"A million bucks in stolen calls"...Details

Fri Jun 9 11:15:09 PDT 2006

Here's some more details.

So...does this amount to trespassing or merely arresting two guys for 
running traffic you don't like?

This also implies that CALEA probably isn't even necessary in a lot of 
cases. NSA can probably surreptitiously copy and route traffic to themselves 
through intermediate networks.

Come to think of it, this may imply that something like CALEA is far easier 
in the packet world than it was in the circuit switched world.

One implication is that VoIP can't really be secure unless we can hide the 
routing and not just the pakcet contents, but of course this isn't a new 
problem as recent events a la NSAT&T prove.

Anyway...

Two Charged in VOIP Hacking Scandal

JUNE 9, 2006 | Federal authorities pressed charges Thursday against a second 
man who helped perpetrate a VOIP wholesale scheme that defrauded at least 15 
VOIP service providers.

Robert Moore of Spokane, Wash., also known as the "Spokane Hacker," was 
served papers Thursday but had not yet been taken into custody, according 
U.S. Attorney's Office spokesman Michael Drewniak.

On Wednesday, the U.S. Attorney's Office in New Jersey had filed charges 
against Edwin Andres Pena, who they say set up the allegedly fraudulent 
wholesale business -- called Fortes Telecom Inc. -- in 2004. (See 'Free' 
Skype Could Be Costly.)

After charging his service provider customers cheap rates to route their 
calls, Pena's company secretly routed the calls over the IP networks of at 
least 15 VOIP providers, according to court documents.

This was done using a two-step process.

Step One. The men obscured the origin of the calls by sending them through 
an "intermediary." The feds believe Pena, with help from Moore, scanned the 
networks of companies all over the world looking for network ports to use 
for routing calls. The New Jersey U.S. Attorney's Office said it obtained 
records from AT&T Inc. (NYSE: T - message board) showing that, between June 
and October of last year, Moore ran more than 6 million scans for those 
susceptible ports.

The two eventually decided on routing calls through a router owned by an 
unnamed New Jersey-based hedge fund company. (See Ingate Secures VOIP.)

Step Two. With a "blind" established, Pena then needed to gain admittance 
for his customers' calls to be routed onto the networks of other VOIP 
providers.

VOIP providers tag their own calls with a unique identifier or "prefix" so 
they can be admitted to the network. Pena allegedly bombarded the VOIP 
providers' networks with test calls -- each carrying a different prefix -- 
until he found one that was admitted to the network. He then tagged all his 
fraudelent calls with the winning prefix.

Having penetrated the networks of VOIP telephone service providers, Pena 
programmed the third party's computer networks to use the illegally obtained 
proprietary prefix to route calls of customers of his companies, federal 
authorities say.

The Pena case will certainly revive the issue of security among VOIP 
providers. Many in the VOIP community are all too aware of the security 
perils of running calls over the Internet. "This hacker's approach is 
certainly not a surprise to those in the Internet community who follow these 
types of issues," says Brian Lustig, spokesman for VOIP provider SunRocket 
Inc. . "It is just another variation of fraud that can be perpetrated."

So what does the VOIP community intend to do to protect itself from hacking? 
"The industry as a whole -- including Sun Rocket -- is already hard at work 
on standards and security measures that can prevent this type of activity," 
Lustig says.

Pena was taken into custody today and was scheduled to appear in court 
Thursday. Moore will appear in court soon, Drewniak said.

 Mark Sullivan, Reporter, Light Reading