SIP: The Perfect Spamming Tool? (PART 1)
Posted by Dorgham Sisalem on Tue, Feb 10, 2009 @ 06:32 PM
This is the first of two blog postings on the topic, "SIP: The Perfect Spamming Tool?" The second posting is planned for Tuesday, February 17th, 2009.
The business model behind spam is rather simple. The spammer distributes his message to a large number of receivers and hopes that the message would actually convince some of those receivers to buy the advertised product. For a successful campaign the spammer needs to reduce his own costs, reach a large number of receivers and avoid getting blocked.
SIP can help with all of these factors.
Cost Reduction
As a simplistic comparison we can consider the following scenario. A flat rate telephony service with PSTN costs in Germany around $30 USD/month and allows the spammer to call any national number for any number of minutes. If a call takes on the average 2 minutes the spammer would be able to conduct 30 calls per hour for around $.14 Cents per call.
A VoIP-based flat rate telephony service can also cost around 30 USD/month. In addition to the VoIP service the spammer needs to subscribe to a broadband Internet access. Such a service cost another $30 USD/month, which considering the German and U.S. market, seems to be a rather conservative assumption. With a 2 MBit/sec access to the Internet, a bandwidth usage of 64 Kbit/sec per call, the spammer can actually generate more than 30 parallel calls and hence 900 calls per hour for $60 USD/month. This means that using SIP the spammer can reduce his costs by a factor of 15. This calculation does not take into account that spam calls using VoIP can be generated using an off the shelf PC whereas in the case of PSTN some special hardware would be needed. Note also that a flat rate telephony service is only needed if the spammer wants to reach also users with only a PSTN line. VoIP calls that originate and terminate in the Internet are usually free of charge and would not require a flat rate telephony service. Thereby, with the increased deployment of VoIP, the spammers shall be able to reduce their costs further down to the cost of the Internet access.
Increasing Scope
While the cost savings on a national scope are already significant, the spammer can achieve even higher savings when going international. International calls are usually not covered by basic PSTN flat rate service offers. Hence, launching a spam campaign in an international scale would be rather costly. With VoIP, a spammer located in Germany can subscribe to a flat rate VoIP service in the U.S. and launch a spam campaign in the U.S. at costs similar to campaigns in Germany. Further, with the increased deployment of VoIP and the increased number of users that can be reached over VoIP directly without traversing a PSTN link, a spammer would be able to launch spam campaigns in a similar manner to email. Thereby, under the assumption that VoIP-to-VoIP calls are free of charge as is currently the case, a spammer sitting in the U.S. can initiate calls to receivers all around the world.
Identity Hiding
Usually spammers try to hide their identities, especially when distributing spam with fraudulent content. With email the spammer can forge the sender information in the emails, send the emails over open Simple Mail Transfer Protocol (SMTP) relays or directly to the recipients so as to avoid authentication, by using stolen email accounts and spoofing the sending IP address. Open SMTP relays are mail servers that are either manipulated or relay emails without authenticating the sender first.
Thereby, from the point of view of the receivers, the spam emails would be coming from the relays and the receivers can not determine the exact address of the sender. The high bandwidth usage when sending millions of messages over the same access to the Internet would probably alert the ISP to possible misuse. To avoid arising suspicion, the spammer can distribute the load by using a botnet consisting of thousands of bots.
With spam over PSTN this is more difficult. While the spammer can annonymize his calls, the origin of the call can still be traced by the network and the high number of calls placed by the spammer could make the network suspect that the phone line is being used for spam and block it. With this regard SIP-based services are more like email services.
The spammer can use botnets for distributing the load, use false sender information and send the SIP requests directly to the recipients without passing an authenticating proxy first.
Please come back on Tuesday, February 17th, 2009, to read the final posting on this topic.