By now, everyone is familiar with Distributed Denial of
Service attacks -- the relatively primitive cyberattack that takes down a
website by flooding it with visits. Well, there's a new denial of service trend
that takes advantage of VoIP technology
to target phone lines instead of websites.
Last month, the Department of Homeland Security and the FBI
issued a confidential
warning to first responders, warning that hackers may try to flood
emergency call centers with phone calls, overwhelming them and preventing
legitimate calls from getting through. Instead of a DDOS attack, it's called a
Telephony Denial of Service (TDOS), attack.
Dozens of attacks in "multiple jurisdictions" have targeted
these public safety lines -- which are not the same as 911 lines -- according
to the DHS-FBI announcement, a copy of which was put online this week by
cybersecurity researcher, Brian
"These attacks are ongoing. Many similar attacks have
occurred targeting various businesses and public entities, including the financial
sector and other public emergency operations interests, including air
ambulance, ambulance and hospital communications," reads the March 16
bulletin, which was for immediate dissemination to "public
safety answering points and emergency communications centers
and personnel." The FBI's Internet Crime Complaint Center issued a
about TDOS attacks in January.
The DHS-FBI announcement describes the wave of attacks as
part of an extortion scheme whereby an individual -- who usually speaks with a
thick accent -- calls an organization and asks to speak with a current or
former employee and then demands collection of a $5,000 payday loan. When the
victim tells the caller to get lost and hangs up, the attackers launch the TDOS
attack using hacked VoIP
automated dialing systems to flood the call center.
"The organization will be inundated with a continuous stream
of calls for an unspecified, but lengthy period of time," reads the bulletin.
"The attack can prevent both incoming and/or outgoing calls from being
completed." The attacks can continue intermittently over weeks or even months.
attacks are meant to intimidate victims by flooding their employers with
debilitating phone calls. Sometimes those employers happen to be emergency call
centers. But the bulletin also says, "It is speculated that government
offices/emergency services are being ‘targeted' because of the necessity of
functional phone lines."
variant of this extortion scheme, perpetrators claim that an arrest warrant has been issued for the victim's
failure to pay the loan. "In order to have the police actually respond to
the victim's residence, the subject places repeated, harassing calls to the
local police department while spoofing the victim's telephone number," the
January notice said.
I'm no extortionist, but aren't there plenty of ways to shake
someone down without bringing first responders into the mix? What could
possibly go wrong for the criminals there?