Twitter Buttons

Sunday, April 7, 2013

TDos Attacks On Public Agency PSAP Centers

 Criminal Telephony Denial of Service (TDoS) Against Public Safety Communications
Recent TDoS attacks against public agency PSAP facilities are part of an extortion scheme

 The DHS-Office of Emergency Communications, DHS - Office of Infrastructure Protection, Federal Communications Commission, the National Cyber and Forensics Training Alliance, the FBI-National Cyber Investigative Joint Task Force working in coordination with the Association of Public Safety Communications Officials (APCO) International, the National Emergency Numbers Association (NENA), Louisiana Fusion Center, Mansfield Police Department and telecommunications service providers to identify and mitigate the effects of a criminal Telephony Denial of Service (TDoS) against public safety communications, hospitals and ambulance services. 

Background: Information received from multiple jurisdictions indicates the possibility of attacks targeting the telephone systems of public sector entities. Dozens of such attacks have targeted the administrativePSAP lines (not the 911 emergency line), The perpetrators of the attack have launched high volume of calls against the target network, tying up the system from receiving legitimate calls. This type of attack is referred to as a TDoS or Telephony Denial of Service attack. These attacks are ongoing. Many similar attacks have occurred targeting various businesses and public entities, including the financial sector and other public emergency facilities.

Los Angeles Police Department (LAPD) communication dispatch center
Photo Credit: APCO -

Scheme: These recent TDoS attacks are part of an extortion scheme. This scheme starts with a phone call to an organization from an individual claiming to represent a collections company for payday loans. The caller usually has a strong accent of some sort and asks to speak with a current or former employee concerning an outstanding debt. Failing to get payment from an individual or organization, the perpetrator launches a TDoS attack. The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time. The attack can prevent both incoming and/or outgoing calls from being completed. It is speculated that government offices/emergency services are being “targeted” because of the necessity of functional phone lines.

What we know: 
  • The attacks resulted in enough volume to cause a roll over to the alternate facility.
  • The attacks last for intermittent time periods over several hours. They may stop for several hours, then resume. Once attacked, the attacks can start randomly over weeks or months. 
  • The attacks followed a person with a heavy accent demanding payment of $5,000 from the company because of default by an employee who either no longer works at the PSAP or never did. 
What we need from victims:
 Additional insight into the scope and impact of the event- specifically how many communications
centers have been attacked is critical to identifying the true scope of this occurrence.
 In order to ensure situational awareness with our members and member agencies, it is critical
that this information be disseminated to emergency communications centers, PSAP’s,
government IT departments, and any related government agency with a vested interest in
emergency communications continuity of operations.

Recommend the following:

  • Targeted organizations should not pay the blackmail. 
  • Report all attacks to the FBI by logging onto the website
    o Ensure in the title of the report you use the keyword TDoS
    o Ensure that you identify yourself as a PSAP or Public Safety organization capture as much details as possible 
  • Calls logs from “collection” call and TDoS
  • Time, date, originating phone number, traffic characteristics. 
  • Call back number to the “collections” company or requesting organization. 
  • Method of payment and account number where “collection” company requests debt to be paid. 
  • ANY information you can obtain about the caller, or his/her organization will be of tremendous assistance in this investigation and in preventing further attacks. 
  • Contact your telephone service provider; they may be able to assist by blocking portions of the attack. 
This information is being passed through as a courtesy. CFN had no part in
developing this information and has not verified the contents to be factual.

This was part of a Department of Homeland Security (DHS) NCCIC - National Coordinating Center for Communication found as open source here: http://krebsonsecurity.com

CFN - California Fire News 2013 


Twitter links

****REMINDER**** Every fire has the ability to be catastrophic. The wildland fire management environment has profoundly changed. Growing numbers of communities, across the nation, are experiencing longer fire seasons; more frequent, bigger, and more severe, fires are a real threat. Be careful with all campfires and equipment.
View blog top tags