Two Men Charged With Hacking Into VoIP Networks, Selling Long-Distance Time

A Miami businessman helped by a professional hacker penetrated the networks of Internet phone providers to connect hundreds of thousands of free calls, federal prosecutors alleged Wednesday.

After obtaining free access to the networks, Edwin Andres Pena charged customers more than $1 million to route calls for them, according to FBI complaints made public with Pena's arrest in Florida.

Pena paid $20,000 to hacker Robert Moore, of Spokane, Wash., according to court papers.

• Click here to visit's Cybersecurity Center.

Pena, 23, who had a court appearance Wednesday in Miami, could not be reached for comment. Moore, 22, was to surrender to federal agents in Spokane. A message left at his address was not immediately returned. The names of their lawyers were not yet known.

At least 15 Internet phone companies were victimized, with one suffering as much as $300,000 in lost fees, prosecutors said.

Pena allegedly was able to secretly route 500,000 calls through a Newark-based provider identified in the complaint as "N.T.P.," which appears to be Net2Phone.

Messages seeking comment from the company, and its corporate parent, IDT Corp. (IDT), were not immediately returned Wednesday.

Authorities said that to hide profits from his scheme, which ran from November 2004 to May 2006, Pena bought real estate, three luxury vehicles and a 40-foot motorboat. On Wednesday, federal agents seized one of the cars, a customized 2004 BMW M3.

Pena operated two telecommunications companies, Fortes Telecom Inc. and Miami Tech & Consulting Inc., according to federal prosecutors.

The companies, acting as wholesalers, sold more than 10 million minutes of Internet telephone service for as little as 0.4 cents a minute.

Instead of sending calls over legitimate routes that Pena would have to pay for, Pena "created what amounted to 'free' routes by surreptitiously hacking into the computer networks of unwitting" Internet phone providers, the FBI complaint stated.

That was accomplished after the hacker located vulnerable computer ports at unsuspecting non-phone companies around the world, the complaint said. Pena then programmed those networks to accept Internet phone traffic, prosecutors said.

The next step was ensuring that the Internet phone providers would accept the calls being secretly routed through the unwitting intermediary companies, the complaint said.

To accomplish that, the scheme used "brute force" attacks to identify the codes used by the providers to determine whether a call is authorized for their networks, the complaint said.

Such attacks flooded the providers with test calls to see which codes were accepted.

Pena was charged with wire fraud, which carries up to 20 years in prison and a $250,000 fine, and computer hacking, which carries up to five years and a $250,000 fine.

Moore faces a conspiracy charge, which could bring five years in prison and a $250,000 fine.