Back to Posts List

VoIP DDoS Attacks

Share this article

Last updated October 23rd, 2013 by Demetrius Turner in Tech


Most of us are familiar with hacker attacks that shut down sites through a distributed denial-of-service (DDoS) attack. But as a refresher, a DDoS is an attack performed through a multitude of systems (usually compromised personal computers) on a single target.

So, a website will receive a huge amount of incoming data in the form of messages or requests. All of this incoming data subsequently forces the site to shut down, hence denying the site’s service to potential customers, users, or visitors.

That type of attack is called a network-centric attack. The bandwidth of the site is used up during these attacks and the service or database is overloaded with the incoming data. This incoming data is known as packets, units of data routed between a starting place and a final destination on the Internet. If a flood of packets overwhelms a domain, it shuts down, causing a denial of service.

The Internet hacker group Anonymous has most famously used this type of attack on government sites and other sites that they protest against. In fact, Anonymous has moved to have DDoS recognized as an official form of protest. The most famous DDoSer today - who seemingly attacks anybody who annoys him - is a hacker that goes by Julius.

A site going down, to me, really isn’t that big of a deal. A headache? Sure. The end of the world? No. A much more nefarious form of DDoS that actually causes real-world damage is done through VoIP. VoIP, as most of us know, stands for Voice over Internet Protocol.

Instead of targeting websites with VoIP (which wouldn’t work anyway), hackers target public safety agencies’ phone systems like hospitals, fire stations, or police stations.

Just imagine: a hospital employee picks up the emergency room’s ringing phone during a routine day, expecting to hear dispatchers or a worried soon-to-be patient, and hears a man threatening to shut down all of the hospital’s phone service if a ransom is not paid.

This was the reality for a San Diego hospital last March.  

For two entire days after this incident, the hospital’s phone service went down. Patients, doctors, and dispatchers couldn’t hear anything but busy signals.

Since VoIP is really still a fairly new system with plenty of bugs and kinks, hackers aren’t having a hard time exploiting its vulnerabilities. Truly, any public agencies’ phone lines could be tied up by an amateur hacker turned extortionist who has access to a laptop and some cheap software.

Most phone services have layers of accountability so that numbers can be traced, but since VoIP is used over the web, the numbers aren’t always attached to a real person.

Instead of actually shutting down the phone system, as a website would go down, the hacker just generates thousands of phone calls to the phone system they are attacking to tie up all the lines. Primitive thinking, but still effectively distributed denial of service attack.

Like computer-based DDoS attacks, VoIP (or telephony) DDoS requires a lot of different devices to overload a system, or tie up all the lines so that the service they are disabling is unreachable. Where do all these devices come from?

Short answer: zombies.

Hackers usually create phone networks using that cheap software mentioned before to generate hundreds of numbers in a matter of seconds. But sometimes the hackers infect cellphones with viruses that turn them into zombie-bots that auto-dial numbers at the hacker’s whim without the cellphone owner being aware.

At first, this tactic was used mainly by amateur spammers looking for a quick buck, but it has quickly become a concern for security officials and law enforcement. What was once a minor threat has become a malicious tool for money-hungry hackers and a potentially catastrophic tool for terrorist organizations. There is a fear that this type of attack will occur during a national crisis or a natural disaster.

There are solutions to the problem being worked on every day. To end the attack in San Diego, a computer firewall filter was put in place. Not all VoIP services have it, so certain VoIP providers will soon receive reviews and ratings indicating that they don’t have the proper software or hardware to stop one of these attacks.

A firewall works great to block specific numbers, but with VoIP, hackers are able to delete old numbers and create new ones with the click of a button. Federal officials have begun working with Internet telephony companies to develop new software to stop the attacks before they even begin. Visualize a cyber-attack on a VoIP server.

The trick is to develop an advanced caller identification system for calls placed over the Internet in particular. So, the number would have to be verified and authenticate through attached certificates or “secret” signatures. The main key to stopping these attacks is to enable software to identify the origin of the calls so that, if they are an Internet number created solely for a DDoS attack, the software will be able to block the call.

Demetrius Turner

Demetrius Turner was just an average concerned citizen until his brother started a small business, then he turned into a business technology consultant. Follow him on Twitter: @DemetriTechie
comments powered by Disqus