eurovoip

everything about the european voip market: trends, startups, news and reviews

2006-01-29

VoIP as denial of service coverup solution?

The latest flurry of articles regarding VoIP being used by cyber criminals to cover their traces doesn't stop to irritate me. What a bunch of nonsense. Apparently a group of researchers at the UK's Cambridge University and USA's MIT have published a study, indicating how easy it would be for 'hackers' to cover up their traces using Voice over IP protocols. Traditionally, 'hackers' use IRC or - less frequently - instant messaging, to launch DDoS attacks from an enormous amount of computers at the same time. These IRC channels or IM servers are apparently monitored by law enforcement personnel to help them trace the originators of the attack.

According to the new study, hackers could theoretically use Voice over IP protocols that ... and here it comes ... by their very nature would make it a lot more difficult to trace the originator, because of (a) the sheer volume of packets, (b) the possible use of encrypted protocols, (c) the use of proprietary protocols and (d) the use of peer-2-peer technology ... Come again? I mean, are these traits unique for Voice over IP? And is there any seasoned hacker who has had to wait for VoIP to arrive to make use of this technology? Again a beautiful example of FUD being distributed by so called researchers who apparently have nothing better to do than find the new "security issue" or what have you .. to scare people away from a certain technology. And then, of course, it is shamelessly copied by every website online, because, security sells .. and telling scary stories sells even better!

I have absolutely no problems with people doing decent research and publishing decent reports of what may go wrong .. but please .. let's not overreact and try to find problems where there aren't any. I don't want to come across too negative, and the people who wrote this document probably had good intentions. But who commissioned this study, and why? I certainly see no value in it whatsoever.

Technorati Tags: ,

0 Comments:

Post a Comment

<< Home