"Shortly After my "SIP Brute Force Attack Originating From
Amazon EC2 Hosts" post, Dave Michels interviewed me for an article
Dark Side of the Cloud. This is that interview:
"Dave: What do you believe the intent was of the attacks? Free
"Stu: Certainly free long distance would be one reason…
But there are many other reasons to hijack a SIP account. I'm sure
that organized crime would pay for a block of active SIP logins.
They could use them to circumvent surveillance, or possibly use
them for fraudulent boiler room calls about extended warranties and
"Remember, most folks still believe that the Telephone System is
secure… They tend to believe someone who is calling them.
"Dave: Do you know of any systems that were compromised by the
"Stu: That were actually compromised? No, I have no direct
knowledge of that, but most of that info won't be available for
months. Let's face it, we (SIP providers) have only heard about the
attacks that were caught. If you look at the overall picture, we
are probably only seeing about 2%-5% of the total attacks reported
at this time. From reviewing the logs on our systems, I could see
how this attack could easily compromised accounts."