includes, but is not limited to, peer-to-peer (P2P) networks.
In plain terms, this means, if you subscribe to, or considering subscribing to a VoIP internet solution provider who operates on these industry standards – and over 90% do -- you have inadvertently made yourself vulnerable to the criminal activities of hackers. Regardless of the type of anti virus software you have on your computer, the publicly accessible industry standards provide a pathway by which these criminals can access your computer to plant viruses, worms, Trojan horses, and/or steal your identity.
Like sharks in a feeding frenzy, unscrupulous criminal hackers view systems operating on these industry standards as their personal “Cash Cow” because of the ease by which they can access your computer and gather your information to sell to other criminals.
Did you know that some hacker-friendly providers offer processor chips that are only sold on the Internet?
Did you know that hacker-friendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their viruses, worms, and/or Trojan horses?
For instance, “Vomit” is a free download software that was designed to convert VoIP phone conversations into a wave file which could be played with standard sound players. Hackers gleefully interpret this as a tool they can utilize to attack unsuspecting victims.
Hacker manuals are also easily accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the “command prompt” on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.
“Sniff” is another tool (originally intended to help telecommunication professionals detect and solve problems) that criminal hackers use to tamper with the protocol and “sniff out” data. When hackers sniff out a data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on conversations, gather information, and sell it to other unprincipled criminal entities.
Identity theft is one of the most sinister of vulnerabilities you can inadvertently be subjected to. Identity theft is defined by the Department of Justice as
“…the wrongful obtaining and using of someone else’s personal data in some way that involves fraud or deception, typically for economic gain.”
Identity theft is the by-product of unscrupulous criminal individuals obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc. Your information is then sold to other criminal entities for profit. Using your information, these criminals can then:
- access your bank account funds
- create new bank accounts with your information
- create driver’s licenses
- create passports
Attorney General Ashcroft stated that,
"Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America's businesses.”
Don’t be naïve enough to think it won’t happen or couldn’t happen to you!
A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.
According to a Press Release issued by the Department of Justice on February 28, 2005, a hacker was convicted of several counts of fraud, one in which
“…he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts.”
If you are using a VoIP internet service provider and do not want to be a victim of Identity Theft, then take the first step to protect yourself -- don’t use VoIP internet service providers operating on industry standard codec and industry standard protocols.
Viruses, Worms, and Trojan Horses
On January 28, 2005, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by “…creating and unleashing a variant of the MS Blaster computer worm.” Christopher Wray, Attorney General – Criminal Division stated that,
"This … malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world.”
On February 11, 2005, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm,
“directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoft's main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours.”
March 7, 2005, Symantec.com posted discovery of a worm named “W32.Serflog.B” that spread through file-sharing networks and MSN Messenger – networks that operate on publicly open and interpretable industry standard codec and protocols, including P2P systems, as well as Instant Messaging systems—none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.
If you don’t want to be the next victim of the devastation created by worms, STOP using services that operate on industry standard codec and protocols, and/or services that incorporate P2P systems.
Anti virus software does not incorporate protection for Instant Messaging services. In addition, Instant Messaging services, in and of themselves, do not include protection for their users.
If you like the convenience of text chatting via Instant Messaging, then use a VoIP internet service provider that includes the Instant Messaging feature -- one that does not operate on industry standard codec or industry standard protocols that are publicly open and accessible.
Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology that is hosted in a professional facility. Simply put, when a VoIP internet service provider operates on optimally secure platforms, the Instant Messaging feature on the VoIP softphone, is also protected with their technology.
A Trojan horse is a program that internet criminals use to interrupt and interfere with your security software and produces the following results
- Terminates processes
- Removes registry entries
- Stops services
- Delete files
Hackers, who have gained access to your computer, because of the programs and software as mentioned above, are having a field day incorporating this nasty little program into their arsenal of weapons.
As recently as March 4, 2005, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.
Here’s the bottom line.
- If you are currently using a VoIP internet solution provider that operates on industry standard codec and industry standard protocols that are publicly open and interpretable, you need to make a decision:
- Continue enticing criminal hackers and remain on their service, or
- Take immediate corrective action.
- If you are currently using Instant Messaging of any sort, you need to make a decision
- Continue enticing criminal hackers and remain as a user of their service, or
- Take immediate corrective action.
If you decide to take immediate corrective action:
- Find a VoIP internet solution provider that has their own proprietary high end encryption codec
- Find a VoIP internet solution provider that has their own proprietary patented technology
- Find a VoIP internet solution provider that hosts their proprietary patented technology in a professional facility
- Find a VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology
Here’s a place you can look over to see what a VoIP internet solution provider looks like that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND that incorporates the Instant Messaging feature.
By Dee Scrip © All rights reserved
**Attn Ezine editors / Site owners **
Feel free to reprint this article in its entirety in your ezine or on your site so long as you leave all links in place, do not modify the content and include the resource box as listed above.
About The Author
Dee Scrip is a well known and respected published author of numerous articles on VoIP, VoIP Security, and other related VoIP issues. Other articles can be found at http://www.free-pc-phone.com