“Information received from multiple jurisdictions indicates the possibility of attacks targeting the telephone systems of public sector entities,” according to a confidential alert jointly issued by DHS and the Federal Bureau of Investigation in mid-March. “Dozens of such attacks have targeted the administrative PSAP lines (not the 911 emergency line). The perpetrators of the attack have launched high volume of calls against the target network, tying up the system from receiving legitimate calls.”
The DHS-FBI alert appeared Monday on the website of cybersecurity blogger Brian Krebs. But a March 23 “InfoGram” from the EMR-ISAC said the attacks had grown, hitting “over 200 Public Safety Answering Points ... around the country.”
Authorities have not yet identified the type of attack. While it’s theoretically possible to organize an all-human calling campaign against the emergency call centers, these attacks appear likely to be computer-generated via Internet-connected voice services, cybersecurity experts say.
The TDoS attacks are part of an extortion scheme, federal authorities say. It begins with a phone call to a call center from an individual claiming to represent a collections company for payday loans. The caller “usually has a strong accent of some sort and asks to speak with a current or former employee concerning an outstanding debt,” the March alert said. The person with the accent demands payment of $5,000 from the call center because of default by the employee, who either no longer works at the PSAP or never did, authorities say.