Schneier on Security
A blog covering security and security technology.
« Hacking Marconi's Wireless in 1903 |
| Studying Airport Security »
December 29, 2011
Tying Up Phone Lines as a Cyberattack Tactic
There's a service that can be hired to tie up target phone lines indefinitely. The article talks about how this can be used as a diversionary tactic to mask a cyberattack, but that seems a bit odd to me. I'd be more concerned about how this sort of thing could be used to disrupt the operations of a political candidate on the eve of an election.
Posted on December 29, 2011 at 1:58 PM
• 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Been done, in New Hampshire. Several people went to jail for it (max sentence was 10 months jail, 2 years probabation, $10,000 fine). Pled guilty to Conspiracy to engage in interstate telephone communications with the intent to annoy or harass.
perhaps it would be best not to think of it as a diversion, so much as a way of interrupting the communication channel between the victim and their bank.
Election day is usually the best day to disrupt, as is shown in Kevin's example. That way, the campaign has problems reacting until it's too late - to long lines where their supporters are, alleged voting irregularities, insufficient rides for their supporters to polls, etc.
I've seen this a lot. You run a push poll on a senstivie issue. For example, if you are a R. Call voters in a particular city -- or run some radio spots -- say, you are from the DNC, and you are opposing a popular D position. Say "call the democratic party at xxx-xxxx" if you have questions at the end of the poll. Done properly you'l shut down the phone lines for several hours.
Practically, I doubt you'd accomplish much.
This could be used against physical security systems. They typically grab phone lines (unless cellular backup). Disable siren, no phone, take your time....Only neighbor businesses, witnesses would alert anyone. Of course covert cameras might help identify them, unless wearing masks. Security systems work all the time against the bad guys, right? Hurricane comes through, chainsaw the wall, cut phone lines, etc. Naw, never work..
You don't have to pay anyone if you have a radio or TV show: just broadcast the number you want buried and let your flying monkeys do the rest.
My DDoS more than 20 years ago...
Take your war dialer, modify it to dial the target phone number after a delay.
Have your war dialer dial, say, 1000 digital pagers. This puts the target number into circulation.
A startlingly-large percentage of people would dial that unknown number. 1000 pages usually meant about 4-5 days of busy signal...
What is this "digital pager" you speak of? Some ancient device of bewitching, perhaps?
@all of you: Yes, it is old hat. Yes, it has been done. The news is that it's been "monetized" and provided as a service for hire.
For a good time call 8675309...
Better yet, just hack the phone system (remotely or locally in the street) to play calls a message "Due to unprecedented number of calls we are unable to answer at the moment. C. Andidate's apologies for any sexual behaviour with cats he may or may not have had in the past year. Goodbye."
That should hit the news pretty quickly.
This is much, MUCH more interesting:
Security Research by Dan Rosenberg
Remote Kernel Exploitation
After studying every public example of remote kernel exploitation, I developed a fully working exploit for a remote kernel stack overflow in the Linux kernel's implementation of the ROSE amateur radio protocol. The exploit installs a kernel backdoor in the victim host, allowing the attacker to send and trigger arbitrary userland payloads at will. The exploit targets 32-bit PAE kernels, requiring the use of return-oriented programming (ROP) in kernel mode.
October 2011 - H2HC
August 2011 - Defcon
- ROSE remote kernel exploit
- by Dan Rosenberg (@djrbliss)
This is an exploit for CVE-2011-1493, a remote stack overflow in the Linux implementation of the ROSE amateur radio protocol. THIS IS PROOF OF CONCEPT. It should work very reliably on the kernel I tested (Ubuntu Server 10.04), but I make no promises about other kernels. Obviously, any hard-coded addresses and offsets (in payload.h) must be adjusted for the targeted kernel.
BTDT - programmed a bunch of student-government-office modems to tie up the state legislature's phone lines on the eve of a scammy tuition hike way back when...
Election day? I'm more interested in how this sort of thing could be used to disrupt the operations of a political candidate during my dinner.
"They typically grab phone lines (unless cellular backup). Disable siren, no phone, take your time....Only neighbor businesses, witnesses would alert anyone. Of course covert cameras might help identify them..."
Except that some physical-security that runs a siren, and runs entry/exit updates, also runs the cameras that are monitoring an area. And most are not going to tie their phones for internal comm to such a network. Well, I hope they aren't anyway.
(will sit right here until I am told otherwise...or a cupcake calls my name...whichever comes first )
I would love to see this form of "attack" used to shut down all phone spammers, including those of political groups and charities which are exempt from the "Do Not Call List" (not that that list is ever enforced on anyone anyway).
As far as disrupting a campaign, it would probably be much more effective just to set up a machine to make lots of annoying robo-calls which appear to come from your opponent(s), preferably from behind a PBX so that you can fake Caller ID and ANI to your heart's content.
I had this concern as an intern for a candidate in 2008. I raised the issue with the campaign and found that they weren't concerned. At the time only half of the phone lines in use were campaign-owned landlines; all the rest were personal cell phones using either donated minutes or on campaign-reimbursed plans. I would imagine that even fewer lines are campaign-owned (ie published numbers). So yes it is a real issue, but there is a fairly simple workaround (setting aside interruptions in cell services).
What we're really talking about here is a DOS or DDOS attack. Now let's apply the car analogy.
For a DOS attack on roads, pick a road, and have N cars park in-lane, where N=number of lanes. For a DDOS attack, have multiple instances of this. If you're particularly clever about it, figure the right pinch points to cause gridlock with this.
However behavior of this sort is already covered by traffic laws, and for very good reasons, passage of emergency and law enforcement vehicles being the first to come to mind.
We haven't yet recognized the internet as a specific resource that requires the same sorts of protection as a road, in spite of the fact that once upon a time we called it "the information superhighway."
"Except that some physical-security that runs a siren, and runs entry/exit updates, also runs the cameras that are monitoring an area. And most are not going to tie their phones for internal comm to such a network. Well, I hope they aren't anyway.
(will sit right here until I am told otherwise...or a cupcake calls my name...whichever comes first )"
No usually they are different. I was speaking of the usual physical security system. Think ADT.
A security management system which would typically include access control, CCTV, and security are entirely different animals. They usually run on a network and could notify on email, or even the IPAD nowadays. Power backup, comms would be different requirements. The camera I was speaking of was a covert camera that would help the cops identify the little twerps. Unless they wear a mask....Security is neverending what ifs.
If you are trying to defeat Tom Cruise a simple phone line won't work..unless you Brooke Shields Now go have your cupcake.....
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.