Schneier on Security
A blog covering security and security technology.
« U.S./Mexican Security Barrier |
| Random Number Generators »
June 13, 2006
$1M VoIP Scam
Lots of details.
The basic service that Pena provided is not uncommon. Telecommunications brokers often buy long-distance minutes from carriers -- especially VoIP carriers -- and then re-sell those minutes directly to customers. They make money by marking up the services they buy from carriers.
Pena sold minutes to customers, but rather than buy the minutes, he instead decided to hack into the Internet phone company networks, and route calls over those networks surreptitiously, say prosecutors. So he had to pay virtually no costs for providing phone service.
Posted on June 13, 2006 at 2:15 PM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Actually, there are very few details; this article is full of technobabble, and while one gets the impression that part of the endeavor involved compromising routers and doing some VPN tunneling through/to them, it's about as clear as mud what actually took place. Were the routers configured as SIP gateways before the attack, or by the attacker? How was all this woven together? What's this about 'ports' - is the author talking about TCP or UDP ports, or voice ports on a VoIP PBX hooked into the PSTN, or what?
So, this story, far from providing useful details, instead provides no real information at all, and only confuses things any further.
To the layman, what you just said was a bunch of technobabble. :-)
Clear as mud to some, perfectly clear to others.
He found a firm with plenty of bandwidth and a vulnerable VOIP enabled router, then he compromised it and routed his traffic through it using spoofed information so that the calls would appear to have originated on the VOIP/POTS/PSTN gateway provider's equipment.
End of Story.
That help any?
The Devil is in the details.
I find it much more likely he found a router (or many routers) all setup and open for VOIP phone calls and just used them.
Just like an Email Open Relay. Now the company that had the Open VOIP reply does not want to pay the bill and they are blaming Pena.
I agree with Roland lots of techno-babble without substance. Too many details. How did they get such a complete picture? Smells like smoke to coverup the fact no one knows what happened.
@AG - Indeed, however there would almost certainly be a small group of people somewhere who know exactly what happened but who are too embarrassed or too scared to talk :-)
"The bottom line in all this?", asks Preston Gralla.
The bottom line in all this is that a con man is a businessman who doesn't understand the value of return custom.
If Gralla's account is accurate, then Pena sold $1 million of calls without paying for them; whereas if he _had_ paid the $300,000 wholesale rate, he would still be $ 0.7 million richer and would now be lining up another round of business instead of rotting in prison.
Maybe he didn't have the resources to set it up in the first place.
$300,000 is a lot and he would have needed to secure it in the first place.
But yeah, the sentiment is correct. Hell it shows there is a good business op there. Anyone here going to pick it up and run with it?
In some countires this happens all the time. Usaly ppl who work for the network, and often they steal the auctual network not VoIP. We had to develop software that made it easier to find were the comprimised switches were are who worked on em etc.
i just learned a new word:"surreptitiously"
@roger @blair: Similar concept - a while back I saw on TV a demonstration that was performed in front of the US Capitol for some bill they were considering. They had some car thieves (reformed, one presumes) strip a car, an 8-year old Cadillac, in about 5 minutes. Supposedly the parts from the car would be worth $75,000 once they were done with it.
At that point one wonders why they dont just buy the damned thing for $10,000 used and still clear $65,000 - then they could skip the whole "sneak/jail/get shot" risk thing.
I suspect the numbers presented arent valid. Kind of like the software/entertainment industry losing $50Bn every year to pirates. Only if every single "free" copy had been bought at full retail "quantity 1" price but without production costs and not requiring any support or returns.
I love VoIP insecurity. :-) It's so great to have the feeling that people don't understand that it's impossible to think on triple play as converging business. It's also converging problems. I'm currently working with VoIP and IPTV and it's shocking to see that while VoIP providers still in the kindergarden of telephony security, Voice providers are still in the kindergarden of the TV security. The cultures are so so so different!
It's such a full potential for technology enhancements. Really a hot area to read about.
I have been using tringotel business line for the past few months. No major complaints about call quality.
Lots of great features and very easy to customize. But, there is no way to set up multiple voicemail boxes. This is unfortunate because I have a partner. You can use an answering machine with multiple boxes instead, but all of the great Voip voicemail features (including. .wav messages to email) are lost. Lingo and vonage might have the same weakness.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.