VoIP Hacker Gets Prison: His Boss Gets Away

The first culprit in a duo of VoIP Hackers that defrauded more than a million dollars worth of call minutes form some of America’s largest IP telephony providers has been fined US$150,000 and will spend two years in prison for his effort.

Robert Moore, the 23-year-old hacker from Spokane, Washington, was the technical mind behind the duo’s crime and was involved after Edwin Pena, the scheme’s mastermind paid him US$23,000 to hack into the carrier networks.

This was achieved with relatively simple scripts using a combination of simple dictionary and brute-force attacks in combination with Google hacking. Pena then established a VoIP wholesaling business using the carrier supplied minutes to route his customer’s calls.

VoIP News reported in June last year Pena was making so much money he was forced to spend up large to hide his illegal profits adding several pieces of real estate, three luxury cars and a 40-foot motorboat to his portfolio. Federal agents reportedly confiscated a customized 2004 BMW M3 form the accused.

Moore has pleaded guilty to his role in the crime. However, the 23-year-old Venezuelan who hired him has fled the country after posting bail and has not been caught.

According to this report, Moore claims he wrote generic software to run brute-force attacks against Cisco XM routers and Quintum Tenor voice gateways. Brute force attacks were conducted against service provider networks in order to discover valid prefixes to let calls into their networks.

His software would generate 400 prefixes per second against the carrier gear, scanning randomly so as not to arouse the suspicions of the gear’s intrusion-detection systems. He restricted his attack to gateways using the H.323 signaling protocol, rather than SIP gear.

The pair also scanned known corporate IP addresses for machines that might be vulnerable to their attacks, Moore says. Pena purchased a 2GB database of corporate IP addresses and their subnet ranges for US$800, he says.

“The way we got into them is that most of the telecom administrators were using the most basic password – Cisco, Cisco or admin, admin. They weren’t hardening their boxes at all,” Moore says in the story.

The two found many devices had exposed SNMP ports allowing them to probe for information. “There were various object identifiers in the management database that would allow you to see critical information on a Cisco [router], like maybe [the] gateway where it’s routing to so we would know where to choose our target,” he says.

Moore said he wrote Google search strings that exposed Web interfaces on devices. “It was really easy actually to launch these things from Google to find these peoples’ switches,” he said.

Content for the Network World report quoted here came from an interview conducted with the hacker by thevoicereport.com.

Older news items
  • ShoreTel Lobs A Lawyer Back At Mitel -01/08/2007
  • NZ VoIP Start-up In Bitchy Marriage Break-Up -20/07/2007
  • T-Mobile Told To Route TruPhone -17/07/2007
  • Mitel Sues ShoreTel for Patent Infringement -27/06/2007
  • ACMA Proposal On Emergency VoIP -18/06/2007

Leave a Reply

Your email address will not be published. Required fields are marked *