911 Systems at Risk for TDoS Attack Takedown

There is growing concern about the potential for cyber criminals to launch distributed denial of service attacks (DDoS) on critical infrastructure, such as water or electric utility systems, which are now largely connected to, if not reliant upon, the Internet. This includes telephone systems, which are also completely dependent on the Internet and therefore equally vulnerable.

Last week researchers from Ben Gurion University in Israel say that they have found a way to disable the emergency system across an entire state for an extended period using a telephony denial-of-service (TDoS) attack targeting 911 call centers. The alarming conclusion is that attackers could take over thousands of smartphones to form a zombie army of botnets that would automatically dial repeated calls to a 911 system. The phone owner would be completely unaware that his or her phone had been “taken over” to as part of a botnet army, and participating in the attack. According to a Computerworld article, the researchers found that

“…it would take less than 6,000 “bots (or $100K hardware)” for attackers to “block emergency services in an entire state (e.g., North Carolina) for days… 50,000 infected smartphones could prevent 90% of all North Carolina wireless 911 callers from reaching an emergency call taker. If 200,000 smartphones were infected by attackers, then the resulting TDoS attack could ‘jeopardize’ 911 services across America.”

Impacts of 911 Latency or Outages

United States got a taste of what the impact of a 911 system outage would look like 15 years ago, on September 11, 2001. During and after the terror attacks, the 911 phone system became overwhelmed because it was not designed to handle that volume of calls. Similarly, even standard telephone networks experienced latency and outages during this critical time for communication; people up and down the East Coast had trouble making phone calls to anyone at all in the immediate aftermath of the attacks.

According to report on securityinsights.org;

“9-1-1 networks carry only voice and very limited data, so PSAPs [Public Safety Answering Points] have focused largely on preventing Telephony Denial-of-Service attacks. Advancements in Next Generation IP-based systems and emerging mobile technologies increase the threat of infiltration and exploitation of emergency communications systems. Next Generation 9-1-1 (NG911) systems will be a “network of networks” providing connectivity between PSAPs regionally and nationally. As these systems become connected to the Internet, public safety communications will be increasingly vulnerable to the same threats as other IP networks.”

How to Protect a 911 System

The future generation of the 911 emergency response system will become a fully digital, IP-based, network capable of multi-media distribution, creating an even greater and more susceptible attack landscape. In turn, PSAPs must re-think their approach to real-time and automated attack mitigation. They must address not only on the large, Internet link saturating attacks, but also the small, low-volume attacks targeting the network.

Investing in automated, inline DDoS protection hardware is the most effective way to defeat DDoS before it impacts network availability. Real-time detection and mitigation removes both volumetric attacks and the low and slow application layer attack attempts.

For more information, contact us.