The Complex

Threat of the week: Hackers are targeting emergency call centers

By now, everyone is familiar with Distributed Denial of Service attacks -- the relatively primitive cyberattack that takes down a website by flooding it with visits. Well, there's a new denial of service trend that takes advantage of VoIP technology to target phone lines instead of websites.

Last month, the Department of Homeland Security and the FBI issued a confidential warning to first responders, warning that hackers may try to flood emergency call centers with phone calls, overwhelming them and preventing legitimate calls from getting through. Instead of a DDOS attack, it's called a Telephony Denial of Service (TDOS), attack.

Dozens of attacks in "multiple jurisdictions" have targeted these public safety lines -- which are not the same as 911 lines -- according to the DHS-FBI announcement, a copy of which was put online this week by cybersecurity researcher, Brian Krebs.

"These attacks are ongoing. Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications," reads the March 16 bulletin, which was for immediate dissemination to "public safety answering points and emergency communications centers and personnel." The FBI's Internet Crime Complaint Center issued a little-noticed warning about TDOS attacks in January.

The DHS-FBI announcement describes the wave of attacks as part of an extortion scheme whereby an individual -- who usually speaks with a thick accent -- calls an organization and asks to speak with a current or former employee and then demands collection of a $5,000 payday loan. When the victim tells the caller to get lost and hangs up, the attackers launch the TDOS attack using hacked VoIP automated dialing systems to flood the call center.

"The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time," reads the bulletin. "The attack can prevent both incoming and/or outgoing calls from being completed." The attacks can continue intermittently over weeks or even months.

TDOS attacks are meant to intimidate victims by flooding their employers with debilitating phone calls. Sometimes those employers happen to be emergency call centers. But the bulletin also says, "It is speculated that government offices/emergency services are being ‘targeted' because of the necessity of functional phone lines."

In another variant of this extortion scheme, perpetrators claim that an arrest warrant has been issued for the victim's failure to pay the loan. "In order to have the police actually respond to the victim's residence, the subject places repeated, harassing calls to the local police department while spoofing the victim's telephone number," the January notice said.

I'm no extortionist, but aren't there plenty of ways to shake someone down without bringing first responders into the mix? What could possibly go wrong for the criminals there?

Getty Images

National Security

Forget THAAD, check out this 1945 article talking about missile defense

This is interesting. It's an illustration from a 1945 Life magazine article all about what a nuclear war would look like (though it wasn't the cover story -- that space was reserved for a piece about women with "big belts"). This particular drawing shows that the U.S. has been thinking about how to shoot down missiles with radar-guided missiles for nearly 70 years now.

"The only defense now conceivable against a rocket, once it is in flight, is illustrated above," reads the article. "It is another rocket fired like an antiaircraft shell at a point where it will meet its enemy. Once it had been launched, such a rocket might detect the attacking machine with radar and make its own corrections."

Sound familiar? The U.S. just announced that it's positioning Aegis-radar-equipped, missile defense destroyers off the in the waters off the Korean Peninsula. Those ships are armed with SM-3 missiles that once airborne, receive constant data about the location of their target, an enemy missile (or satellite) from the ships' radars until they slam into their target with 30 megajoules of kinetic energy, or the "equivalent of a 10-ton truck travelling at 600 mph," as SM-3-maker Raytheon says.

The U.S. Army meanwhile is deploying Terminal High Altitude Area Defense (THAAD) missiles to Guam. Again, these are radar-guided missiles designed to take out ballistic missiles just as they are set to reenter the atmosphere on the final leg of their voyage.

Interestingly, the Life illustration shows just such a scene.

"The enemy rocket, coasting through space with its fuel exhausted, is beginning to fall toward the U.S. The defensive rocket, racing upward under full power, is incandescent from the friction of its short passage through the Earth's atmosphere. When the two projectiles collide, the atomic explosion will appear to observers on Earth as a bright new star."

(It’s important to note that modern ballistic missile defenses wouldn’t actually set off celestial nuclear explosions, pretty as they sound. Instead, the warhead would just break apart.)

Keep in mind that hitting a missile with another missile is extremely difficult, and as FP's Kevin Baron points out in Killer Apps sister blog, The E-Ring, THAAD has seen its share of teething problems.

Then-Army Air Force chief Gen. Hap Arnold, a man who would go on to become the first ever five-star general of the Air Force, told Life just how difficult shooting missiles down would be. 

"Although there now seem to be insurmountable difficulties in an active defense against future atomic projectiles similar to the German V-2 but armed with atomic explosives, this condition should only intensify our efforts to discover an effective means of defense," said the general.

Seventy years later and we're still trying to perfect such a defense.

Hat tip to Alex Wellerstein for posting the article over at Restricted Data.

Life Magazine