Good article on business VoIP security from BusinessWeek:

It’s become a familiar pattern in online security. A groundbreaking way to communicate emerges, spreads like wildfire, and then hackers find a way to use it to their advantage. Security companies react—but not before the problem has succeeded in wreaking havoc. It happened with e-mail and is happening now with instant messaging and mobile devices.

Unlike calls sent over traditional networks, VoIP calls are often routed over the public Internet, and details of those transactions can be spied on by outsiders. Law-enforcement officials allege that’s how Edwin Andres Pena and Robert Moore were able to steal so-called bandwidth, or the network space needed to carry Internet phone calls, and then resell it to unsuspecting patrons. The two Miami men have been charged with racking up some $1 million in ill-gotten gains. The calls were routed through a Newark (N.J.) front company called N.T.P.

Long before VoIP was developed, copper-wire networks were similarly vulnerable. But in the 1970s, service providers separated the voice networks from the data that controls and routes the calls, making it impossible to perform such hacks, says Dan Ingevaldson, director of technology strategy for ISS, a security company that has been watching the VoIP threat for some time. "There’s no regulator, no control, no one person to validate what’s on your network, so there’s the opportunity for abuse," he says.