Tying Up Phone Lines as a Cyberattack Tactic

There's a service that can be hired to tie up target phone lines indefinitely. The article talks about how this can be used as a diversionary tactic to mask a cyberattack, but that seems a bit odd to me. I'd be more concerned about how this sort of thing could be used to disrupt the operations of a political candidate on the eve of an election.

Posted on December 29, 2011 at 1:58 PM • 20 Comments

Comments

kurt wismerDecember 29, 2011 2:18 PM

perhaps it would be best not to think of it as a diversion, so much as a way of interrupting the communication channel between the victim and their bank.

Fred PDecember 29, 2011 2:44 PM

Election day is usually the best day to disrupt, as is shown in Kevin's example. That way, the campaign has problems reacting until it's too late - to long lines where their supporters are, alleged voting irregularities, insufficient rides for their supporters to polls, etc.

charlieDecember 29, 2011 3:06 PM

meh.

I've seen this a lot. You run a push poll on a senstivie issue. For example, if you are a R. Call voters in a particular city -- or run some radio spots -- say, you are from the DNC, and you are opposing a popular D position. Say "call the democratic party at xxx-xxxx" if you have questions at the end of the poll. Done properly you'l shut down the phone lines for several hours.

Practically, I doubt you'd accomplish much.

jacobDecember 29, 2011 3:09 PM

This could be used against physical security systems. They typically grab phone lines (unless cellular backup). Disable siren, no phone, take your time....Only neighbor businesses, witnesses would alert anyone. Of course covert cameras might help identify them, unless wearing masks. Security systems work all the time against the bad guys, right? Hurricane comes through, chainsaw the wall, cut phone lines, etc. Naw, never work..

Dan HugoDecember 29, 2011 9:26 PM

My DDoS more than 20 years ago...

Take your war dialer, modify it to dial the target phone number after a delay.
Have your war dialer dial, say, 1000 digital pagers. This puts the target number into circulation.
A startlingly-large percentage of people would dial that unknown number. 1000 pages usually meant about 4-5 days of busy signal...

RubenDecember 29, 2011 11:06 PM

@Dan Hugo

What is this "digital pager" you speak of? Some ancient device of bewitching, perhaps?

JonDecember 30, 2011 4:49 AM

@all of you: Yes, it is old hat. Yes, it has been done. The news is that it's been "monetized" and provided as a service for hire.

For a good time call 8675309...

J.

Dom De VittoDecember 30, 2011 4:59 AM

Better yet, just hack the phone system (remotely or locally in the street) to play calls a message "Due to unprecedented number of calls we are unable to answer at the moment. C. Andidate's apologies for any sexual behaviour with cats he may or may not have had in the past year. Goodbye."
That should hit the news pretty quickly.

MKUltra'd COINTELPRO'd mailmen, milkmen, and YOUR NEW FRIENDS!December 30, 2011 5:46 AM

This is much, MUCH more interesting:

Security Research by Dan Rosenberg

- http://vulnfactory.org/research/

Remote Kernel Exploitation

After studying every public example of remote kernel exploitation, I developed a fully working exploit for a remote kernel stack overflow in the Linux kernel's implementation of the ROSE amateur radio protocol. The exploit installs a kernel backdoor in the victim host, allowing the attacker to send and trigger arbitrary userland payloads at will. The exploit targets 32-bit PAE kernels, requiring the use of return-oriented programming (ROP) in kernel mode.

October 2011 - H2HC
[event]: http://www.h2hc.org.br/

August 2011 - Defcon
[event]: http://www.defcon.org/
[slides]: http://vulnfactory.org/research/defcon-remote.pdf
[code]: https://github.com/djrbliss/rose-exploit

==

https://github.com/djrbliss/rose-exploit

- ROSE remote kernel exploit
- by Dan Rosenberg (@djrbliss)

This is an exploit for CVE-2011-1493, a remote stack overflow in the Linux implementation of the ROSE amateur radio protocol. THIS IS PROOF OF CONCEPT. It should work very reliably on the kernel I tested (Ubuntu Server 10.04), but I make no promises about other kernels. Obviously, any hard-coded addresses and offsets (in payload.h) must be adjusted for the targeted kernel.

ScottDecember 30, 2011 3:12 PM

BTDT - programmed a bunch of student-government-office modems to tie up the state legislature's phone lines on the eve of a scammy tuition hike way back when...

meDecember 31, 2011 8:46 AM

"They typically grab phone lines (unless cellular backup). Disable siren, no phone, take your time....Only neighbor businesses, witnesses would alert anyone. Of course covert cameras might help identify them..."

Except that some physical-security that runs a siren, and runs entry/exit updates, also runs the cameras that are monitoring an area. And most are not going to tie their phones for internal comm to such a network. Well, I hope they aren't anyway.

(will sit right here until I am told otherwise...or a cupcake calls my name...whichever comes first )


John David GaltDecember 31, 2011 1:19 PM

I would love to see this form of "attack" used to shut down all phone spammers, including those of political groups and charities which are exempt from the "Do Not Call List" (not that that list is ever enforced on anyone anyway).

As far as disrupting a campaign, it would probably be much more effective just to set up a machine to make lots of annoying robo-calls which appear to come from your opponent(s), preferably from behind a PBX so that you can fake Caller ID and ANI to your heart's content.

BradJanuary 1, 2012 1:23 PM

I had this concern as an intern for a candidate in 2008. I raised the issue with the campaign and found that they weren't concerned. At the time only half of the phone lines in use were campaign-owned landlines; all the rest were personal cell phones using either donated minutes or on campaign-reimbursed plans. I would imagine that even fewer lines are campaign-owned (ie published numbers). So yes it is a real issue, but there is a fairly simple workaround (setting aside interruptions in cell services).

phred14January 3, 2012 12:32 PM

What we're really talking about here is a DOS or DDOS attack. Now let's apply the car analogy.

For a DOS attack on roads, pick a road, and have N cars park in-lane, where N=number of lanes. For a DDOS attack, have multiple instances of this. If you're particularly clever about it, figure the right pinch points to cause gridlock with this.

However behavior of this sort is already covered by traffic laws, and for very good reasons, passage of emergency and law enforcement vehicles being the first to come to mind.

We haven't yet recognized the internet as a specific resource that requires the same sorts of protection as a road, in spite of the fact that once upon a time we called it "the information superhighway."

jacobJanuary 4, 2012 8:41 AM

@me
"Except that some physical-security that runs a siren, and runs entry/exit updates, also runs the cameras that are monitoring an area. And most are not going to tie their phones for internal comm to such a network. Well, I hope they aren't anyway.

(will sit right here until I am told otherwise...or a cupcake calls my name...whichever comes first )"

No usually they are different. I was speaking of the usual physical security system. Think ADT.

A security management system which would typically include access control, CCTV, and security are entirely different animals. They usually run on a network and could notify on email, or even the IPAD nowadays. Power backup, comms would be different requirements. The camera I was speaking of was a covert camera that would help the cops identify the little twerps. Unless they wear a mask....Security is neverending what ifs.

If you are trying to defeat Tom Cruise a simple phone line won't work..unless you Brooke Shields Now go have your cupcake.....

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..