« Show #31 will be delayed until Monday | Main | Blue Box #32: ENUM Tutorial, VoIP security news, listener comments and more »

June 26, 2006


Dan, Jonathan,

First of all, let me say that I very much enjoy your podcasts. It's good to get a regular summary of what's been going on in the world of VoIP security.

Now, I have more info for you on Edwin Pena's alleged VoIP fraud, that I got from a guy in Houston whose company was scammed.

In his case, the protocol was H.323 and not SIP. He tells me that his VoIP-PSTN gateway was expertly hacked, apparently using a supervisory account, and its configuration was altered. To verify that the hack worked, test calls were made to a cellphone in New Jersey, according to logs in the equipment, which also revealed that they were made from locations in Brazil.

Once it was verified that the calls got through, traffic was directed to the hacked gateway from (presumably) an H.323 gatekeeper, apparently located at the NAP of the Americas in Miami.

The fraud was discovered by the unusual traffic patterns that resulted, when all the circuits on the gateway became busy. The destination of most of the calls was Jamaica, with origins in the UK, Australia and the US.

Once alerted to the fraud, the aggrieved business owner did some investigation, and traced the cellphone to Fortes Telecom in New York.

What surprised me about this story is that it doesn't involve hacked networks at New York hedge funds, decoy servers at hosting companies, nor brute force attacks to discover account prefixes, as laid out in the criminal complaints against Edwin Pena and Robert Moore. It seems as though a variety of attacks were made, not all of which were described by the US Attorney's office.

Nevetheless, it does stress the need for adequate perimeter security around VoIP softswitches and gateways, a case I think the proponents of session border controllers have made fairly convincingly on the VOIPSEC list recently.


Rob Welbourn

The comments to this entry are closed.

The Obligatory Photo

Contact Information

Full Disclosure

  • Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Promote Blue Box!

  • Add this graphic to your site!