http://www.nytimes.com/2006/06/07/technology/07cnd-voice.html By KEN BELSON and TOM ZELLER Jr. June 7, 2006 Federal authorities arrested one man in Miami and another in Spokane, Wash., today in connection with what they said was a hacking scheme involving the resale of Internet telephone service. The suspects were said to have illegally tapped into the lines of legitimate Internet phone companies, saddling them with the expense of extra traffic, while collecting more than $1 million in connection fees. The case, one of the first involving this kind of elaborate Internet phone hacking, illustrated how Internet-based communications may be criminally exploited, and raised fresh questions about the security of phone traffic over largely unregulated networks. Prosecutors say that starting in November 2004, the man arrested in Miami - Edwin Andres Pena, 23, a Venezuelan who has permanent residency in the United States - used two companies he created to offer wholesale phone connections at discounted rates to small Internet phone companies. Instead of buying access to other networks to connect his clients' calls, Mr. Pena paid about $20,000 to Robert Moore, the man arrested in Spokane, to create "what amounted to 'free' routes by surreptitiously hacking into the computer networks" of unwitting Internet phone providers, and then routing his customers' calls over those providers' systems, according to the federal complaint. To evade detection, Mr. Pena is said to have hacked into computers run by an unsuspecting investment company in Rye Brook, N.Y., commandeering its unprotected servers to re-route phone traffic through them. These steps made it appear as if this company was sending calls to more than 15 Internet phone companies. In one three-week period, for instance, prosecutors say that one of the victimized Internet phone providers, based in Newark, received about 500,000 calls that were made to look as if they came from the company in Rye Brook. In all, more than 15 Internet phone companies, including the one in Newark, were left having to pay as much as $300,000 each in connection fees for routing the phone traffic to other carriers, without receiving any revenue for the calls, prosecutors said. "Emerging technologies and the Internet represent a sea of opportunity for business, but also for sophisticated criminals," Christopher J. Christie, the United States Attorney for New Jersey, said in a statement. "The challenge, which we and the F.B.I. continue to meet with investigations and prosecutions like this one, is to stay ahead of the cyber-criminal and protect legitimate commerce." The companies in Newark and Rye Brook, and others said to have been victimized, were not identified by name in the complaint, which was filed with the United States District Court in Newark. Mr. Pena, however, appears to have used the money he received from his customers to go on a spending spree, buying real estate in south Florida, a 40-foot Sea Ray Mercruiser motor boat, and luxury cars including a BMW and a Cadillac Escalade. Mr. Pena appeared to be smitten with his possessions, frequently posting pictures of his cars on Web sites devoted to car enthusiasts. So far, most of the concern about the safety of Internet-based communications has focused on the ability of criminals to eavesdrop on calls, to fake caller ID's and to steal long-distance phone service. In this case, Mr. Pena is said to have mimicked legitimate telecommunications brokers, who typically help connect long distance calls by buying minutes from large carriers and reselling them for a profit to smaller phone companies. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 08 2006 - 02:08:56 PDT