CyberEye

By Patrick Marshall

Blog archive
Phone DOS hacker

Phone DOS: What's in it for the crooks

The Homeland Security Department has warned emergency communications centers about a recent spate of denial of service attacks against Public Safety Answering Points and other government phone lines in an effort to extort money from them. Although the audacity -- or stupidity -- of targeting government offices for extortion might be new, Telephony DOS (TDOS) has been around for some time.

Back in 2010 the FBI warned  of a surge of TDOS incidents that apparently were diversions for more serious crime. “During these TDOS attacks, online trading and other money management accounts are being accessed by the perpetrators who are transferring funds out of those accounts,” the agency warned. While the crooks were accessing the victim’s account to change the profile and allow looting, the legitimate phone number was being blocked to keep the victim from accessing the account and to keep account managers from calling to verify changes being made. One victim in Florida lost $400,000.

The bad guys used multiple voice over IP accounts with automatic dialers to flood the target number. But if you don’t want to go to the trouble of doing this yourself, there are people who will do it for you at reasonable rates.

Research analyst Curt Wilson at Arbor Networks last year reported several hacker ads for TDOS-as-a-service. “We also provide service to flood telephones (both mobile and stationary) from $20 a day,” one ad promised. Another offered the service starting at $5 an hour, up to $40 for an entire day. The service providers can either use their own PBX software or can compromise VOIP or PBX systems to use them as bots in TDOS attacks.

“Default credentials are one of the security weaknesses that the attackers leverage to gain access to the VOIP/PBX systems, so organizations should ensure that their telecommunications systems credentials are strong enough to resist brute force attack, and that the ability to reach the telephone system is limited as much as possible in order to reduce the attack surface and convince the attacker to move on to the next victim,” Wilson warned.

There is no word on whether any of the communications offices targeted in the most recent round of attacks have paid the extortion money. But, as Wilson observed last year, “clearly, there is money to be made in the underground economy or these services would not be advertised.”

Posted by William Jackson on Apr 08, 2013 at 9:39 AM


Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.