Cybercrooks are now offering to launch cyberattacks against telecom services, with prices starting at just $20 a day. Distributed denial of attacks against websites or web services have been going on for many years. Attacks that swamped telecoms services are a much more recent innovation, first starting around 2010. While DDoS …
Not new at all
"Attacks that swamped telecoms services are a much more recent innovation, first starting around 2010"
That is absolute rubbish. I am very aware of an incident over 20 years ago where a business that relied on incoming calls was hit very hard by miscreants constantly calling their number meaning customers couldn't get through.
Because of the type of business they were in, customers very quickly moved to a new company and they didn't build back up the customer base they lost in those few days.
It's a very nasty way of hitting the competition. Should be easier to block / trace these days though.
Re: Not new at all
Reminds me of the anon attack on fleshlight
Re: Not new at all
Was that the old 'mini-cab' trick?
You ring the number and don't clear down -- then do it again and again until all the lines are 'in use'
Payphones were popular for this.
Eventually you might get 'unobtainable' but still the lines were unusable.
Easy enough to do on an ancient sound card with built in answer machine capabilities via fax modem chip.
(did it to ramp up 'on call' logs to show manager how bloody easy it was)
Re: Not new at all
Yes, minicabs was the situation I first heard about it. Some calls were thought to be done from phreaked phones abroad ISTR. It also cropped up in another commercial environment a few years later but didn't have the impact it had on small companies that rely in instant calls for their business.
After getting hammered with Sales calls from a certain double glazing company, $20 is cheap to have my revenge!
Re: Mind you...
I'd pay twice that to get rid of "Rachel from Card Services"
The PPI insurance claim scam vultures appear to be doing it to my personal phone line for free!
Any PBX owner using default password DESERVES to be owned.
Cripes, you'll be telling me Nortel Meridian owners have 0000 as their Admin password next.
If these DDOS crooks are offering to do it for pay it should be easy to track who the money is going too, there is no anonymous electronic payments anymore. The US gov took care of that by closing down the likes of E-gold.com a few years ago, seizing all the money in the accounts and then making the account holders prove the money was genuinly obtained rather than them prove it wasn't.
So what the police can trace the money from one account to another account - whoptyf-ingdo!
Can you or the cops tie that paid account to the attack or the attacker? Doubt it as your trace of who is spamming your phone line will bring up a couple of dozen innocent (if IT incompetent) companies with PBX servers and that is as far as any investigation will go... If the police really bothered (which they don't) they would trace who is sending commands to the PBX and just find TOR nodes...
I think the phrase here may be "behind seven proxies" :D
I was a VOIP Support Analyst up until recently, very easy to cripple some IPPBXs especially if you are mental enough to persist with a shaky protocol like SIP over ADSL.
I done a lot of work with Swyx and 3CX, most common attack i've seen is a 3rd party SIP client trying to authenticate, failing then trying over and over again so its just a DoS attack in disguise. Works though, eventually it prevents the system from registering new calls as its too busy dealing with auth requests.
At that point a border controller should be saying "erm... 10 failed registrations in a minute? Ok, you're getting blocked for an hour."
Strange usage of "cost-conscious"!
some of which offer to flood telephones (both mobile and fixed line) for $20 per day. The more cost-conscious would-be crooks can shop around for a service that offers to blitz lines for
$5 an hour$120 a day.
Re: Strange usage of "cost-conscious"!
Beat me to it, but I'm actually glad I wasn't the only one noticing that.
Unless there's some situation where you only need an hour for some reason, this doesn't really make a lot of sense.