URGENT BULLETIN: Telephone Denial of Service Attacks Targeting PSAPs
APCO International, working together with the Department of Homeland Security- National Coordinating Center for Communications – Cybersecurity and Communications, the DHS- Office of Emergency Communications, and the FBI-National Cyber Investigative Joint Task Force is publishing the following bulletin for immediate dissemination to public safety answering points (PSAPs) and emergency communications centers and personnel.
Information received from multiple jurisdictions indicates the possibility of attacks targeting the telephone systems of public sector entities. At least two such attacks have targeted PSAPs within the past month. It is possible that as many as 50 such attacks have occurred targeting various businesses and public entities.
The perpetrators of the attack launched numerous phone calls against the target network, tying up the system from receiving legitimate calls. This type of attack is referred to as a TDoS or Telephony Denial of Service Attack.
These recent TDoS attacks are part of a blackmail scheme referred to as a payday loan scam. The perpetrator requests funds from the victim in order to make the calls stop. This scheme starts with a phone call to an organization from an individual claiming to represent a collections company for payday loans. The caller usually has a strong accent of some sort and asks to speak with a current or former employee concerning an outstanding debt.
Upon being told that person no longer is an employee or was never an employee, the caller either requests the funds be paid by the organization or they require that the organization have the former employee pay the debt back.
If those funds are not received, the caller launches a TDoS attack. The organization will be inundated with a continuous stream of calls for an unspecified, but lengthy period of time. The attack can prevent both incoming and/or outgoing calls from being completed. It is speculated that government offices/emergency services are being “targeted” because of the necessity of functional phone lines.
APCO International, in cooperation with DHS and FBI resources, is requesting information from agencies and organizations that have been attacked by a TDoS or have experienced other similar activities. Please report any suspected activity of this nature to APCO’s Director of Communications Center and 9-1-1 Services, Jay English, at: englishj@apcointl.org. The information received will be compiled and APCO will coordinate with the appropriate Federal authorities to assist agencies in preventing, or minimizing, such attacks .
APCO International recommends the following:
- Targeted organizations should not pay the blackmail.
- Contact your telephone service provider; they may be able to assist by blocking portions of the attack.
- A call back number to the “collections” company or requesting organization should be requested and logged. ANY information you can obtain about the caller, or his/her organization will be of tremendous assistance in this investigation and in preventing further attacks.
- Record and report the payment method and account numbers where the “collections” company requests the debt to be paid.
- Reporting any information you may have regarding previous or future attacks to APCO will ensure wider dissemination and pooling of resources.
What we know:
- The attacks resulted in enough volume to cause a roll over to the alternate facility.
- The attacks last for intermittent time periods over several hours. They may stop for several hours, then resume. At least one attack spanned a period of three days.
- The attacks followed a person with a heavy accent demanding payment of $5,000 from the company because of default by an employee who either no longer works at the PSAP or never did.
What we need from our members:
- Additional insight into the scope and impact of the event- specifically how many communications centers have been attacked is critical to identifying the true scope of this occurrence.
- In order to ensure situational awareness with our members and member agencies, it is critical that this information be disseminated to emergency communications centers, PSAP’s, government IT departments, and any related government agency with a vested interest in emergency communications continuity of operations.