A combination of simple dictionary and brute-force attacks in combination with Google hacking enabled a criminal pair to break into VoIP-provider networks and steal $1 million worth of voice minutes, says one of the duo who has pleaded guilty to his crimes.

He designed software to generate 400 prefixes per second against the carrier gear, scanning all the combinations between 000 and 999 randomly to throw off intrusion-detection systems (IDS) that might pick up a sequential attack.

"Most of the telecom administrators were using the most basic password. They weren’t hardening their boxes at all."

He also wrote search strings that he fed into Google seeking exposed Web interfaces on devices, and that proved fruitful as well.