DDoS 'Cousin' Targets Emergency Call Centers

DHS, FBI Issue an Alert on Telephony-Denial-of-Service Attacks
DDoS 'Cousin' Targets Emergency Call Centers

Extortionists employing telephony-denial-of-service attacks - a first cousin of DDoS attacks - are targeting emergency communications centers that dispatch first responders.

See Also: Key Cybercrime Trends in 2016

According to an alert issued by the U.S. Department of Homeland Security and the FBI, dozens of TDoS attacks have taken aim at the communications centers known as public safety answering points. The targets are administrative, not 911, telephone lines.

"The perpetrators of the attack have launched a high volume of calls against the target network, tying up the system from receiving legitimate calls," says the government alert, which was obtained by security blogger Brian Krebs and posted on his website. "These attacks are ongoing. Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications."

Following the DDoS Path

Like distributed-denial-of-service attacks that can knock websites offline by being flooded by access requests, TDoS attacks follow a similar path. When unauthorized users deluge the call center lines with too many requests, it thwarts legitimate callers from accessing the system.

DHS spokesperson S.Y. Lee says the department won't comment on specifics about the attacks, but offered the following statement:

"The Department of Homeland Security works with owners and operators of critical infrastructure, including Public Safety Answering Points, to support preparedness through risk assessment, mitigation and incident response capabilities. DHS - through the National Cybersecurity and Communications Integration Center, a 24x7 cyber monitoring, incident response and management center - is working with our federal and private-sector partners to develop effective mitigation and security responses."

The Tale Behind the Scheme

How does this scheme against the emergency call centers work? The government says it starts with a phone call to an organization from an individual claiming to represent a collections company for payday loans. The caller usually has a strong accent of some sort and asks to speak with a current or former employee concerning an outstanding debt.

"Failing to get payment from an individual or organization, the perpetrator launches a TDoS attack," the alert says. "The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time. The attack can prevent both incoming and/or outgoing calls from being completed. It is speculated that government offices/emergency services are being targeted because of the necessity of functional phone lines."

According to the alert, the attacks resulted in enough volume to cause a rollover to the alternate facility. The attacks last for intermittent time periods over several hours. They may stop for several hours, then resume. Once attacked, the attacks can start randomly over weeks or months. The extortionist demands payment of $5,000.

Seeking Victims' Insight

Federal investigators say they're seeking victims who can provide new insight into the scope and impact of the event. Knowing how many communications centers have been attacked is critical to identifying the true scope of this occurrence, authorities say.

"In order to ensure situational awareness with our members and member agencies, it is critical that this information be disseminated to emergency communications centers, PSAPs, government IT departments and any related government agency with a vested interest in emergency communications continuity of operations," the alert says.

Authorities advise that no blackmail should be paid and victims report the extortion attempt to the FBI through www.ic3.gov, the website of the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.

Mainstream Tool

A report issued last month by SecureLogix, a provider of telephony management systems, says automated telephone-denial-of-service attacks are trending up. "Very few organizations realize they are victims," the SecureLogix report says. "Perpetrators target financial portions of victim companies and high-volume contact centers."

Although not necessarily the attacks targeting emergency call centers, the SecureLogix report says TDoS has been adopted as a mainstream tool for organized dissent with its legality and ease of mass-organization through social networking. "It has severe impact due to the density of calls and the ability of human callers to engage target staff for extended periods of time," the report says, "but is also a threat which can be detected and mitigated with real-time detection technologies and voice-intrusion prevention."

About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network