Indictments in the VOIP scam.

The DoJ has published the indictments in the VOIP scam reported recently. Pena Moore (via VOIPSEC)

The scam shows how bad security has a way of catching up with you eventually. The VOIP 'security' scheme relied on what was essentially a password to authenticate call connection requests.

The 'proprietary preffix' was too short to be an effective password. It is alleged that the perps brute forced the scheme trying six million prefixes before finding one that worked. This allowed them to place calls on the network for free. They then sold wholesale call connection services to other VOIP providers for a million dollars or so.