Categories
Business voip

VoIP, the bible and own brand chips!

Cheap voip? Get what you pay for says Simon Woodhead.

It has been many years since I had to persuade someone that you got what you paid for with VoIP and that cheap voip routes were not the same as quality voip routes into bona fide networks, even though the transport may be the same. That cost obsessed underbelly of the industry still exists, but the vast majority of buyers of wholesale services now seek quality and have learned from mistakes of the past.

Along the way, those of us who started as pure-VoIP wholesalers have now grown into bona fide PSTN operators with SS7 interconnects into key trading partners. VoIP is the transport, not the product, and the product has improved drastically over the years.

Concurrently, previously pure-play TDM operators have discovered VoIP. Many now use VoIP for the exchange of international minutes, some even insist on it for domestic inter-carrier interconnects. Others have embraced it as an edge interface to an unchanged TDM core. Again, VoIP is the transport, not the product.

However, we’re now embarking on a new phase and I’m finding myself again echoing words of the past when speaking to potential customers. Those pure-play TDM operators who have relatively recently discovered this new VoIP toy are seeing the temptation of it not just as a transport but as a product, i.e. they can sell VoIP but rather than that being an interface to a stable core network and established interconnects, they can buy VoIP routes on the back-end and make extra margin. It is horrific from our position to test routes from global network operators and find them in some cases utterly unusable because they’ve tasted the forbidden fruit, and unlike the rest of us haven’t yet learned what a short-term game that is.

Others are pushing VoIP “interconnects” as an alternative to a regulated interconnect – a managed service outside of OFCOM’s scrutiny – at prices they dictate. Buyers of those products are seduced by the brand, the relative ease of set-up and have comfort that VoIP is the transport to a stable proven network and quality routes. In our experience they quickly learn that this is not the case.

We’ve even heard of established TDM operators dismantling their established TDM interconnects in favour of said VoIP-based managed services. Russian Roulette in many respects, especially with those customers paying for the established quality of a TDM core.

In short, having come from a time of VoIP being the product, learning and evolving to it simply being the transport, we’re sadly back there. Bigger, later, prestigious travellers are now seeing VoIP as a product on both the buy and sell side of their business. Rather like in the bible, it is the serpent urging them to taste the forbidden fruit and some are.

For practitioners this makes “caveat emptor” more applicable than ever. There’s no certainty that brand X represents a single level of service with multiple transports, but rather multiple levels of service at multiple price points. To put it in food terms, Sainsbury’s own brand chips range from premium to economy – you’re not getting premium at economy pricing just because it has their name on. Further, I’m reliably informed that Waitrose actually own their own farms, despite being a fraction of the size.

I have no doubt VoIP will continue to surplant TDM as a core transport for voice. In the interim, while it is luring the naive, be careful out there! Unforgiving consumers expect you to make the right choice. Cheap voip doesn’t necessarily mean good voip.

Previous post by Simon Woodhead on VoIP fraud. Simon is CEO of Simwood and is a respected comms industry veteran.

This is a VoIP week post on trefor.net. Check out other VoIP themed posts this week:

Why are major telcos afraid of encrypted VoIP? by Peter Cox
Emergency calls and VoIP by Peter Farmer
VoIP, the Bible and own brand chips by Simon Woodhead
Why the desktop VoIP telephone isn’t going away by Jeff Rodman
Small business VoIP setup by Trefor Davies
VoIP fraud-technological-conventionality-achieved  by Colin Duffy

Categories
Business online safety security voip

Voice Fraud – You Need to Act!

Trefor.net welcomes VoIP guest contributor Simon Woodhead, CEO of wholesale voice provider Simwood.

In February, we published VoIP Fraud Analysis, a white paper that details Simwood’s three years of operating a Honeypot, coloured in by many years of real-world experience servicing wholesale voice clients of all sizes and seeing them compromised. Our research has been very well received in official circles from OFCOM to ACPO, at industry events comprising scarily competent people, and we’ve since been able to compare notes with others in darkened rooms who study this for a living. Of course, I won’t repeat the full content of the white paper here — and it certainly wouldn’t be appropriate to do so — but I will be glad to share a few observations from it.

VoIP fraud — an estimated $46bn a year problem — has come as no surprise to anyone, and as we’ve run through the mechanism of attack the majority of people in the audience have seen at least parts of the behaviour we describe in the wild. If we were describing other kinds of crime most people would be looking in from outside, but VoIP fraud is pervasive and everyone in the industry has seen it at some level. Similarly, nobody has questioned the solutions proposed; some of which are unique to Simwood though they can be employed by any provider on almost any equipment. Despite this, people remain reluctant to act and, dare I say, a little complacent. It is somebody else’s problem until it is their problem, and by then it may very well be too late. Remember, $46bn is the estimated measure of the good guys’ incompetence…the bad guys’ intent is infinite and, as we’ve seen, can quite literally put a provider out of business in just hours.

The sad fact is that the bad guys are becoming far more professional. Gone are the days of script-kiddy intruding with such blunt force that it was apparent as a DoS attack. They are still there, of course, and can still be very effective in breaching completely unprepared networks, but the serious people — the professionals — are…well, professional. There’s no impatience or fervour to their attacks and they do their homework very very well. Their reconnaissance is unobservable to those not looking out for it at the packet level, and their early compromise testing is lost amongst legitimate call traffic for those unaware of the test numbers identified. Then they wait, patiently.

Christmas 2013 was a busy time for us with almost every night seeing one of our customer’s end-users compromised. Actually, we saw the same customers compromised repeatedly night after night, as the bad guys had identified a specific vulnerability present in the equipment they’d deployed to their end-user businesses. Where the customers were ISPs (with a defined block of IP addresses containing customer equipment) the attackers had been able to identify a list of similar targets on their network vulnerable to the same attack. This would have taken a long time and a lot of patience, before striking when eyes were furthest from the ball. On every single occasion we identified the incident, proactively made contact with our customers to advise and help resolve the incident. The attackers left quietly, knowing they had a long list of other targets and could come back later. They did, every night for the Christmas period.

Don’t be fooled into thinking this is just a “VoIP” problem. Many incidents are targeted and exploit non-VoIP technologies (e.g., those present by virtue of traditional PBXs being retro-fitted with IP capability) while many others are at other levels altogether, such as the http interface of CPE or provider admin systems. The traffic may pass over VoIP as a consequence, but in many cases once the VoIP side of it has been contained it will then pass over traditional phone lines connected to the same equipment. It must be an anxious time waiting for the CPS invoices afterwards!

My point here is not to scare you, but to highlight two trends: (1) providers are becoming more complacent, and (2) attackers are becoming more professional. A destructive combination, indeed, and one that is sure to end in more tears. Attackers are not going to become less capable and less professional, so the only option is for providers to be less complacent and to — this is critical — take action. Very few if any are doing everything they could, whereas others dismissively rely on techniques that may help but are incomplete and therefore give false confidence. The bad guys can turn on an attack at any point after the reconnaissance is complete, and if you think they cannot then how will you notice and be able to react when they do?

The solutions are often simple and free, however they require a willingness to implement and generally bring many other benefits. By way of example, the vast majority of providers operate SIP on UDP 5060 because that is the out-of-the-box behaviour, whilst you’d struggle to find equipment nowadays that doesn’t support TLS. Not only are TLS endpoints far less common targets, but TLS and SRTP also give end users the privacy I think they already expect they have. Similarly, billing more frequently and getting as close to real-time as possible not only enables fraud monitoring but provides massive operational and commercial benefits too. Your carrier monitoring and enforcing fraud controls on your wholesale account, safely away from your network, is by far the most effective preventative measure, and some of us do that to varying degrees.

simwoodlogo

There are many more solutions contained in the Simwood VoIP Fraud Analysis white paper, and we urge you to implement them, and also to lean on your carrier to help you to do so. Please note that in all the “Christmas” examples it was we the carrier — not our customers — who noticed end-user compromise.

The key take-away I want to leave you with is that if you are having no trouble sleeping at night because you believe it can’t/won’t happen to you, then you really need to act now. Your network may already be compromised, with eyes awaiting your being off the ball, perhaps over a coming Bank Holiday.

VoIP Week Posts: