The Legal Line
Dear Ed:[My company] is a prepaid card provider and resale carrier that heavily uses VoIP for our long distance wholesale arbitrage business. We recently had an incident where a “hacker” entered our system that was a result of a weakness in our network’s gateway and opened up termination of its VoIP traffic through our system while simultaneously zeroing out the traffic record on billing system. They took us for over 95K in traffic in little over a week. They apparently detected that our system had minimal security on the gateway. Randomly doing a port scan could not easily detect this, so we first though it was an inside job. It now appears that it really was an ISP operation, with an IP address, registered out of Europe. We are still trying to confirm this but no one is really helping us. Are we alone out here? I have heard absolutely nothing about this in the news so I am wondering what options we have?Robbed My VoIPDear RMV:Several years ago, I did the TPP series called “How to Smell a Prepaid Rat” in which I outlined a scam called the “Spike-and-Run”. At the time, the scam was geared more to providers using TDM and those who had interconnection with “leaky”, “gray” or “by-pass” international providers. The basic modus operandi was that the offender finds a weakness in your switched system, passes massive traffic through in a short period of time, and disappears thereafter. Victims are left with only a CDR of the offender’s traffic spike and a name of company or individual that could not be located, being now on the “run”. Ergo the name: Spike and Run. It now appears that this scam has now found evolution in VoIP by means of hacking or password attacks. This concerns me greatly as VoIP providers, and more specifically prepaid VoIP carriers, are the slow moving cattle in the herd for these IP predators.While you may feel that you are alone, RMV, you are not. There have been widespread incidents like yours, however there has not been much reporting of it. In fact, it seems as if the industry is intentionally burying the topic while they figure out how to address the problem from both a technical and legal standpoint. My most recent review of VoIP hacking in the news media found only one report taking the topic head-on. That was the Nov-1-2005 issue of Broadband Business Forecast, in an article by its editor Stuart Zipper. Aside from that, there is not much information being made public. There are however plenty of casualties to this type of hacking, incurring damages of lost traffic and high costs. I have seen them in my own practice and have spoken to other industry attorneys who have also seen them in theirs.Part of the problem when it comes to the theft of VoIP traffic is that there is really no detailed regulation of VoIP that would give avenues for legal or administrative remedy to victims. For example, if the VoIP pirate is not a common carrier with 214 Authority, merely an ISP, and the victim is a 214 holder, there is not much standing for the carrier to bring an FCC complaint against the ISP. While there are anti-hacking statues available at the federal level, the threshold for their use are damages over 5,000.00 USD. Hackers are keenly aware of this and often bleed and blend the VoIP they steal to amounts less than $5,000.00 USD. In your case, the traffic is massive and you should have recourse in either a civil or criminal action under federal anti-hacking statutes. You need to immediately consult your attorney to not only appraise you of your rights, but also to preserve evidence, and possibly assist you in properly bringing law enforcement into the matter. Do this while the incident is fresh. Consult him/her now!The real issue in your case is security. If you are a VoIP carrier, it is worth the extra costs. The problem is that most victims of this type on hacking are either small upstart resellers with their own facilities, or medium sized carriers with a wide array of physical Points of Presence that stretch their ability to coordinate the detection of hacking. They are simply ill equipped to detect and trace hackers. I have not heard of too many cases originating out of prepaid service bureaus, so there may be some safety in numbers, and with providers that focus more heavily on the quality of the platform that they utilize. But this does not negate the need to be careful and beef-up all your security protocol in the interim. It is hard to believe that hackers are randomly port scanning for VoIP carrier gateways and finding them across the Internet so easily.This being said, my recommendation is to also start talking to other providers about the topic at conventions and professional forums. Information needs to be consolidated on this topic and shared with the industry and the FCC - it starts with victims. Also start to keep updated with manufacturer advisements, patches, and security warning on your gateway. Anticipate the risk. Also, since you have been hit once, you will likely be targeted again, until the hacker is traced or has greater difficulty.Good luck and be careful out there!Send your questions firstname.lastname@example.org.