FBI warns of the consequences of telephony denial-of-service (TDoS) attacks

The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers.

The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives.

TDoS attacks could render telephone systems unavailable making it impossible to make and receive calls, a scaring scenario when the attackers target 911 or other emergency call centers.

TDoS attacks could be manual or automated. Threat actors behind manual TDoS attacks use social networks to encourage individuals to call a call center simultaneously flooding it.

An automated TDoS attack leverages specific applications that allows attackers to make tens or hundreds of calls simultaneously, caller attributes can be easily spoofed making it impossible to differentiate legitimate calls from malicious ones.

“A TDoS attack is an attempt to make a telephone system unavailable to the intended user(s) by preventing incoming and/or outgoing calls. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service. The resulting increase in time for emergency services to respond may have dire consequences, including loss of life.” reads the FBI’s public service announcement.

“TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves in the event that 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area.”

The motivations behind this type of attacks are multiple, including hacktivism, financial gain through extortion, or harassment.

The FBI also provided a list of guidelines on how to prepare for a 911 outage:

• Before there is an emergency, contact your local emergency services authorities for information on how to request service in the event of a 911 outage. Find out if text-to-911 is available in your area.
• Have non-emergency contact numbers for fire, rescue, and law enforcement readily available in the event of a 911 outage.
• Sign up for automated notifications from your locality if available to be informed of emergency situations in your area via text, phone call, or email.
• Identify websites and follow social media for emergency responders in your area for awareness of emergency situations.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, TDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]