Interview With A Convicted Hacker: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services

Convicted hacker Robert Moore, who is set to go to federal prison this
week, says breaking into 15 telecommunications companies and hundreds
of businesses worldwide was incredibly easy because simple IT mistakes
left gaping technical holes.

Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to
commit computer fraud and is slated to begin his two-year sentence on
Thursday for his part in a scheme to steal voice over IP services
and sell them through a separate company. While prosecutors call
co-conspirator Edwin Pena the mastermind of the operation, Moore acted
as the hacker, admittedly scanning and breaking into telecom companies
and other corporations around the world.

“It's so easy. It's so easy a caveman can do it,” Moore told InformationWeek, laughing. “When you've got that many computers at your fingertips, you'd be surprised how many are insecure.”

Ha… these Cavemen folks are getting a bad rap these days.

Moore said what made the hacking job so easy was that 70% of all the
companies he scanned were insecure, and 45% to 50% of VoIP providers
were insecure. The biggest insecurity? Default passwords.

“I'd say 85% of them were misconfigured routers. They had the default
passwords on them,” said Moore. “You would not believe the number of
routers that had 'admin' or 'Cisco0' as passwords on them. We could get
full access to a Cisco box with enabled access so you can do whatever you want to the box. …
We also targeted Mera, a Web-based switch. It turns any computer
basically into a switch so you could do the calls through it. We found
the default password for it. We would take that and I'd write a scanner
for Mera boxes and we'd run the password against it to try to log in,
and basically we could get in almost every time. Then we'd have all
sorts of information, basically the whole database, right at our

Yup, I agree.  A caveman could do that. Read the full article at Information Week.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s