Risk

9/28/2010
04:27 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

VoIP Hacker Sentenced To 10 Years

The scheme involved defrauding Internet phone service providers to the tune of $1.4 million.

United States Attorney Paul J. Fishman on Friday said that Edwin Andres Pena, 27, had been sentenced to 120 months in prison and ordered to pay over $1 million in restitution for his role in the hacking and defrauding of Internet telephony service providers.

Pena is the first individual to be charged with hacking the networks of VoIP companies and reselling their services for a profit.

Pena, a citizen of Venezuela, was arrested in 2006 but fled the U.S. shortly thereafter. He was recaptured in Mexico in February, 2009, and subsequently extradited back to the U.S. He pleaded guilty to conspiring to commit computer hacking and wire fraud and to committing wire fraud this past February.

Fishman in a statement characterized hackers as no different than bank robbers.

"Theft is theft whether you rob a bank or hack into somebody else's network and steal their services," he said. "Hackers attacking new and emerging technologies should not assume that law enforcement cannot keep up with them, even when they operate from the shadows or from other countries."

Pena, with the help of co-conspirator Robert Moore, who was sentenced to 24 months for his role in the scheme, defrauded VoIP service providers by masquerading as a legitimate provider of wholesale Internet phone service. Pena purportedly sold discounted service plans to customers. In fact, he was selling service stolen from other VoIP providers.

Pena and Moore were able to find vulnerable VoIP networks through extensive port scanning. According to AT&T records provided to the prosecution, Moore initiated over six million scans of AT&T's network between June 2005 and October 2005. Pena sold over 10 million minutes of VoIP service hijacked from other networks, resulting in losses estimated to be $1.4 million in less than a year.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11403
PUBLISHED: 2018-05-24
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
CVE-2018-11404
PUBLISHED: 2018-05-24
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
CVE-2018-11405
PUBLISHED: 2018-05-24
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
CVE-2018-11410
PUBLISHED: 2018-05-24
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-11399
PUBLISHED: 2018-05-24
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.