News
News
1/27/2006
02:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Botnet Herders Hide Behind VoIP

Internet telephone applications like Skype and Vonage could become hacker hideouts, technologists and academics funded by MIT and Cambridge University say.

Internet telephone applications like Skype and Vonage could become hacker hideouts, a group of technologists and academics funded by MIT and Cambridge University said Thursday.

According to the Communications Research Network (CRN), voice-over-Internet (VoIP) software could give perfect cover for launching denial-of-service (DoS) attacks.

Jon Crowcroft, a Cambridge professor and the lead CRN researcher on the problem, noted that if botnet "herders," the term given to attackers who control large numbers of bot-infected PCs, turn to VoIP applications for command and control, security experts might find it impossible to trace back an attack to the perpetrator.

Current practice by most botnet herders is to issue commands to their armies of "zombie" machines over IRC (Internet Relay Chat) channels, or less frequently, via instant messaging (IM).

Crowcroft argued that attackers could use VoIP's ability to dial in and out of its overlays to make their tracks impossible to trace. In addition, proprietary protocols -- in some cases used by VoIP software to ensure ISPs can't block their applications -- make it tough for providers to track DoS attacks. Ditto for the encryption these applications offer and their peer-to-peer approach to routing packets.

"While these security measures are in many ways positive," said Crowcroft in a statement, "they would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks.

"It would be much harder to find affected computers and almost impossible to trace the criminals behind the operation."

The CRN recommended that VoIP providers publish their routing specs or switch to open standards so that law enforcement and ISPs can properly track misuse of the technology.

"Criminal activity on the Internet should be a notifiable event," said David Cleevely, CRN chairman, in a separate statement. "It's important to remember that there are more of us good guys than there are bad guys. The more we share information between us, the more we stay ahead of the game."

No such VoIP-directed DoS attacks have been seen in the wild, noted Crowcroft, but Internet telephony has been cited as a potential security risk by others, and some applications, notably Skype, have had to be patched against more mundane vulnerabilities.

In late 2004, for instance, Symantec predicted that VoIP would become a security headache in 2005 (it didn't), while in October 2005, Skype had to issue fixes for several bugs that could let attackers hijack PCs.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.