This post is also available in: עברית (Hebrew)
Securing telephone communication is on the agenda of the US Department of Homeland Security’s (DHS) Science and Technology Directorate (S&T). The organization is “working to make sure telephony denial of service (TDoS) attacks cannot disrupt critical phone systems,” TDoS Program Manager Daniel Massey said in an announcement recently quoted on hstoday.us.
The announcement stated, “A TDoS attack can be an ‘old-school’ attack, in which the victim is flooded with calls from a group of people using mobile or landline phones. These type of attacks often are coordinated through social networking. This TDoS attack approach most often is used to harass a victim or disrupt its operations. Imagine if your call to 911, your financial institution, a hospital or even your child’s school doesn’t get through. In a high-tech twist, attackers are using technology such as automated dialing software and compromised mobile phones to send thousands of automated calls to tie up a target’s phone system, rendering it unusable for incoming and outgoing calls. These attacks are relatively easy and inexpensive and can be launched from anywhere in the world. Victims range from government agencies to private companies and even individuals.”
To stop these insidious attacks, the Cyber Security Division of the DHS is funding two research projects designed to harden defenses against TDoS attacks. The first project addresses the growing attack sophistication, frequency, call volume and complexity of call-number spoofing, Massey said.
“A person calls a company claiming to be a debt collector seeking repayment of a past-due loan. The caller threatens to lock up the company’s phone lines with repeated calls unless immediate payment is received. Sometimes the threat prompts victims to pay because they are either unsure whether they owe the money the attackers demand or they want to avert public embarrassment to the company’s image. If the payment is not provided, the attack is launched. The ensuing steady stream of calls can last several hours, stop for a while and then resume. Some attacks have continued over an extended period of weeks or even months.”
But not all TDoS attacks seek a payment. For instance, last October an Arizona teenager was charged with sending thousands of calls to 911 emergency call centers and law enforcement agencies in multiple states. The teen had exploited a flaw in a leading mobile operating system to initiate the TDoS attack through cell phones.
Led by SecureLogix, a VoIP security specialist firm, the team is developing a prototype solution for complex TDoS attacks. That score will help distinguish legitimate from malicious calls and help mitigate an influx of malicious calls by terminating or redirecting them to a lower priority queue, to a partner service that could manage the calls or to an additional service that could verify each call’s legitimacy.
The prototype that’s been designed is based on an existing voice-security solution which provides a base to build upon so it can be deployed in complex voice networks. It also has an integrated business rules management system and machine-learning engine that can be extended easily with limited software modifications.
SecureLogix will deploy the prototype at a customer location, within the cloud, and at a service provider network, and is also working with multiple pilot partners including a 911 emergency call center, other emergency responders and large financial organizations, to deploy and validate the prototype in operational practice.
The second project is being led by a research team at the University of Houston to address the vulnerability of Emergency 911 and Next-Generation (NG) 911 systems to these attacks. S&T’s announcement said: “The team has assessed and modeled threats to the emergency response and public-safety communication network and is developing an integrated defense mechanism that is cost-effective, easy-to-manage, TDoS-defense capable and customizable for the unique characteristics of varying 911 infrastructures.”
The platform monitors each incoming calls signaling messages, metadata and voice contents to determine if it is suspicious, and then prioritizes the call according to an analysis of its content and audio to ensure real emergency calls are routed to 911 operators for immediate action.