Forgot your password?
typodupeerror
Communications Security

Cyber Criminals Tying Up Emergency Phone Lines Through TDoS Attacks, DHS Warns 115

Posted by Soulskill
from the now-you're-just-being-jerks dept.
tsamsoniw writes "Emergency-service providers and other organizations are being targeted with TDoS (telephony denial of service) attacks, according to a security alert (PDF) from the Department of Homeland Security and the FBI, obtained by security expert Brian Krebs. TDoS attacks use high volumes of automated calls to tie up target phone systems, halting incoming and outgoing calls. Perpetrators are using the attacks to extort cash from target organizations, who receive a call from a representative from a purported payday loan company, who demands payment of $5,000 for an outstanding debt — usually speaking in an unspecified 'strong accent.'"
This discussion has been archived. No new comments can be posted.

Cyber Criminals Tying Up Emergency Phone Lines Through TDoS Attacks, DHS Warns

Comments Filter:
  • by flyingfsck (986395) on Wednesday April 03, 2013 @04:29AM (#43345919)
    I can think of various interesting ways to handle these idiots.
    • by Barryke (772876)

      This just like a telephony call after ransomware. Its hard to know their address, they usually are foreign and call via VOIP gateways.

      • by mwvdlee (775178) on Wednesday April 03, 2013 @05:03AM (#43346033) Homepage

        The money has to be deposited somewhere, and that somewhere may be traceable.
        I understand that is how scam-/spam-gangs are traced.

      • by zenopus (114516)
        You would think a carrier could easily block VOIP originating calls to emergency services.
        Unless that information is lost by the time the call arrives at the carrier.
        There has to be an originating caller id - as this is who is charged for the call,
        certainly if the destination is not an emergency services number.
        • by gmack (197796)

          The fundamental problem is that the phone system is notoriously insecure and trusts the sending provider to show accurate information. All you need to do to spoof the calling info? A digital line.. this means that any office with a T1 or better and a digital PBX can spoof calls and worse yet VOIP services often let the caller set that info as well.

          We all get to suffer because the telcos are too lazy to add egress filtering.

        • by cdrudge (68377)

          You would think a carrier could easily block VOIP originating calls to emergency services.

          How do you tell a legitimate emergency call from a VOIP customer from a malicious one also originating with VOIP?

      • by Krojack (575051)

        Yeah, my Asterisk boxes use to get slammed with brute force attempts left and right from foreign IP addresses, then I installed Fail2ban. Works wonders.

      • by icebike (68054)

        This just like a telephony call after ransomware. Its hard to know their address, they usually are foreign and call via VOIP gateways.

        Which suggests that this is but another ploy to induce knee-jerk regulation of the VOIP industry, with the ultimate goal of forcing everyone back to POTS. Geee, who would want to do that, you say? Other than your nanny state Federal Government, and several telephone companies I can't think of anyone.

        This is pretty much a non issue, because 911 calls in any area can instantly be re-routed to a different ACTUAL Phone number on the fly, a feature built into the 911 system to handle the possibility that the 9

    • It's a two stage ransom. The real one comes when my law firm sues idiots (on behalf of some client) for a lack of reaction, inadequate response, absence of redundancy, ....
    • There's nothing like a 19th-century fire brigade around anymore for these crooks, unfortunately.
  • by fantomas (94850) on Wednesday April 03, 2013 @04:39AM (#43345949)

    "unspecified strong accent"

    There must be a Monty Python reference here, because it sure ain't science....

    • by Anonymous Coward

      It is probably this one [youtube.com] you silly english kniggets.

  • by Anonymous Coward

    If they are caught, these people should be held financially and criminally responsible for any emergency call that fails to go through. If anyone dies, I would think they should be charged with manslaughter at the least, but given that they intentionally tied up phone lines for emergency calls I would go as far as to call it premeditated murder.

    • Throwing the book at them (preferably an authentic replica of the stone tablets that the 10 Commandments were written on) would be very satisfying, but arguing premeditation would be a challenge - there are definitely elements to the scam that suggest it could be made to stick, but the defence would also have plausible arguments.
      Manslaughter or culpable homicide would be easier to argue for, and given that you would almost certainly be looking at more than one death, the results should amount to a similar t

  • by anorlunda (311253) on Wednesday April 03, 2013 @06:42AM (#43346309) Homepage

    The security alert linked in the summary says that the attacks were on the administrative lines of the emergency services, not the 911 lines. The summary and the Slashdot headline are bogus.

    • Or, it might be deliberately spun that way to give people the impression that they are "putting the safety of the general public" at risk, which, I believe, is one of the unquestionable patriot-act definitions of terrorism?

    • by PPH (736903)

      That would be just great for the E911 system. Ask someone to enter a four digit code while they are being raped/stabbed/beaten to death.

  • I've read, heard about a lot of recent DoS attacks lately, from banks to power grids to government agencies and now to phone lines. I've seen my share of things that are systematically done to break something down, so I see all these attacks (some successful) as a strategic way for those who want to hurt us to prepare for the big hit. Just like corporations that are considered "Too Big to Fail", I think our US infrastructure has been built this way also. The more we interconnect to make things easier to

  • It may be Rachael from Card Services...

  • Somebody may not have thought their clever little plan through as completely as they might have liked. The police have guns. And a lot of friends with guns. And a solid organized network for both communicating among themselves and with other departments, through multiple channels. I don't see this ending in a big payday.

Algol-60 surely must be regarded as the most important programming language yet developed. -- T. Cheatham

Working...