HackingStopping TDoS attacks

Published 18 April 2017

Imagine if your call to 911, your financial institution, a hospital, or even your child’s school doesn’t get through. In the past few years, 911 emergency call centers, financial services companies and a host of other critical service providers and essential organizations have been victims of telephony denial of service (TDoS) attacks. These attacks are a type of denial of service (DoS) attack in which a voice service is flooded with so many malicious calls valid callers can’t get through. DHS S&T is working to make sure TDoS attacks cannot disrupt critical phone systems.

Imagine if your call to 911, your financial institution, a hospital, or even your child’s school doesn’t get through.

In the past few years, 911 emergency call centers, financial services companies and a host of other critical service providers and essential organizations have been victims of telephony denial of service (TDoS) attacks. These attacks are a type of denial of service (DoS) attack in which a voice service is flooded with so many malicious calls valid callers can’t get through.

DHS Science and Technology Directorate (S&T) says it is working to make sure TDoS attacks cannot disrupt critical phone systems, explained TDoS Program Manager Daniel Massey. The program is part of S&T’s Homeland Security Advanced Research Projects Agency’s Cyber Security Division (CSD) portfolio.

A TDoS attack can be an ‘old-school’ attack, in which the victim is flooded with calls from a group of people using mobile or landline phones. These type of attacks often are coordinated through social networking. This TDoS attack approach most often is used to harass a victim or disrupt its operations.

In a high-tech twist, attackers are using technology such as automated dialing software, Voice over Internet Protocol (VoIP) and compromised mobile phones to send thousands of automated calls to tie up a target’s phone system, rendering it unusable for legitimate incoming and outgoing calls. These attacks are relatively easy and inexpensive and can be launched from anywhere in the world. In many cases, the objective of these attacks is to extort money. Victims range from government agencies to private companies and even individuals.

A typical extortion-type TDoS attack unfolds this way:

A person calls a company claiming to be a debt collector seeking repayment of a past-due loan. The caller threatens to lock up the company’s phone lines with repeated calls unless immediate payment is received. Sometimes the TDoS attack threat prompts victims to pay the ransom because they are either unsure whether they owe the money the attackers demand or they want to avert public embarrassment to the company’s image.

If the payment is not provided, the attack is launched. The ensuing steady stream of calls can last several hours, stop for a while and then resume. Some attacks have continued over an extended period of weeks or even months.

But not all TDoS attacks seek a payment. For instance, last October an Arizona teenager was charged with sending thousands of calls to 911 emergency call centers and law