CyberEye

By Patrick Marshall

Blog archive
Phone DOS hacker

Phone DOS: What's in it for the crooks

The Homeland Security Department has warned emergency communications centers about a recent spate of denial of service attacks against Public Safety Answering Points and other government phone lines in an effort to extort money from them. Although the audacity -- or stupidity -- of targeting government offices for extortion might be new, Telephony DOS (TDOS) has been around for some time.

Back in 2010 the FBI warned  of a surge of TDOS incidents that apparently were diversions for more serious crime. “During these TDOS attacks, online trading and other money management accounts are being accessed by the perpetrators who are transferring funds out of those accounts,” the agency warned. While the crooks were accessing the victim’s account to change the profile and allow looting, the legitimate phone number was being blocked to keep the victim from accessing the account and to keep account managers from calling to verify changes being made. One victim in Florida lost $400,000.

The bad guys used multiple voice over IP accounts with automatic dialers to flood the target number. But if you don’t want to go to the trouble of doing this yourself, there are people who will do it for you at reasonable rates.

Research analyst Curt Wilson at Arbor Networks last year reported several hacker ads for TDOS-as-a-service. “We also provide service to flood telephones (both mobile and stationary) from $20 a day,” one ad promised. Another offered the service starting at $5 an hour, up to $40 for an entire day. The service providers can either use their own PBX software or can compromise VOIP or PBX systems to use them as bots in TDOS attacks.

“Default credentials are one of the security weaknesses that the attackers leverage to gain access to the VOIP/PBX systems, so organizations should ensure that their telecommunications systems credentials are strong enough to resist brute force attack, and that the ability to reach the telephone system is limited as much as possible in order to reduce the attack surface and convince the attacker to move on to the next victim,” Wilson warned.

There is no word on whether any of the communications offices targeted in the most recent round of attacks have paid the extortion money. But, as Wilson observed last year, “clearly, there is money to be made in the underground economy or these services would not be advertised.”

Posted by William Jackson on Apr 08, 2013 at 9:39 AM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.