VoIP toll fraud: Could it happen to me?

In my last column, I highlighted the plight of an Australian company where inadequate security controls lead to an expensive toll fraud attack. The real question that should be on the minds of every VoIP system administrator is can this happen to me?

The answer is simple; if you do not have the correct security controls in place then yes, it could well happen to you.

The VoIP security systems at UM Labs regularly log attempted attacks. The majority of these attacks fall into two groups, simple scans to identify VoIP end-points and attempts to make free calls.

Some of the toll fraud attempts are very basic, such as the following example that originated from Malaysia in December. This attack attempted to call 525 551 690 000, not a valid number when dialled from a UK phone line.

The more sophisticated attackers will go the extra mile and use a valid phone number; some even try various prefixes to get an outside line.

Of course none of these attempts succeed because our security gateways stopped them, but if your security is reliant only on a general purpose firewall you may not be so lucky.

A VoIP toll fraud attack is very similar to an email open relay attack. This was a favourite tool of spammers as is meant that they could send large volumes of email to companies whose email systems were configured as open relays. These systems would then deliver those messages to their intended targets. There is of course one big difference, if your VoIP system allows attackers to make free calls then there is a direct and potentially large cost.

The email open relay problem is now largely solved. The solution was to implement email specific security controls. A similar approach can protect you from the risk of VoIP toll fraud.