Caller ID hacks go Hollywood
Listen to the column "Caller ID hacks go Hollywood", or visit our Podcast Center to hear more by James Gaskin.
Who predicted the way to make Caller ID hacking a front page topic was to enlist a Hollywood tabloid princess and a brain-dead party girl? But that's exactly what we have with Lindsay Lohan accusing Paris Hilton of hacking her voice mail.
Could this be a giant publicity stunt by SpoofCard.com, the accused hacking enabler? Perhaps, because you should never underestimate the slime quotient of Hollywood PR.
This illustrates what you have been warning your telecom people about since the early days of VoIP, doesn't it? Caller ID may have been trustworthy when all calls traveled only through giant RBOC SS7 networks, but no more. Caller ID provides less guaranteed security today than a screen door. Handy, yes, but secure? No.
Tabloid Princess (Lohan) accused Party Girl and "Accidental" Porn Star (Hilton) of hacking her voice mail and spoofing her Caller ID to send "mean" messages to friends. The horror, the horror. Yet how secure are your voice messaging systems and how well trained are your accounting personnel in Caller ID spoofing?
Could Vendor B call your accounting department and pretend to be Vendor A and regretfully report they couldn't fill an order? This would bump the order to the next lowest bidder, Vendor B. What business processes do you have in place to stop such a ploy?
What if a competitor of yours pretended to be one of your biggest customers and changed an order? When the actual customer received the inaccurate shipment, would they believe your excuse or switch to your competitor?
Imagine the nightmare of hackers injecting the IT department's Caller ID into calls to users asking for password verification and updates. You may have trained most of your users against giving out that information, but what if your name and extension was on the Caller ID screen? Would your coworkers follow their training or quickly give up their authentication credentials? I bet they give them up without a second thought.
Our double edged sword of VoIP value versus security holes, especially with smarter applications slipping into the VoIP data stream, will cut deeply the next few years. You can say this will become a real cat fight, if that helps explain the situation more clearly to management. I just hope your company name stays out of the tabloids.
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
