Telephony Denial of Service Attacks Can Disrupt Emergency Call Center Operations

The Federal Bureau of Investigation is issuing this announcement to provide public steps to help mitigate the impact of Telephony Denial of Service (TDoS) attacks. TDoS attacks affect the availability and readiness of call centers.

What is A TDoS Attack?

A TDoS attack is an attempt to make a telephone system unavailable to the intended user(s) by preventing incoming and/or outgoing calls. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service. The resulting increase in time for emergency services to respond may have dire consequences, including loss of life.

TDoS Attacks at Critical Call Centers

Public Safety Answering Points (PSAPs) are call centers responsible for connecting callers to emergency services, such as police, firefighting, or ambulance services. PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public.

TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves in the event that 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area.

Types of TDoS Attacks

TDoS attacks have evolved from manual to automated. Manual TDoS attacks use social networks to encourage individuals to flood a particular number with a calling campaign.

An automated TDoS attack uses software applications to make tens or hundreds of calls, simultaneously or in rapid succession, to include Voice Over Internet Protocol (VOIP) and Session Initiation Protocol (SIP). Numbers and call attributes can be easily spoofed, making it difficult to differentiate legitimate calls from malicious ones.1

TDoS Actors’ Motives

TDoS attacks can be rooted in hacktivism, financial gain or harassment.

Hacktivists might use computer network exploitation to advance their political or social causes.

Malicious actors may initiate a TDoS attack in order to extort municipalities for financial gain.

Malicious actors may also use TDoS attacks to harass call centers and distract operators, regardless of harmful effects. These attacks may be accompanied by messaging on social media platforms in order to increase the severity.

How to Prepare for a 911 Outage

• Before there is an emergency, contact your local emergency services authorities for information on how to request service in the event of a 911 outage. Find out if text-to-911 is available in your area.
• Have non-emergency contact numbers for fire, rescue, and law enforcement readily available in the event of a 911 outage.
• Sign up for automated notifications from your locality if available to be informed of emergency situations in your area via text, phone call, or email.
• Identify websites and follow social media for emergency responders in your area for awareness of emergency situations.

Contact your local law enforcement agency or FBI office if you have information about a TDoS attack (contact information can be found at https://www.fbi.gov/contact-us/field-offices). Document as many details as you can, to include numbers used.

File a complaint with the Internet Crime Complaint Center (www.ic3.gov). When filing a complaint, be sure to use the key words TDOS, PSAP, and Public Safety in the incident description.

If you believe you are the victim of an Internet scam or cyber crime, or if you want to report suspicious activity, please visit the FBI’s Internet Crime Complaint Center at www.ic3.gov.

1. SIP is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications. VOIP is a technology that allows voice calls to be made using broadband Internet. ↩