Our Guest Blog today comes from Demetrius Turner, the self-proclaimed king of billiards in Nashville, TN. Through helping out with his brother’s small business ventures, and being a techie, Demetrius has become an expert on cloud computing and frequently writes on behalf of WhichVoIP.com. When he is not sinking shots and calling pockets, Demetrius can usually be found reading various tech and business blogs at his laptop.
When a website gets bombarded with traffic the common occurrence is that said site crashes, thus preventing any access. When orchestrated by an individual with malicious intentions, this is referred to as a denial-of-service, or DoS, attack. A DoS attack is defined as “an attempt to make a machine or network resource unavailable to its intended users.”
Since the Internet was first introduced, hackers have been using DoS methods as a means of exploiting the Internet’s pitfalls. Frustrating? Yes. An inconvenience? Certainly. Possible terrorist attack? Unlikely.
With regards to DoS attacks against specific web pages, it is unlikely that the average hacker could truly pose any threat to our national security. Primarily due to the fact that most sites containing sensitive/classified information or content related to homeland security have entire teams of techies whose sole job it is to protect against attacks.
Thanks to Internet security devices such as Firewalls and Switches, a DoS attack targeted at a website has little potential for producing a threat on a national scale. However, there is a burgeoning industry that has opened a new avenue for scammers and hackers to take their skills to the next level. You guessed it people, VoIP.
Seeing as VoIP services operate in the same manner as webpages do – by way of an IP address connected to a network – they too are subject to DoS attacks. Unlike site targeted DoS attacks though, prevention of these telephony denial-of-service (TDoS) attacks as they’re referred to can prove to be quite difficult.
As of lately the majority of TDoS attacks have been conducted by sleezy VoIP hackers and scammers looking to exploit some dweeb out of their money. According to the Federal Bureau of Investigation, examples of TDoS scams include:
- A scammer contacts the victim's banker or broker, impersonating the victim to request a funds transfer. The banker's attempt to contact the victim for verification of the transfer fails as the victim's telephone lines are being flooded with thousands of bogus calls, rendering the victim unreachable
- A scammer contacts consumers with a bogus debt collection demand and threatens to send police; when the victim balks, the scammer floods local police numbers with calls on which caller ID is spoofed to display the victims number. Police soon arrive at the victim's residence attempting to find the origin of the calls.
As unfortunate as these occurrences are for the victims, these are not the TDoS attacks that is causing the FBI and Homeland Security to sweat. Yes we can all agree that scammers are annoying pests that only make our lives harder, however the real threat lies in the hands of malicious hackers or terrorists who could use VoIP as a means of disrupting our nation’s infrastructure. But how? You may ask. Just ask the San Diego hospital that was targeted this past March.
In an article written by Paresh Dave from the LA Times, Dave describes the puzzling events of a potentially fatal TDoS attack.
“The demand stunned the hospital employee. She had picked up the emergency room's phone line, expecting to hear a dispatcher or a doctor. But instead, an unfamiliar male greeted her by name and then threatened to paralyze the hospital's phone service if she didn't pay him hundreds of dollars. Shortly after the worker hung up on the caller, the ER's six phone lines went dead. For nearly two days in March, ambulances and patients' families calling the San Diego hospital heard nothing but busy signals. The hospital had become a victim of an extortionist who, probably using not much more than a laptop and cheap software, had single-handedly generated enough calls to tie up the lines.” – Paresh Dave
Luckily there were no serious effects that came from this VoIP hacker attack which only inconvenienced the hospital for a couple days. However, the event itself is still quite frightening in the fact that it serves as somewhat of a warning about the potential ramifications that could come from a full blown national DoS attack.
Imagine not being able to contact emergency services in the case of a major disaster, such as a large earthquake or even a terrorist attack. A strategically timed DoS attack could truly cripple our nation’s infrastructure. Quite a scary thought if you ask me.
Although no such even has occurred just yet, federal officials and security industry experts are not taking any chances. In fact many agencies have been working diligently with telecommunication providers toward developing the best method for preventing VoIP hacker based DoS attacks.
In addition to the San Diego hospital, there are a number of related incidents that have included attacks on Wall Street firms, insurance companies, schools and media networks.