Phone-DOS attacks in extortion scam target gov offices
The Homeland Security Department has alerted government emergency communications centers of a rash of attacks flooding Public Safety Answering Points, ambulance services and other critical phone systems with calls in a scheme to extort money.
In an notice sent out in March, DHS said there have been about 600 of these telephony denial of service attacks, as many as 200 of them targeting government public safety offices. “It is speculated that government offices/emergency services are being targeted because of the necessity of functional phone lines,” the alert says.
So far, the attacks against PSAPs have been on administrative lines and not 911 emergency lines.
DHS is working with the FBI National Cyber Investigative Joint Task Force to investigate the incidents and is soliciting call logs and any other information about these attacks from offices that are hit.
David Kahn, CEO of command and control systems vendor Covia Labs, said the attacks appear to come from Asterisk PBXs that have been reprogrammed to make floods of calls against targeted numbers.
“It’s quite easy to do,” he said. Asterisk is an open-source software private branch exchange that runs on a variety of operating systems. A denial of service attack against a phone line does not rely on consuming system bandwidth like a conventional IT attack, he said. “It’s a human bandwidth issue,” and it is not hard to generate enough calls to tie up a line and block legitimate incoming and outgoing calls.
Although many PSAPs have been reluctant to link their traditional voice-based telephone systems with the Internet because of security concerns, “our telephone system is actually easier to attack than an IT system,” Kahn said. “We don’t have a defense. The main thing you can do is move your number,” which is simple to do technically but can be impractical if people need to know the number.
DHS said the attacks start with a phone call to the target number from someone — usually with a heavy accent — allegedly trying to collect a past due debt from an employee. This is followed by intermittent floods of calls that can last for hours and recur over a period of days or weeks. The attacks are followed by another call — with the same accent — demanding payment of $5,000.
“The attacks resulted in enough volume to cause a roll over to the alternate facility” in some cases, DHS said.
Victims are being asked to report any such incidents to the FBI through the website at www.ic3.gov, using the word TDoS in the title of the report and include as much detail as possible.
William Jackson is freelance writer and the author of the CyberEye blog.