Skype cocould provide botnet controls
Skype provides botnet Control
By Joris Evers
Author: Joris Evers
Translation: endurer
Version 1st
Keywords: VOIP and IP Telephony | Security Threats | hacking | spam and phishing | viruses and worms
Keywords: VOIP and IP Telephony | Security Threats | hacking | spam and phishing | viruses and worms
Http://techrepublic.com.com/2100-1009_11-6031306.html? Tag = NL. e044
Takeaway:
Net phone services cocould allow cybercriminals to launch attacks without being detected, a communications group has warned.
Overview:
A communication group has issued a warning that the network telephone service can allow cyber criminals to launch attacks without being detected.
Internet phone services such as Skype and Vonage cocould provide a means for cybercriminals to send spam and launch attacks that cripple web sites, experts have warned.
Experts have warned that Internet telephone services such as Skype and Vonage can provide cyber criminals with methods to send spam and launch attacks against websites with disabilities.
Moreover, because expose Voice over Internet Protocol applications use proprietary technology and encrypted data traffic that can't easily be monitored, the attackers will be able to go undetected.
In addition, because some speech uses patented technologies and Internet Protocol applications that are not easy to monitor to encrypt data, attackers will not be able to detect it.
"VoIP applications cocould provide excellent cover for launching denial-of-service attacks," the Communications Research Network said Wednesday. the Communications Research Network is a group of industry experts, academics and policy makers funded by the Cambridge-mit Institute, a joint venture between Cambridge University and the mascript usetts Institute of Technology.
"VoIP applications can provide excellent protection against DoS attacks," Communications Research Network said on Wednesday. Communications Research Network is an industry expert, group of theoretical and policy makers providing funds to the Cambridge-Massachusetts Institute of Technology (CMI, the Cambridge-mit Institute) it is a joint venture between the University of Cambridge and the Massachusetts Institute of Technology.
Endurer Note: 1. Joint venture joint venture
The Group urges VoIP providers to publish their routing specifications or switch to open standards. "These measures wocould... allow legitimate agencies to track criminal misuse of VoIP, "Jon crowcroft, A sort sor at Cambridge University in the U. K ., said in a statement.
The Group urged VoIP providers to publish routing specifications or switches as open standards. "These measures will... allow legal agents to track criminal abuse of VoIP," said Jon crowcroft, a professor at the University of Cambridge in a statement.
Endurer Note: 1. U. K. uk, United Kingdom
Essential, some of the features to protect VoIP applications can now be used maliciously, crowcroft said. "While these security measures are in valid ways positive, they wocould add up to a serous headache if someone were to use a VoIP overlay as a control tool for attacks," he said.
In fact, some features used to protect VoIP applications are now maliciously exploited, crowcroft said. "Although these security measures are positive in many ways, it is a headache if someone uses VoIP coverage as a control tool for attacks ." He said.
Endurer Note: 1. In many ways
2. Add up to total
In a Denial-of-Service attack, a flood of information requests is sent to a Web server, bringing the system to its knees and making it difficult or impossible to reach. today, such attacks often involve into hacked computers, so-called "zombies," that have been networked in a so-called "botnet."
In a Denial-of-Service (DoS) attack, information request flood is sent to the Web server, making it difficult or inaccessible to the system. Today, such attacks often include some computers that are hacked into a network called botnets. These computers are called botnets ".
Endurer Note: 1. Bring sb. to his knees: forcing someone to give in
Cybercriminals rent out use of their botnets on the black market. about 60 percent of the world's spam is sent through such compromised computers, and the zombies are also used in extortion schemes where a Web site owner is told to pay or face a Denial-of-Service attack.
Cyber Criminals rent out their botnets on the black market. About 60% of the world's spam are sent through victim computers, which are also used in ransom plans, and website owners are notified to pay or face denial-of-service attacks.
Endurer Note: 1. Rent out
Botnets are typically controlled by an attacker via Internet Relay Chat. zombies listen for instructions from their masters on IRC channels. investigators monitor those channels to help catch cybercriminals, and Internet service providers can block traffic to the IRC servers used by zombies in order to th1_attacks, experts have said.
Botnets are usually controlled by attackers through the Internet multi-line conversation (IRC. Botnets (computers) Listen to instructions from their controllers on the IRC channel. Investigators monitor these channels to help arrest cyber criminals. Internet service providers can block communication between IRC servers used by botnets (computers) to block attacks, experts have pointed out.
VoIP applications such as eBay's Skype and Vonage cocould give cybercriminals a better way of controlling their zombies and covering their tracks, the Communications Research Network said. "If the control traffic were to be obfuscated, then catching those responsible for DoS attacks wocould become much more difficult, perhaps even impossible," the group said in a statement.
VoIP applications such as eBay's Skype and Vonage can give cyber criminals a better way to control botnets and hide attacks, said Communications Research Network. "If control communication is disrupted, it will be more difficult or even impossible to arrest the responsible person for these DoS attacks ." The group said in the statement.
Endurer Note: 1. Responsible for is... responsible; is the cause of...
There has yet to be an instance of an online attack launched through a VoIP application, but the Communications Research Network believes it is only a matter of time. "If left unresolved, this loophole in VOIP Security won't just decrease the likelihood of (attack) detection and prosecution, it cocould also undermine consumer confidence in VoIP," the group said.
No online attack instances have been launched through VoIP applications, but Communications Research Network believes this is only a matter of time. "If you ignore it, vulnerabilities in VOIP Security will not only reduce the possibility of detection and prosecution, but will also undermine consumers' trust in VoIP," the group said.
Endurer Note: 1. It's only a matter of time. This is only a matter of time.
2. Consumer confidence consumer trust
Communications Research Network contacted VoIP providers with its concerns, it said. Skype and Vonage did not immediately respond to a request for comment.
Communications Research Network said it contacted the VoIP provider with concern that Skype and Vonage did not respond immediately.
Endurer Note: 1. With concern: Concern