In the News


Aug 11, 2018 GenX

What Is Telephony Denial of Service (TDoS) Attack and How to Prevent Such Attack

The non-emergency call centre in Howard County, Maryland typically receives 300 to 400 calls a day. On August 11, 2018, however, the non-emergency call centre of the County, was flooded with 2,500 calls in a 24-hour span of time in an attack known as telephony denial of service (TDoS).

What Is Telephony Denial of Service (TDoS) Attack?

Telephony denial of service (TDoS) is a type of denial of service (DoS) attack in which the attackers launch high volume of calls and keeping those calls active for as long as possible against the target network, preventing legitimate calls to come in. TDoS is a threat not just to government and large enterprises, but also to small and medium-sized organizations.

TDoS attacks have evolved from manual to automation. An example of a manual TDoS attack is leveraging social media such as Facebook and Twitter to organize individuals into a TDoS calling campaign. A report by SecureLogix showed that the vast majority of TDoS attacks use automation to generate the attack calls. The Howard County TDoS attacker, for instance, used automation in attacking the County.

James Cox, network-server team manager for the Howard County, told Cisco that a lone foreign malicious actor was responsible for the TDoS attack on the County. The motive of the attack, Cox said, was money. This foreign malicious actor, he said, was being paid by a third party for tying up the phone lines by having long conversations.

The TDoS attack on the non-emergency call centre in Howard County was pulled off by acquiring phone numbers and using a server based in Europe and made it look like the phone numbers were local numbers. With this set-up, every call made was considered as an international call, which carriers paid, allowing the 3rd party to profit from this scheme. The foreign malicious actor, meanwhile, made pennies for every minute a phone line is tied up.

TDoS attack isn’t a new threat. In 2013, the U.S. Federal Bureau of Investigation (FBI) and U.S. Department of Homeland Security (DHS) issued a joint alert regarding the TDoS threat, a copy of which was reposted on security journalist Brian Krebs’s site. The joint alert reported that dozens of TDoS attacks targeted the administrative public safety answering points lines (not the 911 emergency line), launching high volume of calls against these lines and tying up the system from receiving legitimate calls…