Criminal hackers are also chasing phone lines: NPR

Security providers focused on digital communications began to notice an increase in attacks on companies that manage digital phone services this fall.

Odd Andersen via Getty Images / AFP

Hide captions

Switch captions

Odd Andersen via Getty Images / AFP

Security providers focused on digital communications began to notice an increase in attacks on companies that manage digital phone services this fall.

Odd Andersen via Getty Images / AFP

Crime groups have been sending threatening messages to companies managing broadband phone services around the world over the past few months, flooding digital phone lines with traffic and offline unless the victim pays the ransom. I promise to do it.

These robbers have discovered that the number of calls made, at least partially, over the Internet has quietly and dramatically increased over the last few years.

Similar to landline providers, companies that manage digital phones, also known as Voice over Internet Protocol (VoIP) services, need to send voice in real time, facilitating personal, business, and even emergency calls.

It’s probably a bigger part of our lives than many understand. It’s much cheaper, often more accessible and scalable, and a staple for working from home during a coronavirus pandemic. Small businesses and people living abroad may have been using pure digital telephone lines for years to reach overseas customers, friends and family. Large carriers and carriers often use VoIP to handle calls and connections between providers, while smaller carriers route tens of thousands of simultaneous calls over the Internet. doing. Call center companies process over 1 million digital calls a day.

However, if the company that manages the digital telephone line is hit by a tsunami of fake callers, the behind-the-scenes mechanism for making voice online begins to collapse fairly quickly.

“The challenge is that connecting all phone systems to the Internet exposes us to all the other problems that can cause problems on the Internet,” said Matthew Prince, CEO and co-founder of Cloudflare. I am. It provides protection against the types of attacks that are currently attacking Internet phone providers.

The digital communications industry is scrambling to counter attacks

Prince and other security providers focused on digital communications began to notice an increase in attacks on VoIP services this fall.Forum Specialist for Network Operators Posted Discuss what to do about the attack.

“In amateur language, people are surprised,” says Fred Posner, VoIP security specialist.

The provider itself is largely silent about these attacks, issuing brief email updates and sometimes social media posts to notify customers about repeated outages, but a security specialist working with the provider. The house is aware of a collective change in thinking. Some of the experts interviewed by NPR agreed that the digital communications industry was not ready for this latest onslaught and was forced to rush to rethink its defense strategy. Big banks and big companies aren’t the only ones in front of criminal hackers. Anyone can pay to bring their business back online.

“I think what we’re facing right now is that there’s a huge spectrum of preparations, from organizations that don’t know about the problem and are ready to organizations that know about the problem. But they can’t or aren’t willing to invest because they don’t think they’re involved, “said Vice President of Community and Public Relations for cybersecurity company Rapid7. Ransomware task force, Public-private sector collaboration.

These robbers don’t really have to hack the victim into a threat

That collective panic began when digital communications provider was hit by a digital blackmail campaign in late September, Posner said. Previous attacks targeted small providers, but bandwidth was the largest company that has not yet suffered from DDoS attacks, or “distributed denial of service” attacks. Companies like Bandwidth expect a certain amount of legitimate traffic from users trying to make phone calls or send text messages, but DDoS attacks place a huge number of fraudulent digital requests. A malicious attacker sending to the server is involved, overwhelming the responsiveness.

“”I spent my career building a big chunk of internet infrastructure. The Internet is really a series of tubes, and I tell you that those tubes have some capacity, “says Prince of Cloudflare.

The criminals involved in these recent VoIP attacks have financial motivations.But big companies Colonial pipeline If hacked and demanded a ransom, these attackers do not actually have to hack the victim and hostage the service. Weaponizing digital traffic can at least temporarily disrupt a company’s operational capabilities.

According to Allan Liska, an intelligence analyst at threat intelligence company Recorded Future, this method of combining ransom threats with DDoS attacks has been around since at least 2019. Rogue traffic was generated because it was difficult to reach the required amount of signal. “They weren’t really backed up,” he says. However, in recent months, some of these criminals have found that they don’t really need that much traffic to interfere with the special protocols associated with real-time voice transmission. increase.

According to security experts, the Internet was not initially designed as a conduit for real-time voice, text, and video communications. This is because each bit of voice needs to arrive exactly at the right time for a seamless conversation. Otherwise, the conversation will be meaningless. On the other hand, website content can be loaded in any order. When you talk to the receiver and make a digital call, the voice is converted into small packets of digital information and then returned to the receiver.

Security expert Sandro Gauci, who helps carriers patch system flaws, needs to send about one packet of data every 20 milliseconds for a digital call for the phone to function properly. It states.

“As soon as there is a little downtime, the system doesn’t work properly … and it’s meant to be real-time, so this is a big problem,” says Gauci. “Our clients, in the case of service providers, are really worried about denial of service because they lose money every time the system goes down.”

That’s exactly what the attacker understood how to do it.

“It keeps escalating,” says Liska. “And one of the hallmarks of cybercriminals is that they are imitators. If you find something that works very quickly, other groups will imitate it.”

Cybercriminals claim to be part of a notorious hacking group like Fancy Bear

Based on interviews with experts responding to these attacks and ransom notes provided to NPR, the attackers were famous as Russian fancy bears linked to the 2016 US election interference by security companies. Activities that falsely claimed to be part of a hacking group, and now REvil, a notorious criminal ransom group. Liska states that this is a popular tactic to convince victims that their torturers are legal and increase their likelihood of paying.

“They have adopted the names of well-known threat groups in the hope that they will inspire more fear,” he says.

Providers do not share information about whether they have considered paying the attacker a ransom, but many providers have been successful at least temporarily in recovering from the attack. But that doesn’t mean that the turmoil hasn’t had a real impact yet.

Chet Wisniewski, a senior researcher at security company Sophos, moved to Vancouver, Canada a few years ago and switched to using VoIP full-time to connect with friends and family in a more affordable way. Over the past few weeks, he had an error screen on his handset, sometimes for hours.

“Like everyone else, we all depend on our mobile phones,” says Wisniewski. “And if the phone is unreliable to the sales team, tech support, etc., you can’t imagine the disruption of the business relying on this service. It would be a real disaster.”

The worst effect of a major telecommunications failure is the inability to call emergency services. Security experts have told NPR that at least some of the disruptions to major broadband providers had a limited impact on 911 calls.Communication sector It is listed The Department of Homeland Security’s cyber agency, CISA, is part of an important infrastructure to provide “activation functions” for connecting businesses, individuals, emergency services, and governments, especially in crisis situations. It works.

“Well, in the event of a dynamic war with enemies such as Russia, North Korea and Iran, perhaps teenagers with botnets can rob major telecommunications providers and demand ransom. See how vulnerable this is, they, “says Wisnievsky. “If it were a sophisticated and well-equipped enemy like a nation-state, could our communication be wiped out in minutes?”

The FBI has recently been empowered to destroy botnets. A botnet is a zombie army of compromised devices that attackers use to flood victims with traffic. These types of authorities may help track down these criminal groups. ReportedlyAT & T announced that it has “taken steps to mitigate” a botnet targeting thousands of VoIP servers in the network, but was the botnet designed to launch a denial of service attack? It is unknown if it was designed for another purpose.

But finding a robber is a real challenge. Most criminal groups that demand ransom from broadband providers want to pay in the digital currency Bitcoin to hide their identities.

VoIP expert Posner says he’s been thinking a lot over the past month about what he needs to do to protect the telecommunications sector. “First of all, we obviously need some law enforcement agency,” he says. “These attacks clearly violate existing legislation and have little arrest or impact from these attacks, so it would be great to have dedicated resources to help protect the infrastructure.”

On the other hand, companies need to develop a response plan. “From my point of view, it looks like more preparation is needed,” says security expert Gorch.

“It’s important to test your security tests further because you want to know your position, whether the security protection mechanism is actually working, if there are new issues, and how you can recover.” “

Criminal hackers are also chasing phone lines: NPR

Source link Criminal hackers are also chasing phone lines: NPR

Back to top button