Cyber Criminals Tying Up Emergency Phone Lines Through TDoS Attacks, DHS Warns

← Back to Stories (view on slashdot.org)

Cyber Criminals Tying Up Emergency Phone Lines Through TDoS Attacks, DHS Warns

Posted by Soulskill on Tuesday April 2, 2013 @09:22PM from the now-you're-just-being-jerks dept.

tsamsoniw writes "Emergency-service providers and other organizations are being targeted with TDoS (telephony denial of service) attacks, according to a security alert (PDF) from the Department of Homeland Security and the FBI, obtained by security expert Brian Krebs. TDoS attacks use high volumes of automated calls to tie up target phone systems, halting incoming and outgoing calls. Perpetrators are using the attacks to extort cash from target organizations, who receive a call from a representative from a purported payday loan company, who demands payment of $5,000 for an outstanding debt — usually speaking in an unspecified 'strong accent.'"

80 of 115 comments (clear)

Min score:

Reason:

Sort:

Police, Fire Brigade, Truncheon, Axe... by flyingfsck · 2013-04-02 21:29 · Score: 2

I can think of various interesting ways to handle these idiots.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
1. Re:Police, Fire Brigade, Truncheon, Axe... by Barryke · 2013-04-02 21:36 · Score: 2
  
  This just like a telephony call after ransomware. Its hard to know their address, they usually are foreign and call via VOIP gateways.
  
  --
  Hivemind harvest in progress..
2. Re:Police, Fire Brigade, Truncheon, Axe... by mwvdlee · 2013-04-02 22:03 · Score: 3, Insightful
  
  The money has to be deposited somewhere, and that somewhere may be traceable.
  I understand that is how scam-/spam-gangs are traced.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
3. Re:Police, Fire Brigade, Truncheon, Axe... by findoutmoretoday · 2013-04-02 22:18 · Score: 1
  
  It's a two stage ransom. The real one comes when my law firm sues idiots (on behalf of some client) for a lack of reaction, inadequate response, absence of redundancy, ....
4. Re:Police, Fire Brigade, Truncheon, Axe... by Anonymous Coward · 2013-04-02 22:21 · Score: 1
  
  The money has to be deposited somewhere, and that somewhere may be traceable.
  And this is where Bitcoin becomes an interesting option for ransom payments.
5. Re:Police, Fire Brigade, Truncheon, Axe... by nemesisfixx · 2013-04-02 22:26 · Score: 1
  
  Wire me a bitcoins or I wire the bits to your coins!
6. Re:Police, Fire Brigade, Truncheon, Axe... by andy.ruddock · 2013-04-02 23:14 · Score: 1, Interesting
  
  That's like saying home users should be made personally liable if their PC is infected with a virus that adds it to a botnet and is used for a DDOS attack.
  Or like saying a car driver should be responsible for the damage he causes if he crashes into another vehicle.
  
  Oh.. wait..
  
  --
  God: An invisible friend for grown-ups.
7. Re:Police, Fire Brigade, Truncheon, Axe... by Big+Hairy+Ian · 2013-04-02 23:20 · Score: 2
  
  You've obviously never tried to trace a fraudulent transaction though multiple jurisdictions :(
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
8. Re:Police, Fire Brigade, Truncheon, Axe... by wonkey_monkey · 2013-04-02 23:40 · Score: 2
  
  No, it's clearly more like holding the owner responsible if someone steals the car and crashes it into another vehicle, isn't it?
  
  --
  systemd is Roko's Basilisk.
9. Re:Police, Fire Brigade, Truncheon, Axe... by FireFury03 · 2013-04-03 00:08 · Score: 2
  
  Require VOIP providers to provide proper safeguards or stop operating (and having access) to any of the wired networks?
  Seems like a fairly simple solution.
  That's very similar to saying the solution to botnets is to require computer owners to provide proper safeguards. In short: completely unworkable. We're not just talking about big VoIP gateways, we're talking about anyone who has a VoIP device exposed to the internet. FWIW, I see a *lot* of SIP wardialling attempts on my Asterisk servers - in my case they all get given a "callee number invalid" response, but presumably there are enough misconfigured PBXes around to make it worth setting a botnet to work finding one that will allow anonymous callers to make PSTN calls.
  
  --
  http://blog.nexusuk.org
10. Re:Police, Fire Brigade, Truncheon, Axe... by zenopus · 2013-04-03 00:12 · Score: 1
  
  You would think a carrier could easily block VOIP originating calls to emergency services.
  Unless that information is lost by the time the call arrives at the carrier.
  There has to be an originating caller id - as this is who is charged for the call,
  certainly if the destination is not an emergency services number.
11. Re:Police, Fire Brigade, Truncheon, Axe... by DarkOx · 2013-04-03 00:23 · Score: 2
  
  I too have advocated the owners of machines should be responsible for its actions on the network. Someone does something bad from your open or weakly secured access point, you are at least liable for civil negligence claims. Someone makes your PC a botnet member and there is a ddos or spam incident, ditto.
  I come down on side of end user owning the responsibility mostly because if the end users don't fix it someone like the DHS is going to fix it for them and the result will be another crony capitalism tax dollar give away, a strait jacket on everyone's freedom, and good bye to yet more privacy even for those who do choose to put effort into protecting that.
  I am not sure the car analogies really work here. Not sure but I think there have heard some cases where owners of guns and cars have faced some civil liability for damages where they failed to secure them properly and they were used in crimes. So there may be some useful precedent there.
  A better analogy though still stretched is to give the computer equipment some agency. Treat it like a large dog. If you have one and you leave it outside you'd better have a secure fence or some other way to keep it confined to your property. If the dog gets loose and does something unintended like bite someone you the owner have to be responsible for it.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
12. Re:Police, Fire Brigade, Truncheon, Axe... by __aaltlg1547 · 2013-04-03 01:09 · Score: 2
  
  A computer is not a car, nor is it a dog. But it's more like the car than the dog. It does not go do things by itself without human intervention. The human who commands it to do the illegal thing should be the only one held responsible. Holding individual owners responsible for staying ahead of an ever-increasing threat is absurd.
13. Re:Police, Fire Brigade, Truncheon, Axe... by Anne+Thwacks · 2013-04-03 01:12 · Score: 1
  
  You, sir, are not a true Marxist. Marx stated that machines only respond to the commands of their owners. This is the main justification for state ownership of stuff.
  
  --
  Sent from my ASR33 using ASCII
14. Re:Police, Fire Brigade, Truncheon, Axe... by Krojack · 2013-04-03 01:34 · Score: 1
  
  Yeah, my Asterisk boxes use to get slammed with brute force attempts left and right from foreign IP addresses, then I installed Fail2ban. Works wonders.
15. Re:Police, Fire Brigade, Truncheon, Axe... by andy.ruddock · 2013-04-03 01:39 · Score: 2
  
  Ok, yes, if the owner has left the keys in the ignition, the doors unlocked, and walked away leaving a big sign on the car saying "please steal me".
  
  --
  God: An invisible friend for grown-ups.
16. Re:Police, Fire Brigade, Truncheon, Axe... by BlackSnake112 · 2013-04-03 01:43 · Score: 1
  
  It should be on the user to make sure that their computer is clean. Claiming ignorance is hurting everyone.
17. Re:Police, Fire Brigade, Truncheon, Axe... by andy.ruddock · 2013-04-03 01:49 · Score: 1
  
  "unknowingly" being the operative word here.
  How many of these infections are caused by the user not having up-to-date AV software and blindly clicking on links in random e-mails?
  You have to take some responsibility.
  
  --
  God: An invisible friend for grown-ups.
18. Re:Police, Fire Brigade, Truncheon, Axe... by DarkOx · 2013-04-03 01:52 · Score: 4, Interesting
  
  Right a computer is not a car or a dog; the analogy is stretched in either case. I am not saying owners should be criminally culpable. Whoever made unauthorized use of the equipment should be. I do think they should be exposed to civil liability where their maintenance of the machine is found to be negligent.
  A civil court would be free to decide for example that it appears your machine was pwnd by a zero day; and there is nothing therefore you could have 'reasonably' done so you have no responsibility for any damage it was used to inflict. OOTH your machine hasn't seen a patch in four years and your firewall is no-existent or configured so as to be nearly useless you could be responsible as you were negligent.
  (here we go again another car analogy) Just like you'd be negligent if you left your car in neutral without the parking break applied and it rolled in to traffic while you were shopping. Sure we might blame the guy who gave it a push if he was known or could be found but in most cases its going to land in the owners lap.
  I am not saying the analogies fit exactly or that its entirely fair but a few things are true:
  1) Leaving an un-patched, unprotected box connected to the internet is a negligent (if not legally practically).
  2) Something is going to be done about this issue now that banks and utilities are being DDOSed unless that stops;
  3) Most of us won't like the something in 2
  4) If you want individuals to take computer security seriously they will need to be either made to or to feel they are personally at risk if they don't.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
19. Re:Police, Fire Brigade, Truncheon, Axe... by oreaq · 2013-04-03 02:17 · Score: 1, Insightful
  
  If you think the car door lock or ignition lock stops a motivated thief you are as clueless when it comes to car security as the PC owners are about computer security.
20. Re:Police, Fire Brigade, Truncheon, Axe... by Anonymous Coward · 2013-04-03 02:21 · Score: 1
  
  The point is there is currently no reasonable, cost effective, fair method to decide if a user has taken 'sufficient' steps to secure their PC, especially if you are talking about someone just being one small part of a botnet.
  To make this reasonable you would have to have (say) a government license to use any general purpose computing device, whereby your responsibilities are laid out to you and you show in some way that you understand them - similar to a driving license.
  And we'd all love to have the government decide who gets to have a PC, wouldn't we?
21. Re:Police, Fire Brigade, Truncheon, Axe... by Anonymous Coward · 2013-04-03 02:27 · Score: 1
  
  Right a computer is not a car or a dog; the analogy is stretched in either case. I am not saying owners should be criminally culpable. Whoever made unauthorized use of the equipment should be. I do think they should be exposed to civil liability where their maintenance of the machine is found to be negligent.
  A civil court would be free to decide for example that it appears your machine was pwnd by a zero day; and there is nothing therefore you could have 'reasonably' done so you have no responsibility for any damage it was used to inflict. OOTH your machine hasn't seen a patch in four years and your firewall is no-existent or configured so as to be nearly useless you could be responsible as you were negligent.
  Or we just make all PC owners everywhere throughout the land take compulsory insurance against third party attacks should their PCs or network become infected.
  Cars already have compulsory insurance required by law.
22. Re:Police, Fire Brigade, Truncheon, Axe... by Runaway1956 · 2013-04-03 02:28 · Score: 3, Insightful
  
  Hmmm. Where do I fit into all of this? I run Linux Mint Debian. I've basically turned the firewall off, on the computer and at the router. No antivirus. But, I'm up to date with a rolling distro. Although I have three versions of Java installed, my browsers don't know about them. Flash is installed, and disabled by default. Javascript is disabled by default, but I can select sites on which to run it. In the unlikely event that I am pwned - how liable do you think I should be? Are my precautions adequate?
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
23. Re:Police, Fire Brigade, Truncheon, Axe... by laughingcoyote · 2013-04-03 02:30 · Score: 1
  
  A civil court would be free to decide for example that it appears your machine was pwnd by a zero day; and there is nothing therefore you could have 'reasonably' done so you have no responsibility for any damage it was used to inflict. OOTH your machine hasn't seen a patch in four years and your firewall is no-existent or configured so as to be nearly useless you could be responsible as you were negligent.
  Given some of the idiotic rulings on tech cases we've seen out of courts even at the highest levels with years worth of testimony to get a clue, do you really trust your local courthouse magistrate to make technical distinctions that fine? I sure don't. That's before you even get to the expectation that everyone who purchases a computer knows how to properly configure and maintain a firewall.
  
  Just like you'd be negligent if you left your car in neutral without the parking break applied and it rolled in to traffic while you were shopping.
  No, to stretch the analogy until it screams, it's more like you left your window down. Someone then reached into the vehicle, broke the ignition switch, took off the parking brake, put the car in neutral, and gave it a good push, rolling it into traffic. They shouldn't do that, whether or not you left your window down (or even if you also left the keys in the ignition), and it is their fault for misusing someone else's property in that way. You can still argue it's not a good security practice to leave the window down and the keys in the ignition, but that doesn't give other people a license to steal or misuse the car, nor does it make the owner rather than the interloper responsible if someone does.
  
  Leaving an un-patched, unprotected box connected to the internet is a negligent (if not legally practically).
  What about "developing and selling a highly vulnerable OS"? That's A-OK, but expecting the end users to be responsible when the product is flawed is reasonable?
  
  --
  To fight the war on terror, stop being afraid.
24. Re:Police, Fire Brigade, Truncheon, Axe... by gmack · 2013-04-03 02:54 · Score: 1
  
  The fundamental problem is that the phone system is notoriously insecure and trusts the sending provider to show accurate information. All you need to do to spoof the calling info? A digital line.. this means that any office with a T1 or better and a digital PBX can spoof calls and worse yet VOIP services often let the caller set that info as well.
  We all get to suffer because the telcos are too lazy to add egress filtering.
25. Re:Police, Fire Brigade, Truncheon, Axe... by DarkOx · 2013-04-03 03:05 · Score: 1
  
  No you don't do that. Its up to whoever feels they were wronged to sue the owners of the machines or not. Most people who get DDOSed wont do it. The time it work take to file all the discovery motions, collect the evidence and build a case would mostly be more than what they could hope to collect.
  Yes the software vendors should absolutely be potentially on the hock to if you could show they made not effort to address security issues in a timely manor or knowing ignored security issues, etc.
  You are trying to conflate the civil matters with the criminal ones. My argument is if your machine is used to damage mine I should be able to seek damages from you. Actually under current law I suspect I probably can. How successful would I be; probably not very. I would be happy to see some plaintiffs prevail though because I think it would do good thing for security posture everywhere and avoid draconian regulations that are coming otherwise.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
26. Re:Police, Fire Brigade, Truncheon, Axe... by Osiris+Ani · 2013-04-03 03:09 · Score: 1
  
  Ok, yes, if the owner has left the keys in the ignition, the doors unlocked, and walked away leaving a big sign on the car saying "please steal me".
  Of course, because no otherwise secure system has ever been compromised by a zero-day attack.
27. Re:Police, Fire Brigade, Truncheon, Axe... by Dishevel · 2013-04-03 03:36 · Score: 1
  
  They should.
  Fuck them and their virus laden PCs.
  If you can not make good decisions then fuck you and get your viral POS of my fucking internet.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
28. Re:Police, Fire Brigade, Truncheon, Axe... by Dishevel · 2013-04-03 03:41 · Score: 1, Flamebait
  
  And we'd all love to have the government decide who gets to have a PC, wouldn't we?
  You do not have to go through all that.
  Simply bring back the command line. Have people run Linux. Make the computers a little more difficult to use. Just a little.
  Make them think a tiny bit when hooking up to the internet. Daily.
  Even if you removed licensing for cars the percentage of people that would go on the road with NO ability to drive would be small.
  The number of people with no fucking clue how to read or not click a link that travel the information super highway is STAGGERING!
  Make the barrier to entry higher and all will benefit.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
29. Re:Police, Fire Brigade, Truncheon, Axe... by tlhIngan · 2013-04-03 03:50 · Score: 1
  
  You would think a carrier could easily block VOIP originating calls to emergency services.
  Unless that information is lost by the time the call arrives at the carrier.
  There has to be an originating caller id - as this is who is charged for the call,
  certainly if the destination is not an emergency services number.
  The question is - how do you know that VoIP call isn't from a local person needing 911 services? After all, a lot of people have dumped landlines in favor of VoIP lines. And stuff like Vonage make the house phone lines look a lot like landlines.
  And in fact, until recently, 911 wasn't really handled properly by VoIP providers. And there's lots of VoIP providers out there - who's to say what's a legit VoIP emergency call and what's not?
  
  If you think the car door lock or ignition lock stops a motivated thief you are as clueless when it comes to car security as the PC owners are about computer security.
  Depends what you're trying to protect. The contents of a car? Not really - most thieves do smash-and-grabs (annoying to spend hundreds to fix when the thief made off with $20 worth of change and CDs).
  The vehicle? Most modern ones have immobilizers (a lot of places make them mandatory - where I am in BC, Canada, all new cars sold must have immobilizers to get insured). In general, it's why carjacking became popular because hotwiring a car was no longer feasible, at least unless you weren't picky and went for an older model before the immobilizers were standard.
  Yeah, there are car proxies that let you bypass the immobilizer, but that's pretty much saying unless you have perfect security, it's pointless. (Especially since most people really only need "good enough").
30. Re:Police, Fire Brigade, Truncheon, Axe... by ExploHD · 2013-04-03 03:59 · Score: 3, Funny
  
  You've obviously never tried to trace a fraudulent transaction though multiple jurisdictions :(
  It's simple really, just write a program in VB so you can backtrace it.
31. Re:Police, Fire Brigade, Truncheon, Axe... by blackraven14250 · 2013-04-03 04:06 · Score: 1
  
  There's nothing like a 19th-century fire brigade around anymore for these crooks, unfortunately.
32. Re:Police, Fire Brigade, Truncheon, Axe... by jythie · 2013-04-03 04:09 · Score: 1
  
  That would be the equivalent of holding a honey pot admin responsible for attacks coming form their system.
33. Re:Police, Fire Brigade, Truncheon, Axe... by jythie · 2013-04-03 04:14 · Score: 1
  
  And that cuts to the heart of the problem with such a system.. who decides what taking sufficient steps involves? People who support this idea assume that they or someone like them will be in charge, but chances are it would be a beurocratic mess which would involve certification of underlying components (like the OS), which would not make FOSS people very happy...
34. Re:Police, Fire Brigade, Truncheon, Axe... by oreaq · 2013-04-03 04:29 · Score: 1
  
  Parent's implict argument was: Hold the victims of computer crime accountable because they didn't aply common sense to protect their computers like they would do (for example) to protect their car. He made this argument by describing how common sense meassures protect your car and the things in it from beeing stolen. I justed wanted to point out that this argument is wrong.
35. Re:Police, Fire Brigade, Truncheon, Axe... by yurtinus · 2013-04-03 04:36 · Score: 1
  
  I think it's more like a bunch of guys on /. clogging up the tubes with poor analogies....
  
  --
  +1 Disagree
36. Re:Police, Fire Brigade, Truncheon, Axe... by icebike · 2013-04-03 05:00 · Score: 1
  
  This just like a telephony call after ransomware. Its hard to know their address, they usually are foreign and call via VOIP gateways.
  Which suggests that this is but another ploy to induce knee-jerk regulation of the VOIP industry, with the ultimate goal of forcing everyone back to POTS. Geee, who would want to do that, you say? Other than your nanny state Federal Government, and several telephone companies I can't think of anyone.
  This is pretty much a non issue, because 911 calls in any area can instantly be re-routed to a different ACTUAL Phone number on the fly, a feature built into the 911 system to handle the possibility that the 911 call center gets overloaded, or hit by a tornado or something. (Just because you dial 911 does not mean there is an actual phone with 911 as its real phone number).
  To the extent this DDOS is actually happening at all, (and the whole story doesn't pass the smell test), it seems more a orchestrated trial balloon aimed against private VOIP, asterisk, and the several thousand voip providers steadily dipping into
  pockets of Big Phone.
  
  --
  Sig Battery depleted. Reverting to safe mode.
37. Re:Police, Fire Brigade, Truncheon, Axe... by icebike · 2013-04-03 05:08 · Score: 1
  
  Require VOIP providers to provide proper safeguards or stop operating (and having access) to any of the wired networks?
  Seems like a fairly simple solution.
  Brilliant!
  This is exactly what the motivation for these alleged attacks is.
  Big Phone Providers annual back room meeting:
  
  Lets kill this VOIP thing before it eats all of our monstrous profit margin. Let's see, how can we do that? Oh, I know, lets get the public all enraged about VOIP providers and see if we can regulate them out of business. We will hire a bunch of Kenyans and put them in some basement somewhere and use Voip to attack something to scare the Americans into regulating Voip either out of business or back into our hands. Brilliant. And then we will post the the "Solution" on Slashdot to get the sheeple thinking in the right direction. Good one! More caviar, and another glass of wine all around.
  
  --
  Sig Battery depleted. Reverting to safe mode.
38. Re:Police, Fire Brigade, Truncheon, Axe... by LordLimecat · 2013-04-03 05:48 · Score: 1
  
  And when that somewhere is "we-dont-care-what-the-FBI-says" China or Romania, then what?
39. Re:Police, Fire Brigade, Truncheon, Axe... by LordLimecat · 2013-04-03 05:49 · Score: 1
  
  It can think that, but will find out otherwise when the Romanian institution in question gives the US the middle finger.
40. Re:Police, Fire Brigade, Truncheon, Axe... by cdrudge · 2013-04-03 06:23 · Score: 1
  
  You would think a carrier could easily block VOIP originating calls to emergency services.
  
  How do you tell a legitimate emergency call from a VOIP customer from a malicious one also originating with VOIP?
41. Re:Police, Fire Brigade, Truncheon, Axe... by andy.ruddock · 2013-04-03 06:23 · Score: 1
  
  Do you honestly believe these botnets are made up of thousands of otherwise diligent users who fell prey to a zero-day attack?
  The millions of those who can't be bothered to update their systems have been bloody lucky not to get caught up in it then haven't they?
  
  And just because somebody might get caught out by a zero day doesn't automatically absolve everybody from taking some responsibility for the security of their systems.
  
  --
  God: An invisible friend for grown-ups.
42. Re:Police, Fire Brigade, Truncheon, Axe... by V!NCENT · 2013-04-03 07:13 · Score: 1
  
  Where do I fit into all of this?
  Let's see...
  
  I run Linux Mint Debian.
  Ouch... App Armour instead of SELinux.
  
  I've basically turned the firewall off, on the computer and at the router.
  No least amount of privilages (see app armour as well), making you exposing functionality one can abuse. Very. Stupid.
  
  Flash is installed, and disabled by default.
  I hope it's not Adobe Flash? Take Gnash for DRM'd YouTube. Use this for everything else:
  http://youtube.com/html5
  And please don't tell me you need Flash for anything important.
  Widely spread closed source crap that is internet-only. (plugin, right?)
  
  Javascript is disabled by default, but I can select sites on which to run it.
  Entire... sites? Not individual scripts? Not per-session or whitelist?
  
  In the unlikely event that I am pwned - how liable do you think I should be?
  You did not actualy forgot to disable the file:/// protocol in use by your webbrowser, did you?
  
  Are my precautions adequate?
  Hahaha no. And don't tell me you automatically connect to WiFi, with any computing device you have under full control. (as in not a complete DRM castle, like an iPad. And please don't tell me that you root mobile stuff... do you?)
  
  --
  Here be signatures
43. Re:Police, Fire Brigade, Truncheon, Axe... by aceboomblain · 2013-04-03 07:48 · Score: 1
  
  Unfortunately, an ISP would likely require you to run some some closed source executable on your machine to do this "verification", and it would be very unlikely that they would support a version of said executable on the OS or distribution that you prefer (unless you prefer the latest version of Microsoft Windows). And it wouldn't take long before some ISPs would use this as an opportunity to install some toolbar that sticks their ads in your face.
  BTW, since /. is all about analogies - mine for this situation is: Someone trespasses on your property and points a laser pointer at an airplane ... should the property owner be liable for what the trespasser did because the gate was unlocked, or perhaps because the fence didn't have razor wire on it?
44. Re:Police, Fire Brigade, Truncheon, Axe... by EnempE · 2013-04-03 13:57 · Score: 1
  
  The actions of the victim in no way justify the actions of the criminal. Now if the sign had said "Please test drive", that would be authorization and no crime would have taken place.
45. Re:Police, Fire Brigade, Truncheon, Axe... by Runaway1956 · 2013-04-03 14:44 · Score: 1
  
  App Armor - check.
  Gnash - check.
  Javascript - whitelist and per session, check.
  forgot to disable the file:/// protocol in use by your webbrowser, - OOPS! Yeah, my browser can open files in my home folder - fixing that! DUHHH!
  The ONLY whitelisted WIFI is the one I own.
  Rooting a mobile device? How else do you get rid of un-needed, un-wanted crap installed by the telco? Cyanogen Mod!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
46. Re:Police, Fire Brigade, Truncheon, Axe... by __aaltlg1547 · 2013-04-03 14:59 · Score: 1
  
  And that cuts to the heart of the problem with such a system.. who decides what taking sufficient steps involves? People who support this idea assume that they or someone like them will be in charge, but chances are it would be a beurocratic mess which would involve certification of underlying components (like the OS), which would not make FOSS people very happy...
  The only people who would benefit from such a situation are lawyers who would have another category of people to sue.
47. Re:Police, Fire Brigade, Truncheon, Axe... by mgcarley · 2013-04-04 10:26 · Score: 1
  
  Some universities and businesses do this already with things like this http://www.bradfordnetworks.com/network_sentry
  
  --
  Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com) // t: @mgcarley
48. Re:Police, Fire Brigade, Truncheon, Axe... by V!NCENT · 2013-04-05 21:17 · Score: 1
  
  Rooting your device is difficult, so doing it yourself makes it so fscking easy for a cracker to use it?
  And about that WiFi...
  Laptop: "Is my SSID HomeRouter1337 around?
  MITM attack script: change SSID to HomeRouter1337
  HomeRouter1337~: "Right here baby 3"
  Laptop: "I wanna connect to 9gag so bad"
  HomeRouter1337~: "Not so fast, lolcats. I'v got badass security 'n shit, so why don't you prove you are not an evil scriptkiddy first?"
  Laptop: Don't worry man, the password is 1234luggage"
  MITM attack script: change WPA2-PSK to 1234luggage
  HomeRouter1337~: "Amazing! I've got the same combination on my luggage!"
  Laptop: "Give me bankofamerica.com"
  HomeRouter1337~: "Here's your login page"
  Laptop: "Here's John Doe, 1234password"
  MITM attack script: detecting bankofamerica domain with ngrep; send to cracker laptop and give the laptop a fake bankofamerica.com maintenence page "We're sorry, but login an hour from now while we ensure our security stays 1337"
  Cracker: "Lawl I can't believe people are so fscking stupid ^__^"
  FBI: "Hello hacker criminal"
  
  --
  Here be signatures
"unspecified strong accent"... oblig.Monty Python? by fantomas · 2013-04-02 21:39 · Score: 2

"unspecified strong accent"
There must be a Monty Python reference here, because it sure ain't science....
Re:Appropriate response by BeerCat · 2013-04-02 22:17 · Score: 3, Interesting

What if it is being done by rival emergency services?
The automated telephone exchange was invented by someone who ran a fire brigade, and reckoned (rightly, as it turned out), that the switchboard operators were favouring his rival.
With increasing fragmentation, then the "best performing" one will be the one that can answer calls; by blocking a rival, they can't answer as many calls, and hence will appear to be performing less well (and hence will be shut down)

--
"She's furniture with a pulse"
Re:"unspecified strong accent"... oblig.Monty Pyth by Anonymous Coward · 2013-04-02 22:18 · Score: 1

It is probably this one you silly english kniggets.
...Pb therapy by harvey+the+nerd · 2013-04-02 22:30 · Score: 1

In some parts of the country, or less developed countries, they many not want an adequate response.
Re:Appropriate response by Anonymous Coward · 2013-04-02 22:32 · Score: 1

Sorry, am I correct in thinking you are saying you have RIVAL emergency services. Really?!
Re:Appropriate response by raburton · 2013-04-02 22:36 · Score: 5, Informative

> The automated telephone exchange was invented by someone who ran a fire brigade
Not quite, he was an undertaker:
http://en.wikipedia.org/wiki/Almon_Brown_Strowger
Re:"strong accent" indeed... by mrbester · 2013-04-02 22:41 · Score: 1, Funny

Jedi Masters need to pay bills just like everybody else...

--
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
Re:Back in the Days of the Square Wheel by DNS-and-BIND · 2013-04-02 22:58 · Score: 1

Uh, no? Wardialing was dialing all the station digits in a prefix to find which ones answered with a modem. Or was this an intentionally stupid comment by a user with the +2 karma bonus?

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Manslaughter by Anonymous Coward · 2013-04-02 23:05 · Score: 1

If they are caught, these people should be held financially and criminally responsible for any emergency call that fails to go through. If anyone dies, I would think they should be charged with manslaughter at the least, but given that they intentionally tied up phone lines for emergency calls I would go as far as to call it premeditated murder.
1. Re:Manslaughter by Stolpskott · 2013-04-02 23:18 · Score: 1
  
  Throwing the book at them (preferably an authentic replica of the stone tablets that the 10 Commandments were written on) would be very satisfying, but arguing premeditation would be a challenge - there are definitely elements to the scam that suggest it could be made to stick, but the defence would also have plausible arguments.
  Manslaughter or culpable homicide would be easier to argue for, and given that you would almost certainly be looking at more than one death, the results should amount to a similar time in gaol (jail, to the American-English speakers among us).
Re:Appropriate response by game+kid · 2013-04-02 23:07 · Score: 1

Rival emergency services, united by phone pumber. Maybe Capcom can make a fighting game of this.

--
You can hold down the "B" button for continuous firing.
Bad headline by anorlunda · 2013-04-02 23:42 · Score: 2

The security alert linked in the summary says that the attacks were on the administrative lines of the emergency services, not the 911 lines. The summary and the Slashdot headline are bogus.
1. Re:Bad headline by RandomUsername99 · 2013-04-03 00:33 · Score: 1
  
  Or, it might be deliberately spun that way to give people the impression that they are "putting the safety of the general public" at risk, which, I believe, is one of the unquestionable patriot-act definitions of terrorism?
Unless they want good 'ol Western Union... by sirwired · 2013-04-03 00:09 · Score: 1

If they demand payment via Western Union, it cannot be traced, and I'm pretty sure $5k is under their max transaction amount.
Re:Appropriate response by DFurno2003 · 2013-04-03 00:13 · Score: 1

"The automated telephone exchange was invented by someone who ran a fire brigade, and reckoned (rightly, as it turned out), that the switchboard operators were favouring his rival." Took me a bit of searching but I found it, He was an Undertaker. "According to legend, Almon Strowger, an undertaker, was motivated to invent an automatic telephone exchange after having difficulties with the local telephone operators, one of whom was the wife of a competitor. He was said to be convinced that she, as one of the manual telephone exchange operators was sending calls "to the undertaker" to her husband." http://en.wikipedia.org/wiki/Strowger_switch
Re:Appropriate response by DFurno2003 · 2013-04-03 00:15 · Score: 1

damn wall of text... sorry
Re:"strong accent" indeed... by Sulphur · 2013-04-03 00:38 · Score: 1

Jedi Masters need to pay bills just like everybody else...
Pix or it didn't happen.
block them by omegahelix · 2013-04-03 01:26 · Score: 1

what if we all install something like this? http://m.youtube.com/#/watch?v=3jlv058-EaY&desktop_uri=%2Fwatch%3Fv%3D3jlv058-EaY
1. Re:block them by PPH · 2013-04-03 03:59 · Score: 2
  
  That would be just great for the E911 system. Ask someone to enter a four digit code while they are being raped/stabbed/beaten to death.
  
  --
  Have gnu, will travel.
Testing infrastructure weaknesses by realsilly · 2013-04-03 01:35 · Score: 1

I've read, heard about a lot of recent DoS attacks lately, from banks to power grids to government agencies and now to phone lines. I've seen my share of things that are systematically done to break something down, so I see all these attacks (some successful) as a strategic way for those who want to hurt us to prepare for the big hit. Just like corporations that are considered "Too Big to Fail", I think our US infrastructure has been built this way also. The more we interconnect to make things easier to manage, the more vulnerable we make ourselves.

--
Life takes interesting turns, but the most interest is when you're off the beaten path.
Re:"strong accent" indeed... by dkleinsc · 2013-04-03 01:55 · Score: 1

I bet it isn't an English accent...
Not necessarily: Most scammers are from the Third World, e.g. Yorkshire.

--
I am officially gone from /. Long live http://www.soylentnews.com/
Re:Trace the automated calls? by petermgreen · 2013-04-03 02:12 · Score: 1

So is it a network of compromised phones now ??

Don't think "phones", think "devices that are connected to both the phone network and the internet". PCs of users who kept their modems after switching to broadband for "backup" or "fax". VOIP exhanges (whether private or service provider operated) with PSTN gateway hardware, smartphones and so-on.

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Re:Trace the automated calls? by mabhatter654 · 2013-04-03 02:39 · Score: 1

My opinion is that the telcos have too many cheap overseas cables being hacked. These are "inside jobs". Some unscrupulous telcos are selling their leftover call center volume on hard lines to the USA.
So they are "war dialing" from blocks that the telcos reserved for large company call centers, debt collectors, etc.. Those are lines with all the "spoofing" left on so YOU can't block the paying telemarketers and debt collectors. The telco can't cut them off because its the same lines companies pay lots of money for.
This typically isn't "hacked" somebody is selling it. The people operating the call center think they are answering calls PLACED TO THEM ... The wonders of integrated IP phones...
Re:Computer crime, or cybercrime, refers to any cr by CanHasDIY · 2013-04-03 02:39 · Score: 1

that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime.
Quick! to the USPTO! That'll fix 'em!

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Re:Back in the Days of the Square Wheel by jon3k · 2013-04-03 04:12 · Score: 1

No, because it's not many phones DISTRUBUTED, as in Distributed DoS (DDoS). It's just a piece of software that calls many times. It's not "distributed" in any sense of the word.
Re:Trace the automated calls? by jon3k · 2013-04-03 04:13 · Score: 1

Too hard to trace the source. Most of it is hacked PBXs. We should just do what we always do to catch them, just follow the money.
Are they sure by sjames · 2013-04-03 04:44 · Score: 1

It may be Rachael from Card Services...
Re:Appropriate response by icebike · 2013-04-03 05:14 · Score: 1

Sorry, am I correct in thinking you are saying you have RIVAL emergency services. Really?!
More likely the Phone companies themselves, who would like nothing more than to kill off independent VOIP providers.

--
Sig Battery depleted. Reverting to safe mode.
Because Punking the Police is Such a Good Idea by ClayDowling · 2013-04-03 05:53 · Score: 1

Somebody may not have thought their clever little plan through as completely as they might have liked. The police have guns. And a lot of friends with guns. And a solid organized network for both communicating among themselves and with other departments, through multiple channels. I don't see this ending in a big payday.

--
Easy Online Role Playing Campaign Management
Re:Appropriate response by GodGell · 2013-04-05 16:39 · Score: 1

As far as I can tell, you're wrong; see http://en.wikipedia.org/wiki/Telephone_exchange#Historic_perspective
Wikipedia seems to be slightly contradicting itself on these two pages. This one, however, is the one I believe to be correct (from having heard the same thing from numerous different sources).

--
[SHOW SOME LENIENCY TOWARDS ... I mean, FUCK BETA] Eat. Survive. Reproduce. GOTO 10
Re:Appropriate response by raburton · 2013-04-05 21:09 · Score: 1

What are you saying is correct/incorrect? You say believe the version on the page you have linked to, but this also states that the automated exchange was invented by Strowger (the person I linked to), so as far as I can work out from your link you are agreeing with me.