Telephony Denial-of-Service Attacks Prompt Federal Attention

The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.

TDoSThe call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.

The DHS and FBI issued a “situational awareness bulletin” in response to a series of attacks targeting the telephone lines of administrative public safety answering points (PSAPs), the call centers responsible for fielding emergency calls for police, ambulance, fire and other emergency services. The alert is addressed to PSAP and emergency communications center personnel. It also notes that criminals have launched similar attacks “targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications.”

According to the bulletin there has not yet been a successful attack affecting emergency 911 lines.

The report explains that the TDoS attacks highlighted in the memo are part of an extortion scheme in which attackers impersonate a collections agency representative collecting an outstanding (and fictional) payday loan debt worth $5,000. The callers, according to the bulletin, have strong accents and ask to speak with current and former employees regarding the alleged debt. Once it is clear that the target of the coercion attempt is not going to pay the fee, the attacker launches the TDoS attack that, if successful, inundates the call-center with call traffic and ultimately overwhelms it, potentially making it impossible to complete ingoing and outgoing calls.

The alert does not provide technological details explaining how these types of attacks work.

Krebs said that TDoS attacks are difficult to detect and mitigate because attackers often change their caller identification from call to call, making the malicious phone traffic seem legitimate.

TDoS attacks are not a new phenomenon; Arbor Network started noticing an increase in attacks targeting telephony system infrastructure and released a report detailing the use of TDoS attacks as part of larger attack campaigns in July 2012. They claimed that the method is a relatively cheap option for cybercriminals looking into diversifying their attack vectors.

Suggested articles