Experts showed with a special program how easy it is for criminals to eavesdrop VoIP-based phone calls.

With a software e.g. SIPtap multiple VoIP call streams are monitored, and recording for remote inspection.
Criminal would only need be to infect a PC inside a network with a Trojan including these functions.

The program can track voip calls by caller and by recipient, and even by date.

With such a program organised crime could steal confidential data from governments, companies, and even the police.

"We are in the early days of VoIP, but there is a knowledge gap," said VoIP consultat Cox, complaining the naivety about VoIP's inherent security weaknesses. "Companies using VoIP internally think they are protected."
"The threat is that an attacker engineers a Trojan and has it sit there passively [on a network], recording calls from anywhere on the Internet," says Cox.

His advice was simple. "Apply the same vigour when building a VoIP network you would when building a website."

SIPtap a SIP Call Monitoring Demonstrator