- By John Reed
John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.
By now, everyone is familiar with Distributed Denial of Service attacks — the relatively primitive cyberattack that takes down a website by flooding it with visits. Well, there’s a new denial of service trend that takes advantage of VoIP technology to target phone lines instead of websites.
Last month, the Department of Homeland Security and the FBI issued a confidential warning to first responders, warning that hackers may try to flood emergency call centers with phone calls, overwhelming them and preventing legitimate calls from getting through. Instead of a DDOS attack, it’s called a Telephony Denial of Service (TDOS), attack.
Dozens of attacks in "multiple jurisdictions" have targeted these public safety lines — which are not the same as 911 lines — according to the DHS-FBI announcement, a copy of which was put online this week by cybersecurity researcher, Brian Krebs.
"These attacks are ongoing. Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications," reads the March 16 bulletin, which was for immediate dissemination to "public safety answering points and emergency communications centers and personnel." The FBI’s Internet Crime Complaint Center issued a little-noticed warning about TDOS attacks in January.
The DHS-FBI announcement describes the wave of attacks as part of an extortion scheme whereby an individual — who usually speaks with a thick accent — calls an organization and asks to speak with a current or former employee and then demands collection of a $5,000 payday loan. When the victim tells the caller to get lost and hangs up, the attackers launch the TDOS attack using hacked VoIP automated dialing systems to flood the call center.
"The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time," reads the bulletin. "The attack can prevent both incoming and/or outgoing calls from being completed." The attacks can continue intermittently over weeks or even months.
TDOS attacks are meant to intimidate victims by flooding their employers with debilitating phone calls. Sometimes those employers happen to be emergency call centers. But the bulletin also says, "It is speculated that government offices/emergency services are being ‘targeted’ because of the necessity of functional phone lines."
In another variant of this extortion scheme, perpetrators claim that an arrest warrant has been issued for the victim’s failure to pay the loan. "In order to have the police actually respond to the victim’s residence, the subject places repeated, harassing calls to the local police department while spoofing the victim’s telephone number," the January notice said.
I’m no extortionist, but aren’t there plenty of ways to shake someone down without bringing first responders into the mix? What could possibly go wrong for the criminals there?