Risk
9/28/2010
04:27 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

VoIP Hacker Sentenced To 10 Years

The scheme involved defrauding Internet phone service providers to the tune of $1.4 million.

United States Attorney Paul J. Fishman on Friday said that Edwin Andres Pena, 27, had been sentenced to 120 months in prison and ordered to pay over $1 million in restitution for his role in the hacking and defrauding of Internet telephony service providers.

Pena is the first individual to be charged with hacking the networks of VoIP companies and reselling their services for a profit.

Pena, a citizen of Venezuela, was arrested in 2006 but fled the U.S. shortly thereafter. He was recaptured in Mexico in February, 2009, and subsequently extradited back to the U.S. He pleaded guilty to conspiring to commit computer hacking and wire fraud and to committing wire fraud this past February.

Fishman in a statement characterized hackers as no different than bank robbers.

"Theft is theft whether you rob a bank or hack into somebody else's network and steal their services," he said. "Hackers attacking new and emerging technologies should not assume that law enforcement cannot keep up with them, even when they operate from the shadows or from other countries."

Pena, with the help of co-conspirator Robert Moore, who was sentenced to 24 months for his role in the scheme, defrauded VoIP service providers by masquerading as a legitimate provider of wholesale Internet phone service. Pena purportedly sold discounted service plans to customers. In fact, he was selling service stolen from other VoIP providers.

Pena and Moore were able to find vulnerable VoIP networks through extensive port scanning. According to AT&T records provided to the prosecution, Moore initiated over six million scans of AT&T's network between June 2005 and October 2005. Pena sold over 10 million minutes of VoIP service hijacked from other networks, resulting in losses estimated to be $1.4 million in less than a year.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Dark Reading Radio