Imagine this scenario:
You’re a call taker at a 9-1-1 center and you receive an incoming call from someone representing a payday loan company asking you to pay $5000 to settle an uncollected debt. Of course, you don’t owe this debt and refuse to pay. After a brief exchange the caller disconnects.
What follows is utter chaos.
All the phone lines light up simultaneously as your PSAP (Public Safety Answering Point) is deluged with incoming calls. You and your fellow operators answer calls at breakneck pace, but many of the calls sound like nothing more than white noise or an unintelligible voice. People who actually need help can’t get through because of the onslaught of “fake” calls.
Sound like a scene out of a movie? Unfortunately it’s not.
What we’ve just described is a Telephone Denial of Service (TDoS) attack. They’ve been happening more and more to 9-1-1 call centers in recent months and have even drawn the Department of Homeland Security’s attention. They’re nothing more than an extortion scheme with potentially tragic consequences.
The Session Initiation Protocol (SIP) software that allows these attackers to take control of our phone lines is inexpensive. This software can make large quantities of calls continuously, using a different number on each call, and playing the aforementioned white noise or inaudible voice whenever a call is answered.
Ironically, the tools needed to combat these well orchestrated attacks are costly. Mitigation solutions are expensive and routing calls to a PSAP that has been hardened against TDoS attacks is not an easy task. Most PSAP’s use proprietary software packages specific to their needs, making integration difficult and cost prohibitive.
PSAP’s that have not begun implementation of NG9-1-1 standards are at the greatest risk because of their inability to receive communications from multiple channels. The attackers rely on the fact that these PSAP’s receive predominantly landline and VoIP calls and use the same set of phone lines to contact emergency services after receiving incident reports.
On the bright side, cell phone calls are difficult to spoof, so call takers can more easily recognize legitimate calls from this source. In addition, PSAP’s who’ve begun to implement NG9-1-1 standards have had success receiving text messages that are also difficult to spoof. As PSAP’s continue to implement NG9-1-1 standards and migrate to IP based systems, TDoS attacks will be easier to spot and will occupy a far smaller percentage of available call capacity.
The National Emergency Number Association (NENA) has published a series of best practices to help PSAP’s combat TDoS attacks. An excerpt appears below.
1. Before a TDoS Event
2. During a TDoS Event
3. After a TDoS Event
TDoS attacks are serious business. Lives hang in the balance as phone lines are choked by spam calls. Every PSAP needs to start taking action to combat these attacks. The best course of action is to upgrade to NG9-1-1 compatible technology as soon as possible.
To make the transition easier, Versadial has committed to staying current with the latest NG9-1-1 developments. We offer a fully NG9-1-1 compatible recording solution that is adaptable to PSAP specific needs and affordably priced. Give us a call today.