Feeds

Fugitive VOIP hacker cuffed in Mexico

More than 10 million minutes hijacked

Secure remote control for conventional and virtual desktops

A fugitive hacker accused of illegally rerouting millions of dollars worth of VOIP calls through telecommunications companies' networks has been apprehended in Mexico.

Edwin Andres Pena was arrested Friday by Mexican authorities, Assistant US Attorney Erez Liebermann said. He had been on the lam since August 2006, when he skipped out on a $100,000 bond secured by the Miami home that belonged to the mother of his girlfriend. The US government is seeking to have him extradited.

Pena and cohort Robert Moore were arrested in June of 2006 and charged with felony wire and computer fraud. They were accused of carrying out a scheme that routed more than 10 million minutes of voice-over-internet-protocol calls over the networks of a dozen or so telecommunications providers without their permission. The suspects breached the networks by using brute force attacks that continually cycled through a large number of possible security telephone prefixes until the precise codes were determined.

To conceal the ruse, Pena hired Moore to scan for vulnerable networks of unsuspecting companies. Pena routed the calls through the hacked networks to prevent the telecommunications companies from detecting the true source of the traffic. Between June and October of 2005, Moore used a single AT&T broadband account to perform more than 6 million scans, according to court documents.

Moore pleaded guilty to conspiracy to commit computer fraud. He is currently behind bars serving a two-year sentence. He is expected to be released in the next several months, according to this blog.

Word of Pena's capture was reported earlier by Computerworld.

Because his scheme piggybacked off the resources of others, virtually all of Pena's revenue was profit. That allowed him to sell long-distance calls for as low as four-tenths of a cent per minute. The scheme cost each of the defrauded telecom providers an average of $300,000 in routing expenses, prosecutors said.

Pena deposited more than $1m into several bank accounts he opened to launder the proceeds. He also directed the money to be spent on residential real estate in Miami, a 40-foot Sea Ray Mercruiser boat, a 2004 BMW M3, and several other high-priced luxury vehicles. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.