VoIP operators got a rude security awakening last month after Edwin Andres Pena of Miami, Florida was arrested for allegedly hacking into the networks of VoIP service providers and fraudulently reselling more than 10 million minutes of calls worth over $1 million.
The actual hack was an interesting variation of the old fraud technique of selling IDD minutes using a compromised company PBX. According to Networking Pipeline, Pena used a brute-force attack of test calls to get the right prefix for each network, then recruited a partner in Washington state to hack the ports and routers of private companies for IP addresses and network administrator names and passwords, which Pena then used to reprogram the routers to VoIP calls and disguise the source of the traffic. He then used the prefix access codes to fool VoIP carriers receiving his traffic into thinking that the calls were legitimate.
Not unexpectedly, security companies have jumped all over the Pena case, highlighting the importance of VoIP security, and even the dangers of VoIP viruses and phishing over VoIP.