TDOS : Denial of Service attack on a phone line

Ringing phoneYou are working on the report expected by your boss for yesterday or you are taking care of your cows in farmville, and then the phone start ringing. When you pick up, you get the vocal server of an escort service or the cacophony of the amazon jungle. You hang-up and seconds later it starts over and over.

At a certain point, you do what anyone else would do: You hit Do Not Disturb or keep the line Busy. You get back to your activities hoping that the issue will be fixed soon enough.

Most people will put that on the account of children games or the telephone company. Little do you know that this can be the last innovation in cyber-crime.

The scheme is very close to the server denial of service attack and is called Telephony Denial of Service (TDOS), and uses autodialing technology with multiple VoIP accounts to flood a telephone line with thousands of calls.

The design of these cyber-criminals is to keep your line busy and make it unreachable. In most cases, the final goal is to empty your bank account.  The attacks on your phone line are in fact a decoy while bank accounts or other money management are being accessed to transfer funds out of it. After gaining access to your basic personal information, criminals will try to modify the victim’s account information and accreditations. The parallel TDOS attack will stop the bank from reaching you to confirm the transactions.

Another application of these attacks is “simply” to paralyze a corporation by flooding all their sales or support lines.

With the increasing use of VoIP technology, it is even easier for criminals to create several SIP accounts or hack into existing ones. This faces telephony operators with a strong challenge to protect their subscribers from these attacks and avoid the misuse of their infrastructure.