Call Pumping

FBI Bulletin on Toll Free/1-800 Traffic Pumping

Here is a bulletin from the FBI warning about toll free, 1-800 call pumping attacks. The basic idea (I cover this extensively in my Hacking Exposed: UC and VoIP book) is that the attacker, usually an unscrupulous service provider, generates many (perhaps millions) of calls into 1-800 numbers. They profit because they receive a piece of the 1-800 revenue, which is paid by the owner of the 1-800 number. See the bulletin below:

Download Toll Free Traffic Pumping_11-7-13


There are two types of attacks, one will "spray" many numbers with very short calls, in order to get a piece of the connect time revenue. Another will generate long calls, usually to a smaller number of 1-800 numbers and IVRs, in order to get a piece of the connect and per-minute charges. The latter form may require some analyis of the target 1-800 IVR, and use of tailor audio which dwells in the IVR through use of menu-looping DTMF tones or other audio.

Either type can generate a TDoS condition, if the attacker generates too many calls or if the calls target a part of an IVR or enterprise with limited bandwidth. This is especially true for calls which dwell in the IVR, because they consume more resources.