Video killed the revenue, sir

A report this week that video conferencing facilities are vulnerable to fraud once again raises the question about technological versus behavioural safeguards.

London-based consultancy City Conferencing has released a white paper outlining what it claims is a serious vulnerability, one that is caused in mixed ISDN/IP environments.

Polycom, one of the biggest players in the video conferencing equipment game, has issued a response to silicon.com that shows how secure its kit can be. It's encouraging to hear, though older equipment may still prove to be a weak point in companies, as is often the case.

There are two issues at stake here. First, there is the idea of equipment that is shipped locked down. Traditionally too many settings across all kinds of kit have been left on default or completely open. It doesn't take a genius to get into a system this way.

The good news is that mainstream technology of all types - whether from a Cisco, Microsoft or Polycom - is increasingly forcing users to set up unique passwords and settings 'out of the box' - or the equipment won't work.

Of course in the past this was seen as a user-'unfriendly' barrier and the danger is that it will take years for some vulnerable equipment to be phased out.

The other issue is that there are clever crooks out there and embarrassed organisations. Most people have heard about a now legendary case, otherwise known as the New York/Russian courier scam. A fake motorbike courier would travel up and down Manhattan each day, going in to buildings with fake packages for people. When informed there had been a mistake, the rider would ask to borrow the receptionist's phone - just for a minute.

Of course those five minutes on the phone were spent calling a premium rate number - based in Moscow - and owned by the same criminal syndicate employing the bogus courier. The crooks racked up a hefty sum that way.

Similar scams have been reported closer to home. And the problem, according to some experts, isn't just that certain organisations are loathe to admit they've 'been had' but that clever criminals may never be detected, especially in an automated environment.

Simon Dudley, director at City Conferencing, told silicon.com: "The real danger are those fraudsters who will farm rather than rape a company. They won't go all out in one month but maybe rack up a few thousand pounds of calls each month, quietly."

In many City institutions, if phone bills don't go up more than 20 per cent in a quarter, they are rubber stamped and paid without much investigation. Whether it's a compromised computer or video conferencing system that allows that, or a cleaner with an eye for crime, organisations need to be on their guard.