A new toolkit is available free of charge that will allow a hacker to intercept and listen to conversations over a voice over IP (VoIP) network. VoIP is susceptible to many attacks, such as toll fraud, SPIT, malformed messages, call hijacking, call eavesdropping and call modification.
UCSniff is a bundle of new and previously released open source software that is being released by Sipera Systems. There is a catch to using the software -- you must have physical access to the target a company's network. It requires you to plug into an Ethernet port and run the software locally, so this type of attack would come from an internal source such as an administrator or network engineer. The software will even allow you to target a specific number or dial-by-name feature.
Sipera Systems insists that the tool is for educational purposes. But the concern here is that an unscrupulous person might tap into their organization's network and monitor VoIP conversations undetected. These tools that claim to be for "educational" purposes have long been a double-edged sword for IT security. Some of them are very useful, and in the hands of a professional they are used to monitor and protect an organization's network. These same tools in the hands of a hacker can be used to break into a network or, in this case, listen to phone conversations. I am very concerned when I hear the words, "for educational purposes." I usually wonder, mine or a hacker's?