You may have heard of DDoS attacks -- hacking attempts that flood a Web server with dummy traffic in an effort to slow it down or make it crash. But these days there's another kind of denial-of-service attack that's becoming increasingly popular: the TDoS attack.
TDoS stands for "telephony denial of service," and it differs from the venerable DDoS in one key respect: It disrupts phone calls instead of Internet traffic.
In recent weeks, the Department of Homeland Security has gotten a number of reports of spammers calling first-responders on administrative, non-emergency lines. The callers, who usually speak with "a strong accent of some sort," open by asking the emergency dispatchers for repayment of a nonexistent debt (up to $5,000). When they don't get what they want, the spammers clog up the phone lines with bogus calls that prevent legitimate calls from coming or going. The surge can last for hours at a time, according to a warning notice DHS recently sent to government agencies, and the incident has been known to recur weeks or even months after the initial attack. In some cases, the volume of the hack has been so heavy as to activate backup phone systems. Dispatchers at 911 centers aren't the only targets; businesses, hospitals, and ambulance services have also been subject to the hack, according to DHS.
TDoS attacks are growing more common thanks in part to computer-based technologies that make it cheap and easy to create untraceable spam. Using services that let you disguise one phone number with another, it's possible to set up a cascading network of "phones" that dials the same line over and over.
"You could open 100 phone lines at the same time and have them place phone calls in intervals" every half-second, said Richard Henderson, a security analyst at FortiGuard.
A report from experts at SecureLogix last month found "massive" and "substantial" increases in phone-related scams and denial-of-service attacks in 2012, partly as a result of these services.
So far, nobody's tried hacking an actual 911 line. But, said Henderson, it could happen -- particularly as more of the country's network operators retire the old copper phone infrastructure in favor of fiberoptic cables that carry calls using Internet protocol. When the so-called "IP transition" is completed in 2018, the fiber-based infrastructure will become vulnerable to both TDoS attacks and the more-familiar, Web-based DDoS hacks, he said.