Here is a recent article on toll fraud on mobile devices.
Links to various TDoS articles around the web from the last 3 months.
There have been multiple articles describing a “botnet” of 1000’s of compromised smartphones, which all make calls to a 911 Public Safety Answering Point (PSAP) or some other target. A smartphone-based attack is the primary way to generate a TDoS attack against a PSAP
I don't know how widely "The Cyber Shield" is distributed. I believe we get it because some of our folks have security clearances (so if true, lots of people get it). Anyway, there is some info about our recent article in Government Computer News (GCN). I copied the info and provided a link to the bulletin below
See the article below about a young hacker who "accidentally" or so he says, generated a Telephony Denial of Service (TDoS) attack against 911 facilities in the Phoenix area
See the follow up article below in GCN, describing how the Department of Homeland Security (DHS) Science and Technology (S&T) Cyber Security Division (CSD) is working with SecureLogix help address the issue of Telephony Denial of Service (TDoS) attacks in 911 environments.
Check out the following articles on Telephony Denial of Service (TDoS) and how it could affect 911 systems.
There have been several articles about a bust of at least 70 people in India, who are behind some of the IRS scam phone scam.
Here are a couple of links to the Department of Homeland Security (DHS) Cyber Security Division (CSD) showcase earlier this year.
It is time to start blogging again. I have been really busy. Aside from normal work, I am ramping up my work with the Cyber Security Division (CSD) of DHS S&T...
Here is a video from last years DefCon on how to use a burner cell phone to generate a bunch of calls for a Telephony Denial of Service (TDoS) attack. This allows an attacker to create a virtually untraceable and highly anonymous attack. Even with a single phone, you can generate enough calls for a long enough period, to affect a small target, such as a hospital ER/ICU, small business, a small PSAP, etc.
The National Law Review included a brief article on Telephony Denial of Service. Mostly talking about the impacts to health care and emergency services. Check out the article at the link below:
For those following my blog, you know that Telephony Denial of Service (TDoS) is a flood of unwanted inbound calls, typically to an enterprise contact center. The calls can arrive at any enterprise or any part of an enterprise, but are normally targeted at critical voice lines. This includes 911, other public safety numbers, hospital emergency rooms and intensive care units, key parts of financial contact centers, and other organizations. TDoS attacks are the most significant form of voice-related DoS, because they involve malicious calls, are easy to generate, and can affect enterprises using both TDM and SIP networks. The following diagram illustrates a TDoS attack:
The Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and service providers have produced a number of warnings and bulletins about TDoS. A few of the more recent ones can be found in prior posts on this blog.
There have been over 1000 attacks reported to service providers and the Department of Homeland Security (DHS). A good summary can be found at https://nakedsecurity.sophos.com/2014/01/22/tdos-extortionists-jam-phone-lines-of-public-services-including-hospitals/.
Attacks such as this are simple, but still very effective. They do not involve a significant amount of volume in terms of concurrent calls and they are not very sophisticated or complex in terms of spoofing call information, such as the calling party number or ANI. We expect that in the near term, more complex attacks will be seen, involving greater sophistication in terms of spoofing call information and much greater volume. The following table illustrates the progression we have seen and expect in the future for TDoS:
In a short amount of time, we expect these attacks to become more common, be more sophisticated (complex), and involve greater volume (distributed). This will make the attacks much more difficult to detect and mitigate, both for the target enterprise as well as service providers.
The DHS Science and Technology Directorate (S&T) Cyber Security Division (CSD) recognizes the TDoS threat and has funded SecureLogix for two Research and Development (R&D) efforts. The first effort is to define the evolving threat, define enterprise and service provider countermeasures, and build solutions for these environments. The second effort involves a broad look at security issues affecting Next Generation 911, including TDoS, which will be particularly disruptive for these environments. These R&D efforts will produce a TDoS solution that can address the most sophisticated attacks, for both TDM and SIP networks, within both enterprise and service provider networks. While the final solution is still being developed, a basic approach involves use of several filters, which score calls based upon pre-call signaling information, queries to network authentication services, and then content and possible use of turing tests. All controlled by enterprise-defined policy. These filters are shown in the following diagram:
We will be posting more information as this R&D effort progresses. You can track our progress on these efforts by following this blog and our twitter feeds at @markcollier46 and @dhsscitech.
This is one of the best articles I have read in a while. It covers how Pakistan captured multiple individuals on the FBI's most wanted list
Here is a link to a recent webinar I did back in March on Telephony Denial of Service (TDoS). We did this with one of our partners, iSight. The focus was on dealing with this issue in contact centers.
Here is a link to a YouTube video describing a new VoIP Security scanner/penetration tool named "Bluebox-ng". I have not played with it, but it looks pretty cool. It has been a while since we have seen any new VoIP security tools.
I attached a briefing from the Florida Department of Law Enforcement describing a threat from Anonymous to target federal and local law enforcement and Child Protective Services (CPS) with Telephony Denial of Service (TDoS) attacks.
The article below describes a new Telephony Denial of Service (TDoS) generation tool:
This tool appears to be an evolution of the one described in the following article:
As stated in the article, TDoS is a flood of inbound calls, which target a set of phones critical to business operation. The target phones (and numbers) can be any part of a business or enterprise, but are generally those making up a public facing contact center, including those used for banking, finance, health care (emergency rooms and ICUs), government, and public safety. A TDoS attack may be of sufficient volume to overwhelm an entire business or enterprise, but can be equally effective with a smaller amount of traffic, if targeting critical resources. In this way, it is more about selecting the proper target phones and numbers (normally pulled of of public websites), timing (during the busiest part of the day and season), and complexity of the attack (spoofing the calling number), than it is about an overwhelming amount of traffic.
There are a number of ways to generate TDoS attacks, including use of SIP trunks and free PBX software such as Asterisk, possibly using Skype as referenced in the article, or using a tool like the one described in the article. The advantage of a tool such as this is:
- It can generate a sufficient number of concurrent calls to overwhelm a small or moderately sized target.
- Is turnkey and easier to set up than a SIP trunk and Asterisk.
- Can generate a complex attack (assuming that it can indeed spoof the calling number for all calls).
- Is anonymous and hard to track. It can be used anywhere where there is cellular coverage.
- Is difficult for a service provider to shut down, because the calls are coming in through the cellular network
The last point is significant, because this means of originating TDoS calls is more difficult for the service provider to isolate, than say many calls coming from a single SIP trunking provider.
The TDoS attacks enabled by this tool can be used purely for disruption, as a threat to enable extortion, or to flood a victim with calls (or texts) to prevent authentication calls from the victim’s bank.
There have been several advertisements for Telephony Denial of Service (TDoS) attack services popping up. I provided a link to one below. These seem to come and go, as they are removed from sites, but this one has been up for a while. The service is very cheap, $70 for week, which if targeted towards a hospital emergency room, Intensive Care Unit (ICU), public safety site, or any small business, where there are a handful of critical phones and attendants, this service would be very disruptive. Of course there are other ways to do this yourself - using Asterisk and SIP trunking, but this is easier for a non-technical attacker.
They even offer a 10 minute free trial :)
Since I saw the service, it has been enhanced to state that the calls can be made with different source numbers. I don't know how sophisticated this is - are they random, legit numbers, etc., but of course this makes an attack much harder to deal with.
It isn't clear what the flood capacity is. it says the interval between calls is 1-3 seconds. The calls are automatically generated. You have the option of playing an audio file, but that costs more (requires the attacker to generate RTP).
If anyone tries it out, please let me know the results.
Here is a link to the webinar I did this week, along with Cisco, on Telephony Denial of Service. You do have to register, but that is a small price to pay :)