Recently, a VoIP (voice over Internet protocol) technique with a new hierarchical data security protection (HDSP) scheme was proposed by using a secret chaotic bit sequence. This paper points out some insecure properties of the HDSP scheme, and then uses them to develop known/chosen-plaintext attacks. The following main findings are: 1) given n known plaintexts, about (100 − 50 2 n ) percent of secret chaotic bits can be uniquely determined; 2) given only one specially-chosen plaintext, all secret chaotic bits can be uniquely derived; 3) the secret key can be derived with practically small computational complexity when only one plaintext is known (or chosen). These facts reveal that HDSP is very weak against known/chosen-plaintext attacks. Experiments are given to show the feasibility of the proposed attacks. Furthermore, it is also found that the security of HDSP against the brute-force attack is not practically strong. Finally, some countermeasures are discussed for enhancing the security of HDSP, and several basic principles are suggested for the design of a secure encryption scheme.