The Hacking Exposed: Unified Communications and VoIP book is finally done!!! The new revision is a great improvement and covers the primary issues that are effecting enterprise Unified Communiciation (UC) and VoIP networks.
The writing has actually been done for a few weeks and the book will be printed, bound, and available around the end of the month. You can get it off of Amazon at:
In my Hacking Exposed: UC and VoIP book, I described a process for using Asterisk and a call generator along with SIP-based access to the voice network to launch TDoS attacks. This process is pretty easy to do, but not yet at the "script kiddie" level. It is certainly effective, but takes a little know-how.
The tool that Dancho describes is apparently much more turnkey. It is ready to go and appears to have preconfigured means to send calls into the network (Skype, vulnerable SIP servers, etc.), so it could pretty much be used by anyone. The tool also comes preconfigured with cellular access so it is more anonymous (although you can also easily get public wifi access on just about any street corner). The tool is also multi-threaded, which I assume means it can generate more concurrent calls through multiple origination points.
Many of the recent TDoS attacks are targeting a very small or even a single critical phone number, such as a hospital emergency room or ICU. Many of these attacks use cheap manual labor to generate the calls. The tool described above could easily be used for this same purpose, enabling many simultaneous attacks against many targets. If it can generate 100 concurrent calls, it could be used to attack up to 100 targets at a time. That is a much better model than hiring 100 people to be on the phone.
A sheriff's office was affected by a Telephony Denial of Service (TDoS) attack and force them to voluntarily take their primary number out of service. For more information, see the article below. If I get more details I will post them.
The Communications Fraud Control Association (CFCA) release their 2013 global fraud report. They state that there is $4.3 billion of global fraud, up 15% from 2011. It is a great report and resource. You can get the report from (you do have to register):
We reached a milestone on the writing for our Hacking Exposed: VoIP and UC book. All the core material is written! We are reviewing final page proofs on about half of the book (17 chapters) and have some review and edit work ahead on the remaining chapters, but we are getting very close! Thank goodness :)
This book has refreshed chapters on the gathering information phase, network attacks, and SIP/RTP attacks. With new chapters on topics such as toll fraud, calling number spoofing, harassing calls, Telephony Denial of Service (TDoS), call pumping, voice spam, voice phishing, social engineering, and emerging technologies.
There has been quite a bit of press about a voice phishing/vishing scheme in the UK that has netted the crooks some $7,000,000 pounds. Whether this is one attack or several isn't clear, but it should be no surprise that attackers to use robocalls and then "vish" information out of individuals, is a very effective attack.
The attacker uses robocalls to call and leave messages on landlines, smart phones, and enterprise desk sets. The attacker simply picks numbers and leaves a message from a well-known financial enterprise, such as a top 5 bank. Odds are that if they call 10,000 numbers, a good percentage of the targets will just happen to work with that bank. While people have grown distrustful of phishing email, they tend to trust voice calls a little ore.
Individuals call back, usually to a 1-800 number, with an IVR that requests some sort of personal information, such as a credit card and PIN. Once the attacker has that information, they are good to go.
Here are a couple of links. You can find quite a few more.
J. Oquendo has created the "VoIP Abuse Project" or "VoIP Blacklist Project" designed to detect and block VoIP providers who are the sources of many of the attacks we are seeing, which can include toll fraud, robocalls (voice SPAM, voice phishing, vishing), Telephony Denial of Service (TDoS). Check out the links below:
The FTC just fined and won a judgement against a group of companies who have been generating robocalls and voice SPAM, as part of a scam to defraud consumers. While a lot of the reason was due to the SCAM, it is also an additional indicator that the FTC is serious about dealing with the robocall issue. I would expect to see more fines and judgements, although there is no way it will stop the robocall issue. It might slow down "legitimate" and reachable companies, but not the hackers.
I just finished a chapter in my upcoming book, Hacking Exposed: VoIP and UC on Social Engineering and Voice Phishing. The attacks are focused around gathering Personal Information (PI) and using it to enact illicit financial transactions. I will provide a more detailed post in the future. In the meantime here is a recent article on the subject. I will also be adding a bunch of articles to my list on this topic:
The Los Angeles (LA) Times ran a story on Telephony Denial of Service (TDoS) attacks. This is one of the first examples of this issue being covered in the mainstream media, outside the IT-specific media. SecureLogix contributed information for this article and it was our firewall that was used to mitigate the attacks. If anyone would like more information, drop me a note:
There has been a lot of press about recent Telephony Denial of Service (TDoS) attacks and the payday loan scam. The FBI issued a warning back in January and since then, there has been a ton of press and articles on the attack (see links in previous posts):
Here is some info on the scam that I have assembled from customers seeing the attack, prospective customers we have had discussions with, and service providers having to deal with the attack. The attackers call a number and state that the callee or other individual owes money on a "pay day" loan. If they don't pay, their number will be overwhelmed with calls - a TDoS attack
The attack seems to have originated with the attackers gaining access to a list of individuals and numbers who have had pay day loans. This makes some sense - these individuals may owe and could be likely to fall for the scam and pay. The attack is affecting Intensive Care Units (ICUs), other emergency facilities at hospitals, Public Service Answering Point (PSAP) adminsitrative lines, and other critical services. It isn't clear to me if these targets just happen to have numbers on the list or much more likely, the attacker has expanded their attack and targets to victims equally likely to pay.
I have heard that so far, as much as $4,000,000 has been paid as part of this scam!!! One individual has been the victim of multiple attacks and paid $60,000 to date!!! I would not have predicted that this many individuals and enterprises would pay, but apparently they have. This number may be quite a bit higher - certainly not all victims will have reported the issue.
This shows a way for attackers to make money off of TDoS. One usually thinks of DoS, DDoS, and TDoS as occurring simply for disruption or as a cover for other attacks. In this case, someone is directly making money off of it, so we will certainly see more.
The attacker requests that the victim load funds onto pre-paid VISA debit cards. The attacker then uses funds on the cards at their leisure.
Those who report being attacked have complained about a persistent flood of calls, that overwhelm their numbers or even their entire voice system. Some victims have obviously went ahead and paid the extortion, but that is the worst thing you can do. There is no assurance that the attack will stop and there is a good chance it will just continue or get worse, because the attacker now knows that they have a gullible victim. You will be much wiser to look for a means to mitigate the attack, such as voice firewall/IPS solutions from SecureLogix, which work for SIP and TDM networks. You can also try to ride the attack out.