The March 19th edition of NewsWeek has an article about cyber thieves stealing VoIP minutes by hacking into VoIP providersâ€™ gateways. Itâ€™s the first time Iâ€™ve actually seen real numbers applied to VoIP theft:
‘These thieves steal 200 million minutes a month, worth $26 million, says New York telecom Stealth Communications. With more than 5,000 wholesale-minutes markets worldwide, located mainly on Internet forums, fraud is hard to track. Emmanuel Gadaix, head of TSTF, a Hong Kong firm that investigates VoIP thefts, says it’s “very easy to set up a temporary link” through a hacked gateway. His company was recently hired by a Panamanian telecom that lost $110,000 to phreakers. TSTF followed tracks, in vain, that snaked through Bulgaria, Canada, Costa Rica, Hong Kong and the United States. Phreaker trails are “way too complicated” to track successfully, says Gadaix.’
This brings up memories of the Edwin Pena case, in which he was able to rake in over $1 million USD in profits from stealing and reselling VoIP minutes from several providers.
Does anyone know for sure how these VoIP provider gateways are being broken into? Default passwords? Well known vulnerabilities in the operating system? Stolen access codes?