Sophos Cloud Optix
Emergency call centers in the US are suffering a rise in TDoS (telephony denial of service) attacks, according to an alert issued recently by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).
According to the alert, reposted [PDF] on security journalist Brian Krebs’s site, dozens of attacks have targeted PSAP administrative lines (not the 911 emergency line), tying up the system from receiving legitimate calls.
Air ambulance, ambulance and hospital communication lines have been targeted, in addition to various businesses and public entities, the alert goes on, including the financial sector.
The recent attacks are aimed at extortion. Here’s how they work, according to DHS and the FBI:
- An individual calls, claiming to represent a payday loan collections company.
- The caller typically has a strong accent and asks to speak with a current or former employee about an outstanding debt.
- The caller demands payment of $5,000 because an employee (who no longer works for the company or never did) defaulted on a loan.
- When the target fails to cough up the money, the attacker launches a TDoS.
- The organization is then inundated with a continuous stream of calls for an unspecified but lengthy period of time.
- Phone service is disrupted, preventing incoming and/or outgoing calls.
The agencies are speculating that these businesses and emergency services in particular are being targeted because phone lines are crucial to their operations.
The current TDoS attacks are, at this point, skipping over emergency service 911 lines.
Emergency hotlines aren’t always spared in TDoS attacks, of course.
UK police last year arrested two teenage boys following a series of prank calls and TDoS attacks launched against the Anti-Terrorist Hotline.
More recently, as CSO’s Antone Gonsalves notes, last month, the Louisiana State Analytical and Fusion Exchange, a center for distributing information across law enforcement offices, reported a similar extortion scheme against two public sector entities, including a 911 call center.
The current attacks against US emergency services, which last for intermittent time periods over several hours, are creating a deluge of calls large enough to force roll-over to alternate facilities, the FBI and DHS reported.
The attacks are sporadically re-starting over weeks or months.
While these attacks are clearly profit-motivated, past TDoS attacks have been, apparently, pranks, albeit on the malicious side.
In 2008, it was the Gladys Porter Zoo in Houston, Texas that suffered a barrage of calls after cryptic SMS text message spam was sent to thousands of people, saying things like:
- Call now someone is looking for you.
- Call now and we will settle this.
- Somebody talking down on you, look for them
- Hey y is someone calln me and lookn for u n askn me where r u at n where u live heres tha # tell then to stop calln me
…and telling them to call the zoo’s number. The phone-clogging continued on into May, when the zoo eventually threw in the towel and called in the FBI to help.
Dublin Zoo suffered a similar fate around the same time, with at least 5,000 people receiving SMS text message spam that prodded them to urgently ring the zoo’s phone number and ask for a fictitious person (Rory Lion, Anna Conda, C Lion or G Raffe according to news reports such as this one from the Irish Independent).
Whether TDoS attacks are launched as pranks, as vendettas, or as extortion schemes, they serve to cripple their targets.
Zoos don’t deserve that any more than ambulance services or the like.
The stakes, however, are potentially higher when you’re talking about crippling life-saving businesses. Even if these attacks aren’t targeting 911 emergency lines, they still reflect a blatant disregard for humanity.
Please, if you can help the DHS or FBI pull the plug on these malicious schemes, fill them in on the details of any attacks that have targeted your business, and encourage your peers to do the same.
The agencies have offered these recommendations for targeted organizations:
- Don’t pay the blackmail.
- Report all attacks to the FBI by logging onto the website www.ic3.gov. Use the keyword “TDoS” in your report title. Identify your organizations as a public safety answering point (PSAP) or Public Safety organization.
- List as many details as possible, including:
- Calls logs from the “collection” call and TDoS
- Time, date, originating phone number and traffic characteristics
- Call-back number to the “collections” company or requesting organization
- Method of payment and account number where the “collection” company requests the debt to be paid
- Any information that you can obtain about the caller, or his/her organization
Red telephone, call center operators and text message images from Shutterstock
That explains an odd SMS I had yesterday, telling me to call a credit card company to activate a card for which I didn't apply.
The number checked out, so I assumed someone had used my details; but the company had no record, and apparently don't send SMS messages anyway.
I could see it was something nefarious, but not how it worked. No wonder they were experiencing "higher than average call numbers."
We eventually will pay the piper for building all these wonderful technologies (VoIP) on protocols that aren't security conscious (IP). Looks like the bills are starting to roll in.
I hope they'll find a way to end this and imprisoned the criminals behind this scam.
Ed