Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Two Charged in VOIP Hacking Scandal

Authorities say two men ran a wholesale VOIP business using allegedly fake codes to load call traffic onto unsuspecting VOIP networks

Federal authorities pressed charges Thursday against a second man who helped perpetrate a VOIP wholesale scheme that defrauded at least 15 VOIP service providers.

Robert Moore of Spokane, Wash., also known as the "Spokane Hacker," was served papers Thursday but had not yet been taken into custody, according U.S. Attorney's Office spokesman Michael Drewniak.

On Wednesday, the U.S. Attorney's Office in New Jersey had filed charges against Edwin Andres Pena, who they say set up the allegedly fraudulent wholesale business -- called Fortes Telecom Inc. -- in 2004. (See 'Free' Skype Could Be Costly.)

After charging his service provider customers cheap rates to route their calls, Pena's company secretly routed the calls over the IP networks of at least 15 VOIP providers, according to court documents.

This was done using a two-step process.

Step One. The men obscured the origin of the calls by sending them through an "intermediary." The feds believe Pena, with help from Moore, scanned the networks of companies all over the world looking for network ports to use for routing calls. The New Jersey U.S. Attorney's Office said it obtained records from AT&T Inc. (NYSE: T) showing that, between June and October of last year, Moore ran more than 6 million scans for those susceptible ports.

The two eventually decided on routing calls through a router owned by an unnamed New Jersey-based hedge fund company. (See Ingate Secures VOIP.)

Step Two. With a "blind" established, Pena then needed to gain admittance for his customers' calls to be routed onto the networks of other VOIP providers.

VOIP providers tag their own calls with a unique identifier or "prefix" so they can be admitted to the network. Pena allegedly bombarded the VOIP providers' networks with test calls -- each carrying a different prefix -- until he found one that was admitted to the network. He then tagged all his fraudelent calls with the winning prefix.

Having penetrated the networks of VOIP telephone service providers, Pena programmed the third party's computer networks to use the illegally obtained proprietary prefix to route calls of customers of his companies, federal authorities say.

The Pena case will certainly revive the issue of security among VOIP providers. Many in the VOIP community are all too aware of the security perils of running calls over the Internet. "This hacker's approach is certainly not a surprise to those in the Internet community who follow these types of issues," says Brian Lustig, spokesman for VOIP provider SunRocket Inc. . "It is just another variation of fraud that can be perpetrated."

So what does the VOIP community intend to do to protect itself from hacking? "The industry as a whole -- including Sun Rocket -- is already hard at work on standards and security measures that can prevent this type of activity," Lustig says.

Pena was taken into custody today and was scheduled to appear in court Thursday. Moore will appear in court soon, Drewniak said.

— Mark Sullivan, Reporter, Light Reading

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-04
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attac...
PUBLISHED: 2020-06-04
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
PUBLISHED: 2020-06-04
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
PUBLISHED: 2020-06-04
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
PUBLISHED: 2020-06-04
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded ...