The hackers involved in the VoIP scam have done a great service to the VoIP fraternity. They have done what other experts had been saying about- VoIP networks are as vulnerable to all types of nefarious activities as the internet is.

It is laudable to note that the fraud was committed not on the naïve end users of VoIP services but on VoIP service providers. It is believed that the fraudsters carried their traffic at cut price rates by offloading it onto the networks of other VoIP service providers. The scam also depended on vulnerabilities in at least one corporate network

Now how did this happen?

It involved two ways- finding a means of hiding the origins of the traffic and then finding ways of getting it into the networks of unsuspecting VoIP service providers. It is being suspected that the two hackers scanned routers of companies all over the world looking for router ports used for VoIP calls and then they chose a router which was operated by a hedge fund company in New Jersey. According to court documents the hackers ran more than six million scans for such ports over a four month period.

In order to access the VoIP providers' networks they bombarded these networks with calls by making use of different prefixes in order to determine the unique identifier used by that provider in order to identify and admit its own call from the internet.

This is certainly a serious matter as it has been reported in states that VoIP calls to call centers have been hijacked and diverted to operators masquerading as a company's call center operators who then obtain confidential information from customers. This scam has also raised eyebrows on the Skype software as Gartner Group had reported last month that vulnerabilities had been reported on it.

It seems that VoIP is as vulnerable as the internet itself and the VoIP providers need to strengthen it if it does not want to land into such embarrassing situations again.

Thnx Stuart Corner