Through his scheme, defendant Edwin Andres Pena, is alleged to have sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates. The victimized Newark-based company, which transmits VOIP services for other telecom businesses, was billed for more than 500,000 unauthorized telephone calls routed through its calling network that were "sold" to the defendant's unwitting customers at those deeply discounted rates, according to a criminal Complaint unsealed with Pena's arrest.
Pena was arrested early this morning by Special Agents of the FBI at one of his residences in Miami, Florida. He is expected to make an initial appearance sometime today before a U.S. Magistrate Judge in federal court in Miami.
As a result of not having to pay the Newark-based company or other actual VOIP providers, revenues for Pena's telecom companies - Fortes Telecom, Inc. and Miami Tech & Consulting, Inc. - were virtually all profit. The Complaint states that law enforcement was able to identify more than $1 million he received from his telecom business customers that were directed into various bank accounts connected to Pena.
To disguise the money obtained from the hacking scheme, Pena purchased real estate, new cars, and a 40-foot motor boat, and put all of that property except for one car in the name of another individual identified in the complaint only as A.G.
The criminal Complaint charges only Pena. The investigation continues as to other co-conspirators.
"Emerging technologies and the Internet represent a sea of opportunity for business but also for sophisticated criminals," said Christie. "The challenge, which we and the FBI continue to meet with investigations and prosecutions like this one, is to stay ahead of the cyber-criminal and protect legitimate commerce."
"The 21st century has brought with it new domains and theaters of operation for cyber-criminals," said Newark FBI Special Agent in Charge Leslie G. Wiser, Jr. "These modern day cyber-thieves had hoped to escape detection. They had hoped they had engineered a brilliant 'toll free' calling network for themselves. They hoped wrong. The bill is in the mail and payment is now due."
The two-count Complaint charges wire fraud and a computer hacking violation, and covers conduct occurring between about November 2004 and about May 2006. Rather than purchase VOIP telephone routes for resale, Pena - unbeknownst to his customers - created what amounted to "free" routes by surreptitiously hacking into the computer networks of unwitting, legitimate VOIP telephone service providers and routing his customers' calls in such a way as to avoid detection.
To avoid detection when establishing the "free" calling routes, Pena recruited at least one professional computer hacker in Spokane who performed an exhaustive scan of computer networks of unsuspecting companies and other entities in the U.S. and around the globe, searching for vulnerable ports to infiltrate their computer networks. According to records obtained from AT&T, between about June 2005 and about October 2005, for example, more than 6 million scans were initiated by the Spokane hacker in search of vulnerable network ports. During the same period, AT&T records reveal only two other users with a greater number of scans on its entire global network.
After receiving information from the Spokane hacker, Pena reprogrammed the vulnerable computer networks to accept VOIP telephone call traffic. He then routed the VOIP calls of his customers over those networks. In this way, Pena made it appear to the VOIP telephone service providers that the calls were coming from a third party's network.
Through a practice known as a "Brute Force" attack, Pena and others working with him acquired the proprietary codes established by VOIP telecom providers to identify and accept authorized calls entering their networks for routing, according to the Complaint. The codes, known as "prefixes," are part of the call data that must be transmitted with each VOIP telephone call.
Pena allegedly executed a "Brute Force" attack by flooding VOIP telecom providers with a multitude of test calls, each carrying a different prefix. The "Brute Force" attack progressed by continuously cycling through a volume of possible prefixes until a proprietary prefix match was identified and a test call sent by Pena succeeded in penetrating the corresponding network, according to the Complaint.
Having penetrated the networks of VOIP telephone service providers, Pena programmed the third party's computer networks to use the illegally obtained proprietary prefix to route calls of customers of his companies.
By sending calls to the VOIP telephone service providers through the unsuspecting third party's networks, the VOIP telephone service providers were unable to identify the true sender of the calls for billing purposes. Consequently, individual VOIP Telecom Providers incurred aggregate routing costs of up to approximately $300,000 per provider, without being able to identify and bill Pena.
A criminal Complaint is merely an accusation, and all defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt.
Wire fraud carries a maximum penalty of 20 years in prison and a $250,000 fine. The computer hacking violation - fraud and related activity in connection with computers - carries a maximum penalty of five years in prison and a fine of $250,000.
Christie credited the Special Agents of the FBI, under the direction of Special Agent in Charge Leslie G. Wiser, Jr., with the investigation leading to Pena's arrest.
The case is being prosecuted by Assistant U.S. Attorneys Erez Liebermann and Marc Ferzan in the U.S. Attorney's Office Computer Hacking and Intellectual Property group, within the Commercial Crimes Unit
