There is Still SPITThere is Still SPIT
SPIT is real. However it seems that SPIT situations have not been reported well so we do not know how bad the problem is.
August 18, 2010
SPIT is real. However it seems that SPIT situations have not been reported well so we do not know how bad the problem is.
There has not been a lot of public discussion recently about SPam over Internet Telephony (SPIT). The problem still exists.
SPIT is the distribution of unwanted voice calls via VoIP. It is similar to e-mail SPAM. We can produce SPIT via several signaling protocols, but the spread of SIP is making it easier then ever to create SPIT. The candidates for SPIT-producing attacks are telemarketers, prank callers and those wishing to overload the network and voice services of an organization. You could call SPIT voice phishing.
The nojitter.com blog written by Eric Krapf, "SPIT Pre-Emption" points out the problem of detecting and blocking SPIT:
And as several security experts have pointed out, filtering voice spam is even harder, because the filtering decision has to be made in real time. And even more troubling, if voice is going to become a crucial component of mission-critical business applications, as the Unified Communications vision suggests, real-time networks can't afford to be crippled by the kind of resource diversion/consumption that unchecked spam represents.
Junk e-mail, SPAM, is easier to detect and block. The junk e-mail passes through a server before being delivered. The server can be used to scan the e-mail and determine if it should be delivered, marked as SPAM or blocked/filtered. Although e-mail is generally delivered in near-real time, a few seconds of delay will not interfere with the delivery expectations. Voice calls do not pass through a server and must be delivered in real time, 150ms or less time to ensure that the conversation is fluid. VoIP calls are peer-to-peer transmissions. The endpoint has to perform the filtering of SPIT.
The call manager could block calls from listed caller IDs if they were known in advance. That assumes the caller ID is correct and not spoofed. Also, if the SPIT is destined for a voice mail system server, then there will be time to analyze the call and filter it if necessary.
The independent Skype Journal has an interesting post about Skype SPIT, "Wishlist: Solve Skype SPIT (Spam over Internet telephony)". Katherine Robinson wrote that when she signed up for Skype, she set her restrictions to "open to all takers" so she could receive calls from businesses who were not on her contact list. Within 10 days she started to receive SPIT at 5 am, selling a pre-approved credit card. A friend of Katherine’s also receives SPIT regularly and in the middle of the night. She resolved the situation by restarting her contact list then blocking calls from the businesses that were not on her contact list, a Catch-22 situation. She was not satisfied with the Skype response to the SPIT problem.
So SPIT is real. However it seems that SPIT situations have not been reported well so we do not know how bad the problem is. SPIT can overload the bandwidth of the IP network and tie up access to servers and applications that share the network with VoIP calls. SPIT can overload voice mail systems. How do you feel when you want to leave a message and the mailbox is full? What would this mean to contact centers?
A Unified Communications system can provide presence information that could be used by the SPITter to determine where the potential called party is and their status to receive SPIT. The "find-me-follow-me" feature would ensure you received the SPIT call. So UC opens up even more sophisticated methods for the SPITter.
Nearly all VoIP/IPT installations have a gateway to the PSTN. SPIT can overload the gateway, blocking incoming calls. The enterprise may have opted to migrate to SIP trunking. The SIP trunk overload may lead to reduced call quality because of trunk bandwidth overload. Do SIP trunking providers have SPIT filters? I don’t know, but they may have to add that to their services. SPIT to cell phones with usage-measured charge structures will feel a financial cost when receiving SPIT.
The cable companies that offer VoIP calls will eventually have to deal with SPIT. The cable companies have the same problems as enterprises in dealing with SPIT. Does your cable VoIP provider detect and block SPIT? I doubt it. The VoIP service provider may block legitimate calls in the process of trying to block SPIT. The customers may then file a complaint with FCC and complain about censorship. This has already occurred for wireless text messages that were blocked by Verizon. The VoIP service provider will then have to be continuously vigilant and expend resources for the SPIT problem. So they will have to deal with both the bandwidth and voice mail overloads as well.
You have heard of botnets. A Botnet is a used to describe a collection of software agents, or robots, that run autonomously and automatically. A Botnet is a group of infected machines that makes it very hard to trace the sources and block them because the Botnet consists of many machines operating simultaneously. If a Botnet is used to deliver SPIT, it will be difficult to block all the Botnet sites. SPIT will still get through.
A paper on SPIT detection and handling strategies for VoIP infrastructure, "SPam over Internet telephony Detection sERvice (SPIDER)" , provides a good analysis of the problem and various solutions that may be taken to detect and block SPIT. There is a patent application for the detection of SPIT on VoIP calls. Read the claims portion to learn what the invention claims to do for SPIT detection.
