Threat Management, Incident Response, TDR

Public safety personnel targeted by DoS attacks flooding phone lines

Telephone lines for public safety and emergency communication workers have been inundated with bogus calls, an attack characterized by the U.S. Department of Homeland Security and FBI as telephony denial-of-service (TDoS), which is being used to extort money from victims.

Last month, both agencies issued a joint alert to public sector personnel at emergency call centers. On Monday, security blogger Brian Krebs posted the security alert on his website, making the news publicly available.

In the incidents, scammers, described as having a “heavy accent,” called the administrative lines of call centers – not the 9-1-1 lines – pretending to be staff from a collections company for payday loans, the alert said. Using the name of a former, or sometimes non-existent, employee, the callers requested a $5,000 payment from victims. When the victim refuses to pay up, attackers then proceed to flood the centers with calls.

Authorities did not explain how the attacks are being launched, but the alert said that after the initial contact from the fraudsters, calls can occur for “an unspecified, but lengthy period of time.”

The barrage of calls sometimes persists in random spurts over the course of weeks or months, law enforcement said.

The Association of Public-Safety Communications Officials (APCO), a Daytona Beach, Fla.-based trade association, said more than 200 TDoS attacks had been identified by law enforcement, according to a best practices notice posted on its site last Thursday.

“Information continues to be received from multiple jurisdictions indicating the existence of ongoing attacks targeting the telephone systems of public sector entities,” the notice said.

SY Lee, a DHS spokesman, told on Tuesday in an email that the agency was “working with [its] federal and private sector partners to develop effective mitigation and security responses” for the incidents.

Vipul Vyas, vice president of financial solutions at Victrio, a Menlo Park, Calif.-based company that provides voice authentication services for call centers, told on Tuesday that at least two U.S. banks have been targeted by similar TDoS attacks during the last two weeks.

Vyas did not provide the names of the banks, as they are clients of Victrio whose technology allows users to catch suspicious activity by matching scammers' voices to a database of past fraudulent calls.

If targeted by the scam callers, APCO suggested that victims save the voice recording and make note of all pertinent information – such as phone numbers, account information mentioned by the caller, and the number of calls per hour or day.

Victims also should report the attacks to the Internet Crime Complaint Center (IC3).


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.