[ISN] Hacker Said to Resell Internet Phone Service

InfoSec News isn at c4i.org
Thu Jun 8 05:03:21 EDT 2006


June 7, 2006

Federal authorities arrested one man in Miami and another in Spokane,
Wash., today in connection with what they said was a hacking scheme
involving the resale of Internet telephone service.

The suspects were said to have illegally tapped into the lines of
legitimate Internet phone companies, saddling them with the expense of
extra traffic, while collecting more than $1 million in connection

The case, one of the first involving this kind of elaborate Internet
phone hacking, illustrated how Internet-based communications may be
criminally exploited, and raised fresh questions about the security of
phone traffic over largely unregulated networks.

Prosecutors say that starting in November 2004, the man arrested in
Miami - Edwin Andres Pena, 23, a Venezuelan who has permanent
residency in the United States - used two companies he created to
offer wholesale phone connections at discounted rates to small
Internet phone companies.

Instead of buying access to other networks to connect his clients'
calls, Mr. Pena paid about $20,000 to Robert Moore, the man arrested
in Spokane, to create "what amounted to 'free' routes by
surreptitiously hacking into the computer networks" of unwitting
Internet phone providers, and then routing his customers' calls over
those providers' systems, according to the federal complaint.

To evade detection, Mr. Pena is said to have hacked into computers run
by an unsuspecting investment company in Rye Brook, N.Y.,
commandeering its unprotected servers to re-route phone traffic
through them. These steps made it appear as if this company was
sending calls to more than 15 Internet phone companies.

In one three-week period, for instance, prosecutors say that one of
the victimized Internet phone providers, based in Newark, received
about 500,000 calls that were made to look as if they came from the
company in Rye Brook.

In all, more than 15 Internet phone companies, including the one in
Newark, were left having to pay as much as $300,000 each in connection
fees for routing the phone traffic to other carriers, without
receiving any revenue for the calls, prosecutors said.

"Emerging technologies and the Internet represent a sea of opportunity
for business, but also for sophisticated criminals," Christopher J.  
Christie, the United States Attorney for New Jersey, said in a
statement. "The challenge, which we and the F.B.I. continue to meet
with investigations and prosecutions like this one, is to stay ahead
of the cyber-criminal and protect legitimate commerce."

The companies in Newark and Rye Brook, and others said to have been
victimized, were not identified by name in the complaint, which was
filed with the United States District Court in Newark.

Mr. Pena, however, appears to have used the money he received from his
customers to go on a spending spree, buying real estate in south
Florida, a 40-foot Sea Ray Mercruiser motor boat, and luxury cars
including a BMW and a Cadillac Escalade.

Mr. Pena appeared to be smitten with his possessions, frequently
posting pictures of his cars on Web sites devoted to car enthusiasts.

So far, most of the concern about the safety of Internet-based
communications has focused on the ability of criminals to eavesdrop on
calls, to fake caller ID's and to steal long-distance phone service.

In this case, Mr. Pena is said to have mimicked legitimate
telecommunications brokers, who typically help connect long distance
calls by buying minutes from large carriers and reselling them for a
profit to smaller phone companies.

More information about the ISN mailing list