The DHS Science and Technology Directorate (S&T) is working to make sure TDoS attacks cannot disrupt critical phone systems including emergency calls to public-safety answering points (PSAPs) through two research projects.Kansas Deploys Statewide ESInet with AT&T
Motorola Invests in RapidSOS, Announces 9-1-1 Location Solution
Seattle Contracts Federal Engineering for Consulting Services
9-1-1 emergency call centers, financial services companies and a host of other critical service providers and essential organizations have been victims of telephony denial of service (TDoS) attacks. These attacks are a type of denial of service (DoS) attack in which a voice service is flooded with so many malicious calls valid callers can’t get through.
Attackers are using technology such as automated dialing software, VoIP and compromised mobile phones to send thousands of automated calls to tie up a target’s phone system, rendering it unusable for legitimate incoming and outgoing calls. These attacks are relatively easy and inexpensive and can be launched from anywhere in the world. In many cases, the objective of the attacks is to extort money. Victims range from government agencies to private companies and even individuals.
Last October, an Arizona teenager was charged with sending thousands of calls to 9-1-1 call centers and law enforcement agencies in multiple states. The teen had exploited a flaw in a leading mobile operating system to initiate the TDoS attack through compromised cell phones.
To stop these insidious attacks, a DHS program is funding two research projects designed to harden defenses against TDoS attacks. The first project addresses the growing attack sophistication, frequency, call volume and complexity of call-number spoofing, said TDoS Program Manager Daniel Massey.
Led by SecureLogix, a VoIP security specialist, the team is developing a prototype solution for complex TDoS attacks that will use a multilevel filter approach to analyze and assign a threat score to each incoming call in real time. That score will help distinguish legitimate from malicious calls and help mitigate an influx of malicious calls by terminating or redirecting them to a lower priority queue, to a partner service that could manage the calls or to an additional service that could verify each call’s legitimacy.
The prototype is based on an existing voice-security solution, which provides a base to build on so it can be deployed in complex voice networks. It also has an integrated business rules management system and machine-learning engine that can be extended easily with limited software modifications.
SecureLogix will deploy the prototype at a customer location, within the cloud and at a service provider network. The company also is working with multiple pilot partners including a PSAP, other emergency responders and large financial organizations, to deploy and validate the prototype in operational practice.
In the second project, a research team led by the University of Houston is addressing the vulnerability of 9-1-1 and next-generation 9-1-1 (NG 9-1-1) systems to TDoS, distributed denial of service (DDoS) and robocall attacks, all of which pose significant threats to public safety.
The research team includes SecureLogix, FirstWatch, the Industry Council for Emergency Response Technologies (iCERT) and cybersecurity analysts who specialize in penetration tests of telephony systems.
The team has assessed and modeled threats to the emergency response and public-safety communications network posed by DoS attacks. It is developing an integrated defense mechanism that is cost effective, easy to manage, TDoS-defense capable and customizable for the unique characteristics of varying 9-1-1 infrastructures.
The platform monitors each incoming call’s signaling messages, metadata and voice contents to determine if it is suspicious. It then prioritizes the call according to an analysis of its content and audio to ensure real emergency calls are routed to 9-1-1 operators for immediate action. Additionally, the team developed a novel approach to check for synthetic voice to identify and address potential TDoS calls generated by phone bots.