TDoS Attacks Used To Hold Emergency Phone Lines For Ransom

Just because an attack is bizarre doesn’t mean it isn’t dangerous. According to security researcher Brian Krebs (pictured), the FBI and Department of Homeland Security (DHS) posted a security bulletin concerning TDoS (telephony denial-of-service) attacks on PSAPs (public safety answering points).

“Information received from multiple jurisdictions indicates the possibility of attacks targeting the telephone systems of public sector entities. Dozens of such attacks have targeted the administrative PSAP lines (not the 911 emergency line),” reads the bulletin in part. “The perpetrators of the attack have launched high volume of calls against the target network, tying up the system from receiving legitimate calls.”

If you’re wondering, TDoS attacks are similar in essence to DDoS attacks in that they gum up the works, rendering a service unusable due to a high volume of “calls”.

On TDoS attacks (Source: SecureLogix)

The attacks being when an agency receives a call from a person with a “strong accent” demanding $5,000 in compensation from some employee who supposedly has an outstanding debt. When and if the extortion does not succeed, the perpetrator launches a TDoS attack. The caller reportedly changes the caller ID on every call and uses multiple providers, which makes them difficult to trace.

PSAPs aren’t the only organizations being targeted; the financial sector, ambulatory services, and hospitals have been attacked in the same way.

Attacks for kicks and to make a political or moral point have become nearly commonplace with hacker collectives like Anonymous, and although those groups often take things too far, this is beyond the pale. It takes a special type of scumbag to hold emergency communications for ransom; not only does that jeopardize people who need services, that kind of communication breakdown and resulting chaos can put responders and bystanders in harm’s way, as well.
Tags:  security, DDoS, DHS, Misc, TDoS, Krebs, PSAP