Risk
9/28/2010
04:27 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

VoIP Hacker Sentenced To 10 Years

The scheme involved defrauding Internet phone service providers to the tune of $1.4 million.

United States Attorney Paul J. Fishman on Friday said that Edwin Andres Pena, 27, had been sentenced to 120 months in prison and ordered to pay over $1 million in restitution for his role in the hacking and defrauding of Internet telephony service providers.

Pena is the first individual to be charged with hacking the networks of VoIP companies and reselling their services for a profit.

Pena, a citizen of Venezuela, was arrested in 2006 but fled the U.S. shortly thereafter. He was recaptured in Mexico in February, 2009, and subsequently extradited back to the U.S. He pleaded guilty to conspiring to commit computer hacking and wire fraud and to committing wire fraud this past February.

Fishman in a statement characterized hackers as no different than bank robbers.

"Theft is theft whether you rob a bank or hack into somebody else's network and steal their services," he said. "Hackers attacking new and emerging technologies should not assume that law enforcement cannot keep up with them, even when they operate from the shadows or from other countries."

Pena, with the help of co-conspirator Robert Moore, who was sentenced to 24 months for his role in the scheme, defrauded VoIP service providers by masquerading as a legitimate provider of wholesale Internet phone service. Pena purportedly sold discounted service plans to customers. In fact, he was selling service stolen from other VoIP providers.

Pena and Moore were able to find vulnerable VoIP networks through extensive port scanning. According to AT&T records provided to the prosecution, Moore initiated over six million scans of AT&T's network between June 2005 and October 2005. Pena sold over 10 million minutes of VoIP service hijacked from other networks, resulting in losses estimated to be $1.4 million in less than a year.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio