DHS and Securelogix Partnering to Prevent Spoofing & TDoS Attacks

Cybersecurity attacks happen all too often, and attackers are becoming more bold and sophisticated by disrupting critical phone systems and putting 911 emergency call centers at risk. Similar to Distributed Denial of Service (DDoS) attacks on critical online services, Telephony Denial of Service (TDoS) attacks render emergency systems unavailable by saturating them with bogus calls and potentially causing great harm to those who truly require urgent first responder attention.  

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has partnered with SecureLogix, a San Antonio-based telecommunications security company, to solve complex TDoS issues and develop defense-based solutions to prevent these attacks. TDoS attackers target 9-1-1 emergency call centers and other critical service providers. These attacks are increasing in frequency and everyone is vulnerable. Reasons for TDoS attacks range from extortion to disruptive pranks. These attacks pose significant risks to banks, schools, hospitals, and even government agencies. When banks are attacked, customers are denied access to their accounts. If synchronized with a DDoS attack against a bank’s internet or mobile presence, this may prevent customers from even contacting their bank.

In 2016, a teenager gained national attention for a well-orchestrated botnet attack against 9-1-1 emergency call centers in the Phoenix area. By modifying and distributing code via his Twitter and YouTube accounts, his followers unwittingly loaded malware onto their phones and made thousands of automatic 9-1-1 calls. 9-1-1 call centers in the Phoenix area were flooded with calls in a matter of minutes. If coordinated with an actual physical terrorist attack, this would be particularly catastrophic, resulting in a large number of victims losing the ability to connect with emergency services.

From S&T’s perspective, our goal is to shift the advantage from TDoS attackers to network administrators by developing the capability to detect and mitigate TDoS, by authenticating callers and detecting call spoofing. These solutions, based on a series of filters that assign a risk-threat score to every call, will enable Next Generation 9-1-1 systems’ administrators to better respond to and manage TDoS threats and attacks. Research and testing is currently underway with our pilot partners, including Palm Beach County 9-1-1 and Greater Harris County 9-1-1, to validate solutions in operational, real-time environments.

Together, S&T and SecureLogix are making rapid progress against call spoofing and robocalls. We are currently developing two TDoS defense solutions:

• Identifying whether or not the call spoofing is a voice recording, aiding in fraud detection
• Separating legitimate emergency calls from spoofing attacks

This research will result in increased protections for the many critical infrastructure sectors DHS protects. Several corporations, including many banks and DHS components, have expressed interest in this technology and SecureLogix will release it into the market in the coming months. We look forward to further developing these new defense mechanisms to prevent future TDoS attacks. Please read the program’s fact sheet for more details.