The FBI has warned that US aimed telephony denial-of-service attacks are taking aim at emergency dispatch centres, which could make it impossible to call for police, fire, or ambulance services.
Telephony Denial-Of-Service (TDoS) attacks, which affect the availability & readiness of call centres, are hitting critical 1st-responder facilities, according to the Federal Bureau of Investigation (FBI).
Flooding a Target
A TDoS attack is designed to prevent incoming & outgoing calls, by flooding a target with junk calls.
“The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service,” according to a recent announcement from the FBI.
Worryingly, TDoS attacks have been hitting Public Safety Answering Points (PSAPs), which are call centres responsible for connecting callers to emergency services, such as police, firefighting, or ambulance services.
“PSAPs represent key infrastructure that enables emergency responders to identify & respond to critical events affecting the public,” according to the FBI. “The resulting increase in time for emergency services to respond may have dire consequences, including loss of life.”
The FBI also warned that TDoS attacks could be used in conjunction with a physical attack, when calls to 911 & other emergency numbers would crest.
Workings of Attacks
TDoS attacks can be manual or automated, according to the FBI. In the case of the former, adversaries typically use social networks to encourage individuals to flood a particular number with a calling campaign.
An automated TDoS attack on the other hand uses VoIP software & session initiation protocol (SIP) to make 10s or 1000s of calls, simultaneously or in rapid succession.
“Numbers & call attributes can be easily spoofed, making it difficult to differentiate legitimate calls from malicious ones,” says the alert.
TDoS attacks are not new ; Arbor Network started noticing an increase in attacks targeting telephony system infrastructure as far back as July 2012. They claimed that the method is a relatively cheap option for cyber-criminals looking into diversifying their attack patterns.
There are a number of reasons why attackers might turn to TDoS. For instance, hacktivists or social-cause-motivated cyber-criminals might target municipal services to advance or highlight a political cause, the FBI explained.
Pure financial gain is another motive. TDoS attacks are sometimes part of extortion schemes aimed at private companies in which attackers impersonate a collections agency representative collecting an outstanding & fictional loan or other fee.
If the target does not pay, the attacker launches the TDoS attack that, if successful, inundates the call-centre with call traffic & ultimately overwhelms it, potentially making it impossible to complete ingoing & outgoing calls.
Malicious actors may also use TDoS attacks to harass call centres and distract operators just “for fun,” with a disregard for harmful effects. These attacks may be accompanied by messaging on social media platforms in order to increase the severity, said the FBI.
Preparing for an Emergency
The FBI noted that citizens can be prepared for a TDoS attack.
“The public can protect themselves in the event that 911 is unavailable by identifying in advance non-emergency phone numbers & alternate ways to request emergency services in their area,” the FBI counselled.
Steps advised to take in the US include:
- Contact local emergency services authorities for information on how to request service in the event of a 911 outage.
- Find out if text-to-911 is available in your area.
- Have non-emergency contact numbers for fire, rescue & law enforcement readily available.
- Sign up for automated emergency notifications from your locality.
- Identify websites & follow social media for local emergency response.