Internet crooks are learning ways to make dough breaking voice over IP.
An owner of two small Miami voice-over-IP telephone companies was arrested last week and charged with making more than $1 million by breaking into third-party VoIP services and routing calls through their lines. That let him collect from customers without paying any fees to route calls.
Hacking's become a decidedly for-profit crime, with rogues intent on theft rather than disruption. Voice over IP hasn't been a big target, but only because the bad guys haven't figured out how to make money by breaking in.
In that sense, Edwin Pena's a pioneer, if federal prosecutors' allegations are true. They claim he paid $20,000 to Spokane, Wash., resident Robert Moore, to help send VoIP telecom companies millions of test calls, guessing at proprietary prefixes encoded on packet headers. Eventually, the right one gave them access. The two also are accused of hacking into computers at a New York investment company to set up servers to make it look like calls came from third parties.
Other businesses also have reason for concern. Once crooks can spoof a VoIP call--pretend to be a call they're not--they could, say, spoof call-forwarding features to route calls to themselves, and then pretend to be a help line to collect credit card numbers or passwords. "Just like data can be rerouted without authorization, VoIP can be rerouted without authorization," warns Mark Rasch, senior VP of Solutionary.
VoIP is a wilderness for cybercrooks today. But where the pioneers venture, many soon follow.