Today's hot topic is VoIP security and while there haven't been any huge break-ins into VoIP systems that I am aware of I am aware that according to the WSJ, T-Mobile recently had their computers broken into and customer names and social security numbers were accessed. The bold section below doesn't sound too good but I must admit I slept through much of history class so if there was a day we went over "mutual assistance legal treaties," I was either dreaming or absent.
Nonetheless we seem to have one of these with Russia. Who would have guessed? Here is an excerpt from the story:
By JESSE DRUCKER and JOHN D. MCKINNON
Staff Reporters of THE WALL STREET JOURNAL
January 13, 2005; Page B5
A hacker broke into the computer systems of T-Mobile USA Inc. over several months, viewing the names and Social Security numbers of 400 customers as well as the files of a Secret Service agent investigating the network break-in, the company and government officials disclosed.
According to the Associated Press, the hacker obtained an internal Secret Service memorandum and part of a mutual assistance legal treaty from Russia. The documents contained "highly sensitive information pertaining to ongoing ... criminal cases," according to court records reviewed by the AP. The hacker also accessed e-mails and computer files.
The break-in was discovered during a broad Secret Service investigation, called "Operation Firewall," that targeted underground hacker organizations.
Nicolas Lee Jacobsen, a 21-year-old computer engineer of Santa Ana, Calif., was charged with the break-in in U.S. District Court in Los Angeles.
Deutsche Telekom AG's T-Mobile, the country's fifth-biggest cellphone-services provider with more than 16 million subscribers, said that its systems were broken into in late 2003. The carrier said it notified the Secret Service, which apprehended Mr. Jacobsen in late 2004. According to the AP, court records said the hacker had access to T-Mobile customer information from at least March through October of last year.
T-Mobile said the customers whose records were viewed were notified in writing, but said that customer credit-card information wasn't accessed.
"This same person is also believed to be involved in other attempts to gain unauthorized access to customer information," a T-Mobile spokesman said in a statement. "The Secret Service is investigating these allegations, and T-Mobile is cooperating to the fullest extent, including with regard to the allegations that customer photos have been subject to unauthorized access."
Will this happen to VoIP at some point? Will conversations be hijacked? Absolutely in my opinion. Somewhere out there, an army of hackers is salivating at the chance to listen in as you call Dominos and order your pepperoni pizza. Once we open up telephony by pushing it over IP packets we need to make sure we are 100% dedicated to ensuring VoIP security. Service providers need to understand how important it is to focus on this issue because who knows what "treaty-talk" could be going on over those packets.