(U//FOUO) DHS-FBI-NCTC Bulletin: Extortion Schemes Use Telephony-Based Denial-of-Service Attacks

Roll Call Release

  • 1 page
  • For Official Use Only
  • February 6, 2014

Download

(U//FOUO) Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls. Recent examples include the following:

» (U//FOUO) According to DHS reporting, between 28 January and 3 March 2013, the public safety answering point for a south-central region sheriff’s office received a call demanding repayment of a loan for an unknown individual. A TDoS attack followed this request, disrupting the non-emergency business lines.

» (U) The US Coast Guard (USCG) in late May 2013 reported that an individual called a USCG cutter claiming to have a legal matter to discuss with a crewmember. The subsequent TDoS attack flooded the ship’s telephone network with several rounds of TDoS phone calls, completely disrupting phone service.

(U//FOUO) For more information on TDoS scams, please reference Homeland Security Note “(U//FOUO) Cyber Criminals Combine Tactics for Extortion;” this product is available by searching on HSIN Intel or CI Home at https://hsin.dhs.gov.

(U) What to do During a TDoS Event:

» (U) Do NOT make any payments, but DO record all phone numbers and payment instructions.
» (U) If practical, save the voice recordings of suspect calls—before, during, and after the TDoS events.
» (U) If the caller is demanding a payment, attempt to capture the following information: start and stop times of calls and number of calls per day; phone numbers and caller ID information; instructions regarding how to pay, such as account number or callback number.
» (U) Attempt to separate the affected phone number from other critical trunks.

Share this:

Facebooktwitterredditlinkedinmail