Fugitive hacker indicted for running VoIP scam

Computerworld - Just days after his apprehension in Mexico following two years on the run from law enforcement authorities, an alleged hacker was indicted this week by a federal grand jury for hacking into the computer networks of voice-over-IP service providers.

Edwin Pena had been arrested in June 2006 on computer and wire fraud charges. The U.S. government charged that Pena and a cohort hacked into the computer networks from November 2004 to May 2006. Pena then resold the VoIP services to his own customers.

The 20-count indictment handed down by the grand jury on Tuesday includes charges of wire fraud, computer hacking and conspiracy. According to the U.S. Department of Justice, wire fraud carries a maximum penalty of 20 years in prison and a $250,000 fine. The conspiracy and the computer-hacking violations each carry a maximum penalty of five years in prison and a fine of $250,000.

According to the U.S. attorney's office in Newark, N.J., Pena and co-conspirator Robert Moore, of Spokane, Wash., stole and sold more than 10 million minutes of VoIP service, causing the VoIP providers to lose more than $1.4 million in less than a year.

Pena was first charged on June 6, 2006. The government contends that he fled the country to avoid prosecution on Aug. 12. He was apprehended by Mexican authorities earlier this month and is still being held there. U.S. prosecutors are seeking extradition.

In the fall of 2007, Moore pleaded guilty of conspiracy to commit computer fraud. He currently is serving a two-year sentence in federal prison.

Federal investigators contend that Moore acted as the hacker and that Pena was the mastermind behind the scheme. But while Moore went to prison, Pena went on the run.

VoIP systems route telephone calls over the Internet or other IP-based networks.

As part of the scheme, Moore's job was to scan telecommunications company networks around the world, searching for unsecured ports. It was noted in the criminal complaint that between June 2005 and October 2005, Moore ran more than 6 million scans of network ports within AT&T's network alone.

The complaint alleges that once Moore found unsecured networks, he would then e-mail Pena information about the types of routers on the vulnerable networks, along with corresponding usernames and passwords. Then, according to the government, Pena would reprogram the vulnerable networks so they would accept his rogue telephone traffic.

The government charges that Pena ran brute-force attacks on VoIP providers to find the proprietary codes they used to identify and accept authorized calls coming into their networks. He allegedly would then use the codes to surreptitiously route his own calls through their systems.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.