Telephone Denial of Service (TDoS) Attack on Public Safety

Telephone Denial of Service (TDoS) Attack on Public Safety

Last Updated on March 13, 2020


Imagine this scenario:
You’re a call taker at a 9-1-1 center and you receive an incoming call from someone representing a payday loan company asking you to pay $5000 to settle an uncollected debt. Of course, you don’t owe this debt and refuse to pay. After a brief exchange the caller disconnects.

What follows is utter chaos.

All the phone lines light up simultaneously as your PSAP (Public Safety Answering Point) is deluged with incoming calls. You and your fellow operators answer calls at breakneck pace, but many of the calls sound like nothing more than white noise or an unintelligible voice. People who actually need help can’t get through because of the onslaught of “fake” calls.

Sound like a scene out of a movie? Unfortunately it’s not.

What we’ve just described is a Telephone Denial of Service (TDoS) attack. They’ve been happening more and more to 9-1-1 call centers in recent months and have even drawn the Department of Homeland Security’s attention. They’re nothing more than an extortion scheme with potentially tragic consequences.

The Session Initiation Protocol (SIP) software that allows these attackers to take control of our phone lines is inexpensive. This software can make large quantities of calls continuously, using a different number on each call, and playing the aforementioned white noise or inaudible voice whenever a call is answered.

Ironically, the tools needed to combat these well orchestrated attacks are costly. Mitigation solutions are expensive and routing calls to a PSAP that has been hardened against TDoS attacks is not an easy task. Most PSAP’s use proprietary software packages specific to their needs, making integration difficult and cost prohibitive.

PSAP’s that have not begun implementation of NG9-1-1 standards are at the greatest risk because of their inability to receive communications from multiple channels. The attackers rely on the fact that these PSAP’s receive predominantly landline and VoIP calls and use the same set of phone lines to contact emergency services after receiving incident reports.

On the bright side, cell phone calls are difficult to spoof, so call takers can more easily recognize legitimate calls from this source. In addition, PSAP’s who’ve begun to implement NG9-1-1 standards have had success receiving text messages that are also difficult to spoof. As PSAP’s continue to implement NG9-1-1 standards and migrate to IP based systems, TDoS attacks will be easier to spot and will occupy a far smaller percentage of available call capacity.

The National Emergency Number Association (NENA) has published a series of best practices to help PSAP’s combat TDoS attacks. An excerpt appears below.

1. Before a TDoS Event
a) Discuss how to respond to a TDoS event with your service provider. These discussions might include both your telephone service providers (9-1-1 and Administrative phones – if separate providers) as well as your 9-1-1 Equipment vendors.
b) Ensure that the Public Safety Telecommunicators and their supervisors have access to the phone number and direct contact information for the service provider’s personnel or division equipped to respond to a public safety TDoS.
c) Discuss with your telephone system engineer or technician possible configuration changes to isolate critical phone lines (incoming 9-1-1 calls for service) from administrative and other lines, taking into account hunt-groups, busy or no-answer rollover to other lines, rollover to other PSAPs, etc. Prevent an overload of non-critical lines from rolling-over to lines answered by 9-1-1 call-takers
d) Remind employees of their obligations to protect personally identifying information, and how to protect themselves from identity theft (click here for an example). Additionally, if an attack were to occur at your agency reassure the targeted employee that they are not responsible for the attack. They and the center are merely victims of a highly sophisticated criminal enterprise.

2. During a TDoS Event
a) Save the voice recording of suspects who may call before, during or after the TDoS events.
b) Record all phone numbers and account information, if the caller is demanding payment(s):
i. Start and stop times of the events
ii. number of calls per hour or per day
iii. phone numbers and other ANI/ALI information of the incoming calls
iv. IP addresses if applicable
v. Any instructions for how to pay, such as account number, call-back phone number etc.
c) Retain all call logs and IP Logs
d) Attempt to separate the affected phone number from 9-1-1 and other critical trunks – work with your PBX provider/maintainer.

3. After a TDoS Event
a) File a complaint with the Internet Crime Complaint Center – co-sponsored by the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). Include the keywords TDoS, PSAP, and Public Safety in the description of the incident.
b) File a report with your local police department or sheriff’s office.
c) Consolidate call logs and IP logs; mark for long-term retention.

TDoS attacks are serious business. Lives hang in the balance as phone lines are choked by spam calls. Every PSAP needs to start taking action to combat these attacks. The best course of action is to upgrade to NG9-1-1 compatible technology as soon as possible.

To make the transition easier, Versadial has committed to staying current with the latest NG9-1-1 developments. We offer a fully NG9-1-1 compatible recording solution that is adaptable to PSAP specific needs and affordably priced. Give us a call today.

Last Updated on March 13, 2020