There is a kind of hacking attack which targets VoIP services – similar to DDoS attacks – and is getting the attention of law enforcement.
Hospitals, 911 call centers and other organizations which take emergency calls are most at risk, news reports said.
The Los Angeles Times reports that criminals threaten to overload communications unless they get money. Among the communication services at risk for being overloaded are those that serve the public.
They are similar to Distributed Denials of Service (DDoS), which are used globally against well-known Web targets. Such attacks force a site to go offline due to the volume of traffic aimed at a server.
Now, VoIP networks are targets of hackers, and phone networks go down. Emergency calls can’t get through. A hospital in San Diego was the victim of such an attack. The extortion method was first seen in 2010, news reports said.
The Internet Crime Complaint Center has gotten over 100 reports about telephone denial-of-service-type attacks.
The LA Times said victims paid $500 to $5,000 to stop the attacks, putting money on debit card accounts.
Among the other U.S. victims are: a nursing home in Wisconsin in November, a public safety agency and a manufacturer in Massachusetts in early 2013, a Louisiana emergency operations center in March, a Massachusetts medical center in April, and a Boston hospital in May, news reports said. Financial firms, schools, media companies, insurance companies and customer service call centers lost phone service due to these kinds of attacks, news reports add.
Frank Artes, chief technology architect at NSS Labs, told the LA Times, “I haven’t seen this escalated to national security level yet, but it could if an attack happens during a major disaster or someone expires due to an attack.”
Because of the threat, the Federal Communications Commission (FCC (News - Alert)) is collaborating with network operators, equipment makers and telecom businesses to see how to minimize the risk.
“One suggestion involves attaching a certificate or signature to outgoing calls that would have to be verified before it is connected. This could eliminate most fraudulent calls, but the FCC has acknowledged it is still a year or two away from becoming a reality,” according to a report from Business2Community.com.
Meanwhile, the U.S. Department of Homeland Security said it was working with "private and public sector partners to develop effective mitigation and security responses," the LA Times reports.
Also, a review of recent data shows DDoS attacks continue to be a big concern.
“It’s definitely on the rise,” Tom Bienkjowski, director of product marketing at Arbor Networks (News - Alert), said in a recent interview at the CTIA 2013 in Las Vegas with TMC CEO Rich Tehrani (News - Alert).
“If you look at some of our statistics … DDoS attacks have increased in size, frequency and complexity over the last 10 years or so,” he added. “I think it’s getting worse. The combination of volumetric attacks and application layer attacks being done simultaneously against an organization really requires it – an enterprise organization – to rely upon their carrier for in-cloud DDOS protection from the large attacks.”
Edited by Rory J. Thompson