$1M VoIP Scam

Lots of details.

The basic service that Pena provided is not uncommon. Telecommunications brokers often buy long-distance minutes from carriers—especially VoIP carriers—and then re-sell those minutes directly to customers. They make money by marking up the services they buy from carriers.

Pena sold minutes to customers, but rather than buy the minutes, he instead decided to hack into the Internet phone company networks, and route calls over those networks surreptitiously, say prosecutors. So he had to pay virtually no costs for providing phone service.

Posted on June 13, 2006 at 2:15 PM15 Comments


Roland Dobbins June 13, 2006 2:36 PM

Actually, there are very few details; this article is full of technobabble, and while one gets the impression that part of the endeavor involved compromising routers and doing some VPN tunneling through/to them, it’s about as clear as mud what actually took place. Were the routers configured as SIP gateways before the attack, or by the attacker? How was all this woven together? What’s this about ‘ports’ – is the author talking about TCP or UDP ports, or voice ports on a VoIP PBX hooked into the PSTN, or what?

So, this story, far from providing useful details, instead provides no real information at all, and only confuses things any further.

RvnPhnx June 13, 2006 4:04 PM

Clear as mud to some, perfectly clear to others.
He found a firm with plenty of bandwidth and a vulnerable VOIP enabled router, then he compromised it and routed his traffic through it using spoofed information so that the calls would appear to have originated on the VOIP/POTS/PSTN gateway provider’s equipment.
End of Story.
That help any?

AG June 13, 2006 4:27 PM

The Devil is in the details.

I find it much more likely he found a router (or many routers) all setup and open for VOIP phone calls and just used them.

Just like an Email Open Relay. Now the company that had the Open VOIP reply does not want to pay the bill and they are blaming Pena.

I agree with Roland lots of techno-babble without substance. Too many details. How did they get such a complete picture? Smells like smoke to coverup the fact no one knows what happened.

Rob Mayfield June 13, 2006 5:27 PM

@AG – Indeed, however there would almost certainly be a small group of people somewhere who know exactly what happened but who are too embarrassed or too scared to talk 🙂

Roger June 13, 2006 8:15 PM

“The bottom line in all this?”, asks Preston Gralla.

The bottom line in all this is that a con man is a businessman who doesn’t understand the value of return custom.

If Gralla’s account is accurate, then Pena sold $1 million of calls without paying for them; whereas if he had paid the $300,000 wholesale rate, he would still be $ 0.7 million richer and would now be lining up another round of business instead of rotting in prison.

Blair June 13, 2006 10:28 PM


Maybe he didn’t have the resources to set it up in the first place.
$300,000 is a lot and he would have needed to secure it in the first place.

But yeah, the sentiment is correct. Hell it shows there is a good business op there. Anyone here going to pick it up and run with it?

greg June 14, 2006 5:13 AM

In some countires this happens all the time. Usaly ppl who work for the network, and often they steal the auctual network not VoIP. We had to develop software that made it easier to find were the comprimised switches were are who worked on em etc.

bob June 14, 2006 10:23 AM

@roger @blair: Similar concept – a while back I saw on TV a demonstration that was performed in front of the US Capitol for some bill they were considering. They had some car thieves (reformed, one presumes) strip a car, an 8-year old Cadillac, in about 5 minutes. Supposedly the parts from the car would be worth $75,000 once they were done with it.

At that point one wonders why they dont just buy the damned thing for $10,000 used and still clear $65,000 – then they could skip the whole “sneak/jail/get shot” risk thing.

I suspect the numbers presented arent valid. Kind of like the software/entertainment industry losing $50Bn every year to pirates. Only if every single “free” copy had been bought at full retail “quantity 1” price but without production costs and not requiring any support or returns.

Andre Fucs June 14, 2006 6:05 PM

I love VoIP insecurity. 🙂 It’s so great to have the feeling that people don’t understand that it’s impossible to think on triple play as converging business. It’s also converging problems. I’m currently working with VoIP and IPTV and it’s shocking to see that while VoIP providers still in the kindergarden of telephony security, Voice providers are still in the kindergarden of the TV security. The cultures are so so so different!

It’s such a full potential for technology enhancements. Really a hot area to read about.

Anonymous March 16, 2007 12:24 AM

I have been using tringotel business line for the past few months. No major complaints about call quality.

Lots of great features and very easy to customize. But, there is no way to set up multiple voicemail boxes. This is unfortunate because I have a partner. You can use an answering machine with multiple boxes instead, but all of the great Voip voicemail features (including. .wav messages to email) are lost. Lingo and vonage might have the same weakness.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.