back to article UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies

Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a "colossal ransom demand" after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian …

  1. Blitheringeejit
    Facepalm

    Calling OfCom and Openreach...

    Please can you change your mind about switching off my POTS line in 2025?

    1. IGotOut Silver badge

      Re: Calling OfCom and Openreach...

      Until a muppet puts a digger through a trunk cable. Enjoy a week of no service.

      1. katrinab Silver badge
        Megaphone

        Re: Calling OfCom and Openreach...

        It is a bit more difficult to do that from the comfort of a Russian basement.

        1. rcxb1

          Re: Calling OfCom and Openreach...

          Just wait until they start making self-driving diggers with Wi-Fi...

      2. Andy3

        Re: Calling OfCom and Openreach...

        Igotout - Never had that in the 40 years I've had a phone!

    2. gerdesj Silver badge
      Gimp

      Re: Calling OfCom and Openreach...

      Please can you change your mind about switching off my POTS line in 2025?

      Tch kids. I was phreaking your parent's phone line a fair few decades ago. Nowadays I go in with nmap and Wireshark on my Arch laptop (and a few VMs on it - KVM obvs!)

      There's nothing really wrong, pe se, with VoIP and it certainly is not fundamentally less secure (whatever that means) compared to POTS. SIP n RTP or IAX2 etc can be secured just as well as a copper line with one or two pairs but at least you don't have to piss around with electrical signalling and trying to work out the creative ways that electricity can leak to earth. You can encrypt RTP streams (eg ZRTP) and SIP can use fairly modern authentication methods. A copper line can't use encryption without extra hardware. In the old days wiretapping involved a bloke up the pole in a fake uniform with some croc clips and stuff. That's probably bollocks and it was probably all built in from day one at the exchange - and still is.

      Now there are a few problems with implementations of telephony (POTS or packet switched), starting with nearly all of it! For example why can't we use ENUM? Nominet won't let us in the UK - that's why. I know this because I asked them and my offer of hosting and managing the DNS zone was turned away. To be fair, not one ISP/phone operator would want us plebs using telephones like email, bypassing their per minute charges.

      You really don't want a copper pair to your house. You want a fibre or two. It's 2021 FFS! You'll be wanting to do your Instatik thing now and tok a sluffie or whatever you kids get off on these days. In my day we smoked kippers ...

      ...

      ... sorry nodded off ... get off my lawn etc.

      /s Judging by some of your past posts, you are my age or possibly older (I'm 50)

      1. MrNigel

        Re: Calling OfCom and Openreach...

        100% correct re "built-in from day one comment". The PRX-205 exchanges installed in Saudi Arabia in the early 80's all had line monitoring built in. Each exchange could monitor 4 lines remotely from Riyadh in a secret underground bunker between Airport and Pepsi roads.

        In the UK there used to be a small room in all exchanges with operators/switchboards with a 'Miss Moneypenny' type lady who could be guaranteed to be discrete. Not that it mattered because the GPO used to put interrupt tone on the line....

        Not mentioning Menwith Hill and mobile phone monitoring, that is a different thread.

      2. Displacement Activity

        Re: Calling OfCom and Openreach...

        @gerdesj: it's hugely distributed. It doesn't require any power to the premises. It may be the only technology that survives a zombie acopolypse, at least within an exchange area. Have you never actually seen a disaster movie? Or been in a blackout? Duh.

    3. JBowler

      Re: Calling OfCom and Openreach...

      Mine never worked. The DSL was, like, 38.4, the telephone crackled and at all critical times the oxygen-enriched copper supplying the feed fell from the poles. At least with wireless (point-to-point to an antenna on a cell tower a couple of miles away) I know I can blame my ISP, who is always very polite even if she doesn't fix it.

  2. IGotOut Silver badge

    This has been a known threat...

    .. for close on 2 decades. Larger Compnaies will (should) have private connections into their VoIP provider, but for the smaller ones, they will not have a choice.

    1. ChipsforBreakfast

      Re: This has been a known threat...

      A 'private connection' (unless you're talking about a dedicated physical line, which for all but the very largest is utterly impractical) will not save you from a DDoS attack that swamps your provider's bandwidth.

      Especially not when the underlying POTS network is gone and everything is IP based.

      Much more work is needed before we start transitioning potentially life-critical systems such as telephony exclusively to the internet.

      1. Pascal Monett Silver badge

        The transition has already started, my friend. It's largely on its way to be completed as well.

      2. gerdesj Silver badge
        Childcatcher

        Re: This has been a known threat...

        "Much more work is needed before we start transitioning potentially life-critical systems such as telephony exclusively to the internet."

        It mostly happened quite some time ago. Just because you are being charged old school telephony (per minute) fees, doesn't mean that telephony actually runs circuit switched anymore.

        Back in the day, you paid to use a electrical circuit that was created between you and the other end. That circuit started at your phone, to the exchange. At your local exchange the ladies (mostly) would link you to the destination exchange and that exchange would link in the final endpoint. So you would pick up the handset, hit the lever thing a few times to wake up Doris in the exchange. Actually Doris is doing more jobs than you can possibly imagine, simultaneously. When Doris responds, you ask for "Yeovil 576". She connects your line to the Yeovil exchange. That automatically notifies Yeovil. Doris at Yeovil is on intra exchange work for a rest. She sees the inbound call and allocates it to Doris who has some spare capacity. Doris sees 576 and calls 576 and when they answer, she patches the pending link through.

        That is a bit of a parody but not too far off why telephony used to be charged by the minute and had a set up cost too (minimum charge) which is not seen these days. We are still charged like that but now your phone talks direct to the other end without any human interaction.

        If you like I can really tell you how phone calls work these days but if you use a browser, you already know. The real power (ie grabbing cash off of punters) is in phone numbers themselves and not the medium. Imagine if you had to pay to look up Google's IP address every time you wanted to do a search and paid whilst you used their facilities.

      3. IGotOut Silver badge

        Re: This has been a known threat...

        "Especially not when the underlying POTS network is gone and everything is IP based."

        You mean like BT has been for SOME considerable time. You may want to search BT 21CN. Hint they started in 2004.

  3. Will Godfrey Silver badge
    Facepalm

    Fingers in their ears

    This whole mess has been predicted for something like 20 years, and as far as I can see has been totally ignored by world+dog. I don't see it improving until there are mountains of dead bodies.

    1. elsergiovolador Silver badge

      Re: Fingers in their ears

      If you take care of a problem proactively, how are you going to make money in the future on clearing the mess?

  4. mark4155
    Thumb Down

    Abandon Copper At Your Own Risk....

    Be warned BT/Openreach et al.

    "All that glitters is not gold" (Credit Mr. Wm. Shakespeare)

    Glitter includes in this context fibre and VOIP - act in haste, repent at leisure.

    Toodle Pip.

    1. ChipsforBreakfast

      Re: Abandon Copper At Your Own Risk....

      The likes of BT offering VoIP over it's own fiber is much less problematic (although not entirely without risk) as it controls the infrastructure end to end in that situation. It could, if it so desired, keep telephony traffic entirely separate from data, thus mitigating at least some of the risk of DDoS.

      The chances of them actually doing that without a very firm regulatory imperative however are so small that I suspect I have a greater chance of riding in an electric flying car!

    2. RegGuy1 Silver badge

      "All that glitters is not gold"

      Not Led Zep, then. :-(

  5. Anonymous Coward
    Anonymous Coward

    Waiting

    for someone to claim the 1 mill bounty for REvil. Someone must be getting close to them by now.

    1. Will Godfrey Silver badge
      Unhappy

      Re: Waiting

      They wouldn't live long enough to actually use it.

      Russia doesn't like it's 'friends' being attacked.

      1. teknopaul Silver badge

        Re: Waiting

        The Ruskies would have to know who it was to kill you, and in the process might expose a mole.

        Over a couple of bandits?

        You might live.

        If it's the state themselves Putin will not care if you prove it or not. News can be manipulated.

        Not sure you would get a payday tho.

  6. Tron

    Keep POTS.

    POTS is a fundamental piece of infrastructure. It works. It can't be hacked from the nether regions of the net. Ransomware attack on a hospital? Use fax. In the future it can be repurposed for any manner of different services and technologies - stuff we haven't even invented yet. It works when the mains goes off (and there will be a lot more of that with climate change). Getting rid of it to save BT a few quid is as dumb as the Beeching cuts to rail infrastructure.

    Yet another idiot act of self-harm by a country that now seems addicted to such behaviour.

    1. Potemkine! Silver badge

      Re: Keep POTS.

      Use pigeons. It works without requiring cables or electricity.

      It can't be hacked from the nether regions of the net.

      I bet the opposite. PABX don't exist anymore, IPBX can be hacked, even if they manage calls transiting through POTS.

    2. Down not across Silver badge

      Re: Keep POTS.

      POTS is a fundamental piece of infrastructure. It works. It can't be hacked from the nether regions of the net.

      I beg to differ. POTS was hacked before there even was any internet to speak of.

  7. Richard Pennington 1
    Facepalm

    If you are really an ITSP ...

    ... then you really are asking for some DDOSer to fill in the blanks to make your service TITSUP.

  8. David Pearce

    Trying to disable telephone networks easily could come under terrorism laws

  9. tip pc Silver badge

    I don’t remember the PSTN ever being attacked

    Prior to deregulation of the phone exchanges and last mile, the PSTN was accredited to carry information at “Secret”.

    One of the main objections for allowing non bt people and kit in exchanges was that it’d stop that accreditation and necessitate agencies to use additional safeguards like vpn’s (no bad thing really).

    Another advantage was that the PSTN was seen as strategic infrastructure with large parts of it built to carry ECN traffic intended for use after a nuclear war.

    While the PSTN carried internet traffic and latterly used ip to carry phone traffic it would never have been impacted by ddos or other attacks from the internet.

    The bt/Openreach infrastructure could be implemented far cheaper and far quicker, like altnets, but it’d be far less tolerant to outages.

    Do it once, right and expensive, or do it cheap and expect to have to keep re doing it on a continued basis with reduced availability levels especially at scale.

    1. Anonymous Coward
      Anonymous Coward

      Re: I don’t remember the PSTN ever being attacked

      It was attacked just differently I remember a call center in the 90s I was doing some work for getting deluged with junk calls (potentially) by their competitor so badly that they couldn't take any calls. Punters simply moved to the next company in the yellow pages that could answer the phone.

      This would go on for days and ironically cost the call center as there main number was a freephone

    2. TechHeadToo

      Re: I don’t remember the PSTN ever being attacked

      Lots of people make lots of money by doing it cheap and 'maintaining' it and redoing it every other year.

      And if you're a chum of the PM - what's not to like about the arrangement and the contracts? The public don't ever seem to care about what is done in their name.

  10. This post has been deleted by a moderator

    1. captain veg Silver badge

      He has low overheads.

      -A.

  11. Evilgoat76

    It might help is one of the mentioned organisations

    A) Had actually kept people up to date, most of us found out about this when El Reg published this

    B) Didnt enforce 8 digit numerical passwords only!

  12. Anonymous Coward
    Anonymous Coward

    As we have now run out of wars, since retreating from Afghanistan, could we not advance into Russia and take on REvil? We always need an enemy!

  13. tyroredome

    I'm in the USA. My VOIP provider, https://www.voip.ms , is undergoing a DDOS attack, probably from the perpetrator of the Voipfone and VOIP Unlimited attacks a few weeks ago. It started at 1600h GMT on Thursday, September 16. Service is still out for customers. Much info is in this thread, which has 180 comments:

    https://www.dslreports.com/forum/r33210774-Voip-ms-VOIP-MS-may-have-an-outage-right-now

    I'm trying to get a sense of how long the attack against VOIP.MS might last. Does any of you know how long the attacks on Voipfone and VOIP Unlimited lasted, or how long it took for those two companies to become fully operational again?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022