VoIP Hackers Shut Down Hospital Phone Lines

Is your VoIP phone system secured against attacks?

LA Times writer Paresh Dave reported that a San Diego hospital was the victim of a distributed denial-of-service attack (DDoS) when an “extortionist who, probably using not much more than a laptop and cheap software, had single-handedly generated enough calls to tie up the lines.”

For two days phone lines appeared busy to the outside world.

Who Is Affected?

David writes that according to vague mentions in law enforcement documents telecom industry insiders, there have been a range of VoIP victims including:

• Hospitals, nursing homes, and medical centers
• A public safety agency and an emergency operations center
• A manufacturer
• Wall Street firms
• Schools
• Media
• Insurance companies

There are more but “Many of the victims want to remain anonymous out of fear of being attacked again or opening themselves up to lawsuits from customers.” And the FBI is reporting that victims have paid up to $5,000 just to get the attackers to stop.

In the case of the San Diego hospital, the attack was stopped was using a “computer firewall filter.” There are devices available like Cisco security appliances that can reducing exposure to threats and unauthorized access.

Ongoing Problem

Two years ago the ClueCon VoIP conference featured a VoIP security discussion centered around the Lulz Security threats of the time, noting that,

Right or wrong, their hacking activities have proven beyond a shadow of a doubt two important points: Security is important, and good security is hard to find.

Couple that with the fact that there are hundreds of millions of VoIP endpoints installed around the world with more every day. IP PBX’s and SIP trunks are ubiquitous.

Skype has well over half a billion users. VoIP security matters, whether you are a developer, a provider, or even simply the end user.

Now as VoIP adoption rises, so too does the threat. One Australian business lost $120,000 because of VoIP hackers.

The FCC is working on a solution, reports David, but that may be a couple years away.

Until then, you should do as much as you can to protect your networks and be aware of the threat because as Frank Artes of NSS Labs was quoted as saying, “For all the money spent on Internet security, companies often overlook protecting their telephones.”

via LA Times