Criminals carry out phone-based DoS attacks on emergency services

Cyber criminals are tying up emergency phone lines with telephone DoS efforts, according to a top security expert.

TDoS is becoming a common weapon, both of annoyance and to extort cash from targets, including businesses and public service agencies

Security expert Brian Krebs wrote in his blog that TDoS attacks use high volumes of automated calls to tie up target phone systems, halting incoming and outgoing calls.

So far there have been dozens of such attacks which have targeted the administrative public safety answering point lines, but fortunately not the 911 emergency line, according to the alert. The idea is that these offices are targeted because the crooks need functional phone lines to carry out their attacks.

Many attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency operations interests, including air ambulance, ambulance and hospital communications, Krebs wrote.

The idea is that the hackers are paid protection money by the target organisations, according to the alert. The scam starts with the organisations getting a call from a representative from a purported payday loan company, during which a caller, usually speaking in a “strong accent,” demands payment of $5,000 for an outstanding debt.

If the caller is told to go forth and multiply, the perpetrator launches a TDoS attack. The attacks can last for several hours. They may stop for a period of time, then resume, once an organisation is attacked, it may suffer random attacks over weeks or months.

The attacks are possible now that free IP-PBX software such as Asterisk, as well as computer-based call-generation tools and easy-to-access SIP services, have become available, Krebs wrote. This makes it cheaper for criminal pond life to get their paws on such gear and start their own extortion rackets without much in the way of technical knowhow.