TDoS attacks target US emergency call centers

Filed Under: Denial of Service, Featured

Red telehone. Image from ShutterstockEmergency call centers in the US are suffering a rise in TDoS (telephony denial of service) attacks, according to an alert issued recently by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

According to the alert, reposted [PDF] on security journalist Brian Krebs's site, dozens of attacks have targeted PSAP administrative lines (not the 911 emergency line), tying up the system from receiving legitimate calls.

Air ambulance, ambulance and hospital communication lines have been targeted, in addition to various businesses and public entities, the alert goes on, including the financial sector.

The recent attacks are aimed at extortion. Here's how they work, according to DHS and the FBI:

  1. An individual calls, claiming to represent a payday loan collections company.
  2. The caller typically has a strong accent and asks to speak with a current or former employee about an outstanding debt.
  3. The caller demands payment of $5,000 because an employee (who no longer works for the company or never did) defaulted on a loan.
  4. When the target fails to cough up the money, the attacker launches a TDoS.
  5. The organization is then inundated with a continuous stream of calls for an unspecified but lengthy period of time.
  6. Phone service is disrupted, preventing incoming and/or outgoing calls.

Call center operators. Image from ShutterstockThe agencies are speculating that these businesses and emergency services in particular are being targeted because phone lines are crucial to their operations.

The current TDoS attacks are, at this point, skipping over emergency service 911 lines.

Emergency hotlines aren't always spared in TDoS attacks, of course.

UK police last year arrested two teenage boys following a series of prank calls and TDoS attacks launched against the Anti-Terrorist Hotline.

More recently, as CSO's Antone Gonsalves notes, last month, the Louisiana State Analytical and Fusion Exchange, a center for distributing information across law enforcement offices, reported a similar extortion scheme against two public sector entities, including a 911 call center.

The current attacks against US emergency services, which last for intermittent time periods over several hours, are creating a deluge of calls large enough to force roll-over to alternate facilities, the FBI and DHS reported.

The attacks are sporadically re-starting over weeks or months.

While these attacks are clearly profit-motivated, past TDoS attacks have been, apparently, pranks, albeit on the malicious side.

In 2008, it was the Gladys Porter Zoo in Houston, Texas that suffered a barrage of calls after cryptic SMS text message spam was sent to thousands of people, saying things like:

New text message. Image from Shutterstock

  • Call now someone is looking for you.
  • Call now and we will settle this.
  • Somebody talking down on you, look for them
  • Hey y is someone calln me and lookn for u n askn me where r u at n where u live heres tha # tell then to stop calln me

...and telling them to call the zoo's number. The phone-clogging continued on into May, when the zoo eventually threw in the towel and called in the FBI to help.

Dublin Zoo suffered a similar fate around the same time, with at least 5,000 people receiving SMS text message spam that prodded them to urgently ring the zoo's phone number and ask for a fictitious person (Rory Lion, Anna Conda, C Lion or G Raffe according to news reports such as this one from the Irish Independent).

Whether TDoS attacks are launched as pranks, as vendettas, or as extortion schemes, they serve to cripple their targets.

Zoos don't deserve that any more than ambulance services or the like.

The stakes, however, are potentially higher when you're talking about crippling life-saving businesses. Even if these attacks aren't targeting 911 emergency lines, they still reflect a blatant disregard for humanity.

Please, if you can help the DHS or FBI pull the plug on these malicious schemes, fill them in on the details of any attacks that have targeted your business, and encourage your peers to do the same.

The agencies have offered these recommendations for targeted organizations:

  • Don't pay the blackmail.
  • Report all attacks to the FBI by logging onto the website www.ic3.gov. Use the keyword "TDoS" in your report title. Identify your organizations as a public safety answering point (PSAP) or Public Safety organization.
  • List as many details as possible, including:
    • Calls logs from the “collection” call and TDoS
    • Time, date, originating phone number and traffic characteristics
    • Call-back number to the “collections” company or requesting organization
    • Method of payment and account number where the “collection” company requests the debt to be paid
    • Any information that you can obtain about the caller, or his/her organization
  • Contact your telephone service provider; they may be able to assist by blocking portions of the attack.


Red telephone, call center operators and text message images from Shutterstock

, , , , ,

You might like

3 Responses to TDoS attacks target US emergency call centers

  1. Phil · 568 days ago

    That explains an odd SMS I had yesterday, telling me to call a credit card company to activate a card for which I didn't apply.

    The number checked out, so I assumed someone had used my details; but the company had no record, and apparently don't send SMS messages anyway.

    I could see it was something nefarious, but not how it worked. No wonder they were experiencing "higher than average call numbers."

  2. **EJ** · 567 days ago

    We eventually will pay the piper for building all these wonderful technologies (VoIP) on protocols that aren't security conscious (IP). Looks like the bills are starting to roll in.

  3. Edilberto Durano · 566 days ago

    I hope they'll find a way to end this and imprisoned the criminals behind this scam.
    Ed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.