Skype could provide botnet controls
by Joris Evers
Keywords: VoIP and IP telephony | Security threats | Hacking | Spam and phishing | Viruses and worms
關鍵字:VoIP 和 IP telephony | 安全威脅 | Hacking | 垃圾郵件和網絡釣魚 | 病毒和蠕蟲
Net phone services could allow cybercriminals to launch attacks without being detected, a communications group has warned.
Internet phone services such as Skype and Vonage could provide a means for cybercriminals to send spam and launch attacks that cripple Web sites, experts have warned.
Moreover, because many voice over Internet protocol applications use proprietary technology and encrypted data traffic that can't easily be monitored, the attackers will be able to go undetected.
"VoIP applications could provide excellent cover for launching denial-of-service attacks," the Communications Research Network said Wednesday. The Communications Research Network is a group of industry experts, academics and policy makers funded by the Cambridge-MIT Institute, a joint venture between Cambridge University and the Massachusetts Institute of Technology.
“VoIP應用程序能為發起拒絕服務攻擊提供極好的掩護，”Communications Research Network周三說。Communications Research Network是一個行業專傢，理論和策略制定者團體，為其提供基金的劍橋－麻省理工學院聯合研究所（CMI，The Cambridge-MIT Institute）是由劍橋大學和麻省理工學院合資的。
《endurer註：1。joint venture 合資》
The group urges VoIP providers to publish their routing specifications or switch to open standards. "These measures would...allow legitimate agencies to track criminal misuse of VoIP," Jon Crowcroft, a professor at Cambridge University in the U.K., said in a statement.
《endurer註：1。U.K. 英國, 聯合王國》
Essentially, some of the features to protect VoIP applications can now be used maliciously, Crowcroft said. "While these security measures are in many ways positive, they would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks," he said.
《endurer註：1。in many ways 在許多方面
2。add up to 合計達》
In a denial-of-service attack, a flood of information requests is sent to a Web server, bringing the system to its knees and making it difficult or impossible to reach. Today, such attacks often involve many hacked computers, so-called "zombies," that have been networked in a so-called "botnet."
《endurer註：1。bring sb. to his knees:迫使某人屈服》
Cybercriminals rent out use of their botnets on the black market. About 60 percent of the world's spam is sent through such compromised computers, and the zombies are also used in extortion schemes where a Web site owner is told to pay or face a denial-of-service attack.
《endurer註：1。rent out 租出》
Botnets are typically controlled by an attacker via Internet Relay Chat. Zombies listen for instructions from their masters on IRC channels. Investigators monitor those channels to help catch cybercriminals, and Internet service providers can block traffic to the IRC servers used by zombies in order to thwart attacks, experts have said.
VoIP applications such as eBay's Skype and Vonage could give cybercriminals a better way of controlling their zombies and covering their tracks, the Communications Research Network said. "If the control traffic were to be obfuscated, then catching those responsible for DoS attacks would become much more difficult, perhaps even impossible," the group said in a statement.
諸如eBay的Skype和Vonage這樣的VoIP應用程序可給予網絡罪犯控制僵屍（電腦）和隱藏攻擊的更好方法，Communications Research Network說。“如果控制交流被擾亂，那麼抓獲這些DoS攻擊責任人將變得更困難，甚至不可能。”該團體在聲明中稱。
《endurer註：1。responsible for 為...負責；是造成...的原因》
There has yet to be an instance of an online attack launched through a VoIP application, but the Communications Research Network believes it is only a matter of time. "If left unresolved, this loophole in VoIP security won't just decrease the likelihood of (attack) detection and prosecution, it could also undermine consumer confidence in VoIP," the group said.
還沒有通過VoIP應用程序發動的在線攻擊實例，但Communications Research Network相信這隻是時間問題。“如果置之不理，VoIP安全中的漏洞將不僅僅會降低（攻擊）檢測和起訴的可能性，還將破壞消費者對VoIP的信任，”該團體說。
《endurer註：1。It's only a matter of time. 這隻是時間問題。
2。consumer confidence 消費者信任》
Communications Research Network contacted VoIP providers with its concerns, it said. Skype and Vonage did not immediately respond to a request for comment.
Communications Research Network說它帶著關切聯系VoIP供應商，Skype和Vonage沒有立即響應。
《endurer註：1。with concern: 關切地(憂慮著)》