Answering the call for solutions to 911 TDoS attacks
- By Karen Epper Hoffman
- Sep 13, 2016
Industry observers are still dialing for dollars when it comes to ideas for how to mitigate the risk, or even the impact, of a potential telephony denial-of-service (TDoS) attack on the 911 emergency services system.
The nation’s roughly 7,000 emergency services call centers are not only widely distributed across the vast United States, and varying in their technological sophistication and size, but many are already stretched to breaking under the weight of their normal, legitimate call volume, according to Mordechai Guri, head of research and development at Ben-Gurion University’s Cyber Security Center. Across the country, people make more than 240 million 911 calls every year to emergency call centers. And seven out of 10 of those calls originate from mobile phones, which can be hijacked for a TDoS attack.
Indeed, the release of news about potential TDoS attacks is not nearly the first time 911 emergency services have been under fire. “When we’ve seen real life attacks against emergency services in the past, they have been for extortion or revenge, for example, [perpetrated] by angry ex-employees,” Rebekah Brown, threat intelligence lead from Rapid7, said. “Those type of actors do not typically have the time or skills to launch [a TDoS] attack.”
But taking the old-school route, via telephone, to attack emergency services with denial-of-service has been kicking around long enough that three years ago, the Department of Homeland Security the FBI jointly issued a warning about TDoS attacks.
Because the problem has been around -- in theory if not often in practice -- for years, it’s not surprising that possible fixes have also been bandied about. Some industry observers suggest that mobile carriers or emergency services systems could block calls from phones that are making repeated 911 calls or that lack the subscriber and equipment identifiers that are typically lost when a cell phone is hijacked by malware and used for TDoS attacks.
In fact, the Federal Communications Commission proposed that carriers should not have to process such calls. However, given the potential blowback and litigation that could ensue for carriers if they failed to process a legitimate emergency call that simply had the earmarks of a phony, it’s likely that wireless carriers will keep processing all calls that come their way, observers said. “The potential liability involved for inadvertently disabling legitimate 911 calls renders most blocking approaches non-starters,” said Al Pascual, head of fraud and security research for Javelin Strategy & Research.
Another option would be for mobile phone manufacturers to install firewalls in their devices to detect and block the repeated call activity that indicates botnet-malware. However, SANS Technology Institute’s Dean of Research, Johannes B. Ullrich, said he “doubts that this can be easily done.”
Experts seem to agree that the best long-term plan would be to increase the capacity of these overwhelmed emergency systems and better comb through calls. “I think to really solve the overload issue, some additional filtering needs to be put in place,” Ullrich said.
Pascual agreed, “Increasing capacity, even if it is only on an as-needed basis, is the most realistic option.”
Karen Epper Hoffman is a freelance writer based in the Seattle area.