[ISN] Botnet Herders Hide Behind VoIP

From: InfoSec News (isn@private)
Date: Sun Jan 29 2006 - 22:34:18 PST


http://www.informationweek.com/news/showArticle.jhtml?articleID=177104813

By Gregg Keizer 
TechWeb News 
Jan 27, 2006 

Internet telephone applications like Skype and Vonage could become
hacker hideouts, a group of technologists and academics funded by MIT
and Cambridge University said Thursday.

According to the Communications Research Network (CRN),
voice-over-Internet (VoIP) software could give perfect cover for
launching denial-of-service (DoS) attacks.

Jon Crowcroft, a Cambridge professor and the lead CRN researcher on
the problem, noted that if botnet "herders," the term given to
attackers who control large numbers of bot-infected PCs, turn to VoIP
applications for command and control, security experts might find it
impossible to trace back an attack to the perpetrator.

Current practice by most botnet herders is to issue commands to their
armies of "zombie" machines over IRC (Internet Relay Chat) channels,
or less frequently, via instant messaging (IM).

Crowcroft argued that attackers could use VoIP's ability to dial in
and out of its overlays to make their tracks impossible to trace. In
addition, proprietary protocols -- in some cases used by VoIP software
to ensure ISPs can't block their applications -- make it tough for
providers to track DoS attacks. Ditto for the encryption these
applications offer and their peer-to-peer approach to routing packets.

"While these security measures are in many ways positive," said
Crowcroft in a statement, "they would add up to a serious headache if
someone were to use a VoIP overlay as a control tool for attacks.

"It would be much harder to find affected computers and almost
impossible to trace the criminals behind the operation."

The CRN recommended that VoIP providers publish their routing specs or
switch to open standards so that law enforcement and ISPs can properly
track misuse of the technology.

"Criminal activity on the Internet should be a notifiable event," said
David Cleevely, CRN chairman, in a separate statement. "It's important
to remember that there are more of us good guys than there are bad
guys. The more we share information between us, the more we stay ahead
of the game."

No such VoIP-directed DoS attacks have been seen in the wild, noted
Crowcroft, but Internet telephony has been cited as a potential
security risk by others, and some applications, notably Skype, have
had to be patched against more mundane vulnerabilities.

In late 2004, for instance, Symantec predicted that VoIP would become
a security headache in 2005 (it didn't), while in October 2005, Skype
had to issue fixes for several bugs that could let attackers hijack
PCs.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Jan 29 2006 - 23:02:50 PST