As the use of VoIP (Voice Over Internet Protocol) is rapidly increasing all over the globe so to are the internet criminals abusing this situation. The numbers of people and businesses starting to use this new internet technology has reached a level where malicious hackers can start to make a profit.

The problems start when the packet of voice information moves from the high security environment of the traditional phone lines to the largely unregulated internet domain. Traditional phone systems involve trust with both the caller and the receiver's equipment. Phone switches at the callers end should not lie about their number with other switches, the receiving switch not revealing the callers number if it has been specifically asked. Additionally the Federal Communications Commission (FCC) tightly regulates how calls should be made.

Outside the barriers imposed by the FCC, the rules are firmly in the hands of the ordinary internet users.

An increase in the use of VoIP is likely to encourage:

-call hi-jacking which re-directs callers to criminals/ conmen
-voice phishing where people are conned into providing confidential information
-caller-ID spoofing which enables criminal conmen appear as if they are calling from a different and legitimate number, e.g. the bank of the victim
-audio spam may increase, subsequently blocking voicemail boxes with audio adverts

A past hacking method known as 'war-dialing' could resurface now that VoIP is around. Originally this hacking involved huge numbers of phone calls being made in order to find addresses that had data tones as a response.

Groups of hackers have been seen to investigate large lists of VoIP numbers to see what lies at the opposing end. The exploitation of loosely protected servers was also achieved in this same fashion.

Criminal gangs have re-coded computer viruses, worms and Trojans so that when they are unwittingly installed on a computer remote criminal servers are contacted, new damaging software downloaded to the infected computer and potentially every other networked computer.

Large numbers of computers that are manipulated by high-tech criminals, known as 'bot-herds' are often used as hubs for the launch of other computer attacks. One well known example is the Denial of Service (DoS) attack which targets computers with such a high level of data that they become overrun and cease to function properly.

With these facts in mind, at the moment whilst the technology is new and the security is poor, businesses and home users alike may well be more restrained in using VoIP as the increase in crime escalates.

To help secure traffic with VoIP people can try:

-segmenting data and voice traffic via a virtual Local Area Network (LAN). This can lessen the threat posed by specialized hacker software that picks up data packages. If an attack is made on you VoIP system the disruption will at least be minimized.
-using proxy servers ahead of business firewalls so that ingoing or outgoing voice data is processed.
-encrypting traffic from VoIP, then running it over a virtual private network (VPN).
-ensuring your firewalls are adequately set up. Can your security and networking companies support Session Initiation Protocol (SIP) and the H.323 voice protocol of the International Telecommunication Union?
-ensuring the lockdown of server-based IP PBX's. Denial of service attacks and viruses should be countered on a regular basis.

VoIP security is a huge challenge that has only really surfaced in the last couple of years. Securing VoIP systems in reality doesn't involve a great deal extra effort than the lengths companies have taken to secure their data in the past.