VoIP Toll Fraud on the Rise

Infonetics Research, a telecommunications researcher, found network security spending for intrusion detection and prevention measures fell by 21% at the start of this year. They further reported that the overall IT market was also declining. These falling prevention figures help partially explain why business VoIP toll fraud is increasing. Toll fraud is the remote hacking of a company’s telephone system by a third party. Although this is not a new fraudulent technique, it began in the 1950s as a means of circumventing the telephone service providers’ billing system, it is now a multimillion dollar industry. Toll fraud today involves highly educated “tele-theives” targeting both major telephone corporations and small businesses to “steal” minutes and make international calls.

The reason there has been a rise in the number of VoIP toll fraud cases, as opposed to on other telephone systems, is VoIP services inherent relationship with high speed internet connections.  VoIP systems that use Session Initiation Protocol (SIP) trunks for PSTN connectivity (rather than T1 TDM connectivity) can be maximized by hackers to offer at least twice the amount of minutes available and even more minutes if used during non-peak hours.

With more companies switching over to VoIP telephone systems, there are more opportunities to hack into these phone systems.  Although the three mistakes -  weak passwords on endpoints, relying too heavily on boarder controllers, and insufficient VLAN separation for voice and data transfers - are errors that do permit hackers to gain access to a VoIP network, they are not the leading cause of hacker entry. Surprisingly, most toll fraud occurs because of password-related problems. The three most common examples of password encryption mistakes that lead to toll fraud are:

1. Keeping the default administrative password after installation.
2. Not creating encrypted passwords for different extensions but rather having the password be the number of the extension.
3. Turning off encryption for internal communications because of troubleshooting or performance related issues.

The good thing about toll fraud is remedying these problems once identified is fairly easy. The password problems have an easy fix: develop an encrypted password protocol for both internal and external points. After updating passwords, run the svcrack and svwar available on SIPVicious tool suite or similar program to test the password strength and make sure no extensions are active with missing passwords. The SIPVicious tool can also be used to detect SIP devices that may be dialing into your VoIP network.   Running the SIPVicious tool for SIP detection twice a month with a penetration test will help assess weak points of entry that may be exploited by tele-theives.

How Toll Fraud Impacts a Business:
Toll fraud is normally discussed in terms of the expensive bills caused by the fraudulent calls, but there are other ways in which toll fraud can inadvertently affect a business.  Toll fraud can directly affect a business’ profits. The network may seem slower because of the added traffic from the hacker calls which may affect call performance by introducing static or dropping calls. Hacker presence may also reduce the number of available outside lines causing employees to wait until one line becomes available.  In terms of incoming calls, toll fraud may give a client’s incoming call a busy signal thereby affecting overall customer service and possibly a loss in new orders.