One Million Dollars Earned (and lost) through VoIP Hacking

Updated: January 07, 2011

Edwin Andrew Pena has pleaded guilty to a hacking scam that profited him $1 million by selling over 10 million minutes of VoIP calls to consumers and businesses that he delivered by piggybacking off third-party resources. The original scam took place more than four years ago but Pena was only brought to trial last year.

Pena and his cohort, Robert Moore, routed the calls over the networks of telecommunications providers, using brute-force attacks to deduce the security telephone prefixes needed to gain access to the networks. They rerouted the attacks through the computers of third parties to avoid attracting attention. These vulnerable computers were identified using over six million scans from a single AT&T broadband connection over a period of five months, according to the prosecutors. The hackers were ultimately able to sell calls for rates as low as four-tenths of a cent per minute.

Pena made away with a profit of over a million; Moore was paid $20,000 for his services and was sentenced to a two-year prison term. Moore, originally sentenced with conspiracy to commit computer fraud, has completed his term and was released last year. Pena, however, was only apprehended last year in Mexico and faces a maximum of 25 years in federal prison and fines of at least $50,000. He has been charged with wire fraud and conspiracy to commit wire fraud and unauthorized access to a protected computer.