A DHS Fusion Center bulletin is warning telecom providers about the emergence of denial-of-service attacks aimed at VoIP services. The warning was leaked to reporter Brian Krebs, and has since been forwarded to several law enforcement agencies and call centers.
According to the bulletin, there have been several targeted attacks to the telephone systems of public sector entities. Such attacks have been named TDoS, or Telephone Denial-of-Service – as the attacker launches a high-volume of calls that flood the phone network and prevent legitimate communications from going in or out of the network.
“Many companies and telecom providers were quick to embrace IP-based telephony; the ability to route telephone calls over the Internet instead of over the original POTS-style system has led to all sorts of benefits: simple ways to connect geographically-diverse offices to the same phone system, global relocation of call centers, improved call quality and reliability,” commented Richard Henderson, a Security Strategist for Fortinet.
“On the telecom side of things, it’s almost impossible to find a Central Office where their switching equipment hasn’t moved to IP. The nature of IP-based telephony makes it easy for companies to locate a call center overseas while making the call appear to have come from a domestic number – but that ability to spoof Caller ID can be used for all sorts of mischief as well.”
This spoofing ability has prevented victims of a TDoS attack from identifying the attacker with any degree of success. Victims have described a person with an accent posing as a collections agent, demanding a payment of $5,000 USD from the company due to the actions of an alleged employee.
If payment isn’t made, then the attacks start. Such attacks can last for hours, starting and stopping at random intervals for weeks at a time. The bulletin warns that, “government offices/emergency services are being targeted because of the necessity of functional phone lines.”
The DHS is urging victims to report as much information as they can to the FBI, via the IC3 (www.ic3.gov). In particular, they are interested in call logs and timestamps, as well as the telephone number used by the “collections” agent noting that, “any information you can obtain about the caller, or his/her organization will be of tremendous assistance.”
As it turns out, TDoS attacks are not new. According to SecureLogix, a unified communications security firm in Texas, such attacks were booming last year. “One reason we’re seeing an increase in voice attacks and schemes is the adoption of Voice-over-Internet Protocol (VoIP),” said Mark Collier, SecureLogix CTO and vice president of engineering.
“Free IP-PBX software such as Asterisk/Tribox, computer-based call generation tools, and easy-to-access SIP services greatly lower the barrier-to-entry for voice network attackers,” Collier added. “Call generation is set up quickly and used to generate harassing calls, TDoS, voice phishing and SPAM — and for brute-force probe attacks into call center IVRs for account information used for social engineering.”