Recent TDoS attacks against public agency PSAP facilities are part of an extortion scheme
The DHS-Office of Emergency Communications, DHS - Office of Infrastructure Protection, Federal Communications Commission, the National Cyber and Forensics Training Alliance, the FBI-National Cyber Investigative Joint Task Force working in coordination with the Association of Public Safety Communications Officials (APCO) International, the National Emergency Numbers Association (NENA), Louisiana Fusion Center, Mansfield Police Department and telecommunications service providers to identify and mitigate the effects of a criminal Telephony Denial of Service (TDoS) against public safety communications, hospitals and ambulance services.
Scheme: These recent TDoS attacks are part of an extortion scheme. This scheme starts with a phone call to an organization from an individual claiming to represent a collections company for payday loans. The caller usually has a strong accent of some sort and asks to speak with a current or former employee concerning an outstanding debt. Failing to get payment from an individual or organization, the perpetrator launches a TDoS attack. The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time. The attack can prevent both incoming and/or outgoing calls from being completed. It is speculated that government offices/emergency services are being “targeted” because of the necessity of functional phone lines.
What we know:
- The attacks resulted in enough volume to cause a roll over to the alternate facility.
- The attacks last for intermittent time periods over several hours. They may stop for several hours, then resume. Once attacked, the attacks can start randomly over weeks or months.
- The attacks followed a person with a heavy accent demanding payment of $5,000 from the company because of default by an employee who either no longer works at the PSAP or never did.
Additional insight into the scope and impact of the event- specifically how many communications
centers have been attacked is critical to identifying the true scope of this occurrence.
In order to ensure situational awareness with our members and member agencies, it is critical
that this information be disseminated to emergency communications centers, PSAP’s,
government IT departments, and any related government agency with a vested interest in
emergency communications continuity of operations.
Recommend the following:
- Targeted organizations should not pay the blackmail.
- Report all attacks to the FBI by logging onto the website www.ic3.gov
o Ensure in the title of the report you use the keyword TDoS
o Ensure that you identify yourself as a PSAP or Public Safety organization capture as much details as possible
- Calls logs from “collection” call and TDoS
- Time, date, originating phone number, traffic characteristics.
- Call back number to the “collections” company or requesting organization.
- Method of payment and account number where “collection” company requests debt to be paid.
- ANY information you can obtain about the caller, or his/her organization will be of tremendous assistance in this investigation and in preventing further attacks.
- Contact your telephone service provider; they may be able to assist by blocking portions of the attack.
This information is being passed through as a courtesy. CFN had no part in
developing this information and has not verified the contents to be factual.
This was part of a Department of Homeland Security (DHS) NCCIC - National Coordinating Center for Communication found as open source here: http://krebsonsecurity.com – http://krebsonsecurity.com/wp-content/uploads/2013/04/DHSEM-16-SAU-01-LEO.pdf
CFN - California Fire News 2013