Yet another way for malicious hackers to commit cyber offenses?
Researchers at the Communications Research Network (CRN) has warned that the security protocols used by VoIP networks may prove to be a potential security loophole, in that cyber criminals can use these to hide their identities.
The Network, jointly funded by the Massachusetts Institute of Technology and the Cambridge University, claims that encryption algorithms utilized by today’s VoIP networks may just be the very tool that hackers are looking for to hide the originating I.P. addresses of hack attacks, such as Distributed Denial of Service (DDoS), for instance.
At present, the most common means of initiating DDoS attacks is by polling zombie computers (machines that have been taken control of, through some virus or worm) through Instant Messaging protocols. IM standards, however, call for unencrypted traffic and routing, and hence originating I.P. addresses are easy to determine—which means a higher possibility of tracking down the perpetrator. VoIP routing and encryption specs, however, are proprietary, and tracking down the origin would prove to be very difficult without this information.
To address this problem, the CRN suggested that VoIP companies band together and agree on unified routing and encryption specifications, as this would make tracking down of data packets more manageable, and hence making cyber law enforcers’ lives easier.