Harassing Call/Bomb Threat Against Walmart Stores

Over the weekend, an attacker generated multiple bomb threat calls into Walmart stores in the Kansas area. At least 2 stores were evacuated, with as many as 10 stores threatened. According to the story, the attack was automated (the threat was pre-recorded), so there is a good chance there will be more attacks. Here is a link to some national and local coverage:

http://gma.yahoo.com/walmart-bomb-threats-rattle-kansas-missouri-223031622--abc-news-topstories.html

http://www.kctv5.com/story/19134939/police-respond-to-two-separate-walmart-bomb-threats

What the attacker has done here is quite simple. I would assume they gathered a groups of numbers from one of many sources on the Internet. They could have certainly gathered a lot more.

Once the numbers are gathered, the attacker can manually make calls and play a pre-recorded threat. This can be as crude as making the call, playing a .wav file on a computer, and placing the microphone next to the computer speaker. The attack could also be fully automated, where the attacker has a call generation tool (Asterisk + a call generator work great) and SIP access to the network.

If they are smart, they are also spoofing their Caller-ID. This is trivial with Asterisk. It is also easy with a number of services, including Spoofcard and PhoneGangster. Phone Ganster also has apps that run on smart phones.

We are likely to see a lot more of thse types of attacks. It is easy and cheap to anonymously send threatening calls. Threatening/harassing calls are just one use case - we will also see voice SPAM, phishing, and TDoS. One day target enterprises and government agencies may receive so many threatening calls, that their customers/employees spend a lot of time outside their doors and/or start ignoring real attacks.