Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VoIP Security Alert: Hackers Start Attacking For Cash

IP phone crooks are learning how to rake in the dough. An owner of two small Miami Voice over IP telephone companies was arrested last week and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. That let him collect from customers without paying any fees to route calls.

Hacking has become a decidedly for-profit crime, with crooks intent on theft rather than disruption. Voice over IP hasn't been a big target, but only because crooks haven't figured out how to make money off breaking in.

In that sense, Edwin Pena is a pioneer if federal prosecutors' allegations are true. Edwin Pena had been making easy cash for almost 18 months and sold about 10 million minutes before law enforcement caught up with him yesterday morning, prosecutors say. The newfound magnate is alleged to have lavishly spent his takings on luxury cars, a 40-foot Sea Ray motorboat, and Miami-area real estate. Now he faces losing all that and spending up to 25 years in jail, in addition to paying $500,000 in fines.

Pena didn't carry out his plan alone, according to authorities. He paid $20,000 to Spokane, Wash., resident Robert Moore, who helped Pena scan VoIP providers for security holes with a code cracking method called brute force. They sent these companies millions of test calls, guessing at proprietary prefixes encoded on packet headers used to show that VoIP calls are legit, until the right one gave them access. The two also hacked into computers at a Rye Brook, N.Y., investment company and set up other servers to make it seem like they were sending calls from third parties through more than 15 VoIP providers.

Those companies have to pay for access to the Internet's backbone, and they found themselves with up to $300,000 in charges for access stolen through Pena's hacks, authorities say. Yet it's not only carriers that could be concerned with the type of attack Pena and Moore launched, says Seshu Madhavapeddy, CEO of VoIP security company Sipera Systems.

  • 1