Credit: Matjaz Boncina
Emergency-service providers and other organizations are being targeted with TDoS (telephony denial of service) attacks, according to a security alert from the Department of Homeland Security (DHS) and the FBI obtained by security expert Brian Krebs. TDoS attacks use high volumes of automated calls to tie up target phone systems, halting incoming and outgoing calls.
"Dozens of such attacks have targeted the administrative PSAP [public safety answering point] lines (not the 911 emergency line)," according to the alert. "It is speculated that government offices/emergency services are being 'targeted' because of the necessity of functional phone lines."
Emergency service providers aren't the only organizations being targeted: "Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications."
Perpetrators are using the attacks to extort cash from target organizations, according to the alert. They start with the organizations receiving a call from a representative from a purported payday loan company, during which a caller -- usually speaking in a "strong accent" -- demands payment of $5,000 for an outstanding debt, according to the alert.
Failing to get payment from an individual or organization, the perpetrator launches a TDoS attack. The attacks can last for several hours. They may stop for a period of time, then resume -- and once an organization is attacked, it may suffer random attacks over weeks or months.
"According to a recent report from SecureLogix, a company that sells security services to call centers, free IP-PBX software such as Asterisk, as well as computer-based call-generation tools and easy-to-access SIP services, are greatly lowering the barrier-to-entry for voice network attackers," Krebs wrote.
This article, "Cyber criminals tying up emergency phone lines through TDoS attacks," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.