Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Two Charged in VOIP Hacking Scandal

Authorities say two men ran a wholesale VOIP business using allegedly fake codes to load call traffic onto unsuspecting VOIP networks

Federal authorities pressed charges Thursday against a second man who helped perpetrate a VOIP wholesale scheme that defrauded at least 15 VOIP service providers.

Robert Moore of Spokane, Wash., also known as the "Spokane Hacker," was served papers Thursday but had not yet been taken into custody, according U.S. Attorney's Office spokesman Michael Drewniak.

On Wednesday, the U.S. Attorney's Office in New Jersey had filed charges against Edwin Andres Pena, who they say set up the allegedly fraudulent wholesale business -- called Fortes Telecom Inc. -- in 2004. (See 'Free' Skype Could Be Costly.)

After charging his service provider customers cheap rates to route their calls, Pena's company secretly routed the calls over the IP networks of at least 15 VOIP providers, according to court documents.

This was done using a two-step process.

Step One. The men obscured the origin of the calls by sending them through an "intermediary." The feds believe Pena, with help from Moore, scanned the networks of companies all over the world looking for network ports to use for routing calls. The New Jersey U.S. Attorney's Office said it obtained records from AT&T Inc. (NYSE: T) showing that, between June and October of last year, Moore ran more than 6 million scans for those susceptible ports.

The two eventually decided on routing calls through a router owned by an unnamed New Jersey-based hedge fund company. (See Ingate Secures VOIP.)

Step Two. With a "blind" established, Pena then needed to gain admittance for his customers' calls to be routed onto the networks of other VOIP providers.

VOIP providers tag their own calls with a unique identifier or "prefix" so they can be admitted to the network. Pena allegedly bombarded the VOIP providers' networks with test calls -- each carrying a different prefix -- until he found one that was admitted to the network. He then tagged all his fraudelent calls with the winning prefix.

Having penetrated the networks of VOIP telephone service providers, Pena programmed the third party's computer networks to use the illegally obtained proprietary prefix to route calls of customers of his companies, federal authorities say.

The Pena case will certainly revive the issue of security among VOIP providers. Many in the VOIP community are all too aware of the security perils of running calls over the Internet. "This hacker's approach is certainly not a surprise to those in the Internet community who follow these types of issues," says Brian Lustig, spokesman for VOIP provider SunRocket Inc. . "It is just another variation of fraud that can be perpetrated."

So what does the VOIP community intend to do to protect itself from hacking? "The industry as a whole -- including Sun Rocket -- is already hard at work on standards and security measures that can prevent this type of activity," Lustig says.

Pena was taken into custody today and was scheduled to appear in court Thursday. Moore will appear in court soon, Drewniak said.

— Mark Sullivan, Reporter, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
CVE-2019-17611
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.