The first individual ever charged with hacking into the networks of Voice Over Internet Protocol (VOIP) providers and reselling hacked VOIP services for a profit pleaded guilty yesterday, U.S. Attorney Paul J. Fishman, announced.
Edwin Pena, 27, a Venezuelan citizen, pleaded guilty before U.S. District Judge Susan D. Wigenton to one count of conspiracy to commit computer hacking and wire fraud, and one count of wire fraud. Judge Wigenton continued Pena’s detention without bond pending his sentencing, which is scheduled for May 14.
Pena was returned to the United States from Mexico following a three-year manhunt which lead authorities to South America. Pena was eventually arrested in Mexico on Feb. 6, 2009. Pena was arrested in Florida on June 7, 2006, on a criminal Complaint that was filed in the District of New Jersey a day earlier. Pena appeared in federal court in New Jersey on June 29, 2006, and subsequently fled the country to avoid prosecution after being released on bail.
In February 2009, Pena was indicted for conspiracy to secretly hack into the computer networks of unsuspecting VOIP phone service providers; conspiracy to commit wire fraud by transmitting telephone calls over the victims’ networks; and individual hacking and wire fraud counts.
At his plea hearing, Pena, who purported to be a legitimate wholesaler of these Internet-based phone services, admitted that he sold discounted service plans to his unsuspecting customers. Pena admitted that he was able to offer such low prices because he would secretly hack into the computer networks of unsuspecting VOIP providers, including one Newark-based company, to route his customers’ calls.
Through this scheme, Pena is alleged to have sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates, causing a loss of more than $1.4 million in less than a year. The victimized Newark-based company, which transmits VOIP services for other telecom businesses, was billed for more than 500,000 unauthorized telephone calls routed through its calling network that were “sold” to the defendant’s unwitting customers at those deeply discounted rates.
Pena admitted that he enlisted the help of others, including a professional “hacker” in Spokane, Washington. The hacker, Robert Moore, 24, pleaded guilty before Judge Wigenton in March 2007 to federal hacking charges for assisting Pena in his scheme. Judge Wigenton sentenced Moore to 24 months in prison on July 24, 2007. At his plea hearing, Moore admitted to conspiring with Pena and to performing an exhaustive scan of computer networks of unsuspecting companies and other entities in the United States and around the world,
searching for vulnerable ports to infiltrate their computer networks to use them to route calls.
Pena admitted that rather than purchase VOIP telephone routes for resale, Pena – unbeknownst to his customers – created what amounted to “free” routes by surreptitiously hacking into the computer networks of unwitting, legitimate VOIP telephone service providers and routing his customers’ calls in such a way as to avoid detection.
After receiving information from Moore, Pena reprogrammed the vulnerable computer networks to accept VOIP telephone call traffic. He then routed the VOIP calls of his customers over those networks. In this way, Pena made it appear to the VOIP telephone service providers that the calls were coming from a third party’s network.
By sending calls to the VOIP telephone service providers through the unsuspecting third parties’ networks, the VOIP telephone service providers were unable to identify the true sender of the calls for billing purposes. Consequently, individual VOIP Telecom providers incurred aggregate routing costs of up to approximately $300,000 per provider, without being able to identify and bill Pena.
According to the Complaint, in order to hide the huge profits from his hacking scheme, Pena purchased real estate, new cars, and a 40-foot motor boat, and put all of that property except for one car in the name of another individual identified in the Complaint as “A.G.”
The conspiracy charge carries a maximum statutory penalty of 5 years in prison and a fine of $250,000. Wire fraud carries a maximum penalty of 20 years in prison and a $250,000 fine.
Source: U.S. Attorney’s Office