[VOIPSEC] NY Times, ABC News reporting on fraud scheme
Hallam-Baker, Phillip
pbaker at verisign.com
Sat Jun 10 08:20:55 CDT 2006
Yes, it was a brute force attack.
How long are the prefixes you use?
Why was digest chosen? It's a 1993 design. At the time I could not use RSA because of the patent encumbrances. If it was possible to use public key then I would have.
Digest is vulnerable to a brute force attack
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org
> [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Geoff Devine
> Sent: Saturday, June 10, 2006 8:24 AM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] NY Times, ABC News reporting on fraud scheme
>
> Reading through the .pdf file, I see:
> "Records provided by N.T.P. demonstrate that Defendant Pena
> obtained, without authorization, the valid proprietary prefix
> that N.T.P. used to identify authorized calls."
>
> Am I correct in thinking that this was just a brute force
> attack against the SIP digest authentication process?
>
> ---REGISTER--->
> <---401 Unauthorized---
> ---REGISTER + authorization info--->
> <---200 OK---
>
> Geoff Devine
> Chief Architect
> Cedar Point Communications
>
> -------------------------------------------------------
> Date: Fri, 9 Jun 2006 15:33:46 -0400
> From: dan_york at Mitel.com
> Subject: Re: [VOIPSEC] NY Times, ABC News reporting on fraud scheme
> using hacked VoIP service providers
> To: "Zmolek, Andrew \(Andy\)" <zmolek at avaya.com>
> Cc: voipsec at voipsa.org
> Message-ID:
>
> <OF845A12B8.2F4CDBA3-ON85257188.006A0C13-85257188.006B7668 at mitel.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Andy,
>
> Thanks for the great reply...
>
> > Sorry folks, encryption wasn't really the issue here (though a
> > well-designed PKI solution might have helped).
>
> Hmmm... I agree with your points that this was really a
> simple brute-forcing situation, but I guess my thought was
> that if the call control had all been encrypted, it would not
> have been easy for someone to simply inject signalling by
> brute-forcing prefixes.
> However, a system that provided that level of encryption
> would no doubt probably require the well-designed PKI
> solution you mention.
>
> > The good news here is that if we can learn a bit more about what
> > authentication systems were exploited,
>
> Jonathan Zar pointed out to me today (as we were recording
> our latest Blue Box podcast) that the full text of the US
> Dept. of Justice complaints are available online. The
> complaint against the primary businessman, Edwin Pena, is
> available at:
>
> http://www.usdoj.gov/usao/nj/publicaffairs/NJ_Press/files/pdff
> iles/penac
> omplaint.pdf
>
> and the one against Robert Moore, the "hacker" Pena hired to
> obtain info about third-party networks that Pena could use to
> disguise his connections, is at:
>
> http://www.usdoj.gov/usao/nj/publicaffairs/NJ_Press/files/pdff
> iles/moore
> complaint.pdf
>
> Both of the complaints make for fascinating reading. They
> name the companies and go into some detail about what Pena
> allegedly did in the execution of his scheme. Definitely
> worth a read.
>
> Regards,
> Dan
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
More information about the Voipsec
mailing list