A new service on the cyber criminal underground can be hired to tie up the phone lines of any targeted mobile or land line around the world. The service is marketed as a diversionary tactic to assist e-thieves in robbing commercial customers of banks that routinely call customers to verify large financial transfers.
For just $5 an hour, or $40 per day, you can keep anyone’s phone so tied up with incoming junk calls that the number is unable to receive legitimate calls.
The seller offers discounts for frequent buyers of his service, and promises that each call to the targeted number will appear to come from a unique phone number, thereby foiling any efforts to block the bogus calls by caller ID. The vendor also is offering this service under escrow payment, which many fraud forums use to ensure both parties to a transaction are happy before payment is rendered.
The FBI first warned about these attacks in June 2010, advising that that receiving rapid-fire “dead air” calls could be a sign that your bank account is being emptied. From that advisory:
“Denial-of-service attacks, by themselves, are nothing new—computer hackers use them to take down websites by flooding them with large amounts of traffic.”
“In a recent twist, criminals have transferred this activity to telephones, using automated dialing programs and multiple accounts to overwhelm the phone lines of unsuspecting citizens.”
“Why are they doing it? Turns out the calls are simply a diversionary tactic: while the lines are tied up, the criminals—masquerading as the victims themselves—are raiding the victims’ bank accounts and online trading or other money management accounts.”
The easy availability of this criminal offering highlights once again how nearly every aspect of the cyber underground has been converted into a service for hire. Take cyber heists, for instance: Everything about them can now be outsourced to third party services.
You can rent a botnet to send your Trojan-laced emails and steal online banking credentials from thousands who click the booby-trapped attachments. You can purchase Web injects that allow you to change the behavior of targeted bank Web sites as they are displayed in the victim’s browser. If you want help hauling the loot, you can rent access to money mules that are hired by mule recruitment gangs. And if you need a diversion to distract or otherwise occupy your victims while you rob them, you can rent this service.