DHS, FBI Warn of Denial-of-Service Attacks on Emergency Telephone Systems
Federal authorities have issued a warning to emergency services call centers to be wary of telephony denial-of-service (TDoS) attacks.
TDoS attacks attempt to flood telephone networks with calls to overwhelm them, much the same way attackers will route Internet traffic to overwhelm a computer network. In a security alert from the FBI and Department of Homeland Security (DHS) published by security blogger Brian Krebs, authorities warned of the possibility that such attacks could be launched against the public sector.
"Dozens of such attacks have targeted the administrative PSAP [public-safety answering point] lines (not the 911 emergency line)," according to the advisory. "The perpetrators of the attack have launched a high volume of calls against the target network, tying up the system from receiving legitimate calls. This type of attack is referred to as a TDoS or Telephony Denial-of-Service attack."
These attacks are ongoing, according to the alert.
"Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications," the advisory added.
TDoS attacks are not new. Last year, researchers at Arbor Networks noted they had discovered attackers advertising TDoS services online at prices ranging from $20 per day to $30 per hour.
"It's important to note that fundamentally a TDoS attack is no different than a DoS/DDoS [denial-of-service/distributed denial-of-service] attack," said Richard Henderson, security strategist at Fortinet. "Many companies and telecom providers were quick to embrace IP-based telephony; the ability to route telephone calls over the Internet instead of over the original POTS [plain old telephone service]-style system has led to all sorts of benefits: simple ways to connect geographically diverse offices to the same phone system, global relocation of call centers, improved call quality and reliability."
IP-based telephony makes it easier for companies to locate a call center overseas while making a call appear to have come from a domestic number, but that same capability to spoof Caller ID can be used for nefarious purposes as well, he said.
"Want to make a phone call that appears to come from Jenny 867-5309? No problem. Basic features of an IP telephony system allow this," he said. "This feature has been used and abused many times, from illegitimately accessing Caller ID-based voice mail to making prank calls to something as extreme as calling 911 and sending the police to someone's house."
According to the advisory, the recent TDoS attacks are part of an extortion scheme that begins with a phone call from an individual who claims to represent a collections company for payday loans. The caller typically asks to speak with a current or former employee regarding an unpaid debt, and demands the victim cough up $5,000.
"Failing to get payment from an individual or organization, the perpetrator launches a TDoS attack," according to the advisory. "The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy, period of time. The attack can prevent both incoming and/or outgoing calls from being completed. It is speculated that government offices/emergency services are being "targeted" because of the necessity of functional phone lines."
Authorities urge people who experience an attack to contact the FBI at the Internet Crime Complaint Center and provide any details they have about the call.