DoS for phones: "busy signal service" clobbers the phone-lines of companies while their servers are being plundered

Brian Krebs reports on a new cybercrime service that will max-out a company's switchboard with fake phone calls as a diversionary tactic while their servers are being plundered:

For just $5 an hour, or $40 per day, you can keep anyone’s phone so tied up with incoming junk calls that the number is unable to receive legitimate calls.

The seller offers discounts for frequent buyers of his service, and promises that each call to the targeted number will appear to come from a unique phone number, thereby foiling any efforts to block the bogus calls by caller ID. The vendor also is offering this service under escrow payment, which many fraud forums use to ensure both parties to a transaction are happy before payment is rendered.

Busy Signal Service Targets Cyberheist Victims



  1. I know, from watching movies, that server admins sit up late watching log files scroll in to detect unlawful intrusion, so I can see how distracting them with phone calls might distract them from sensing unauthorized access.

    It also appears that server admins at most companies also man the phone banks in addition to their other duties.

    1. Or they are outsourced and need to call in to get physical access to stop the machine.  Or they see the intrusion and try to call out and can not get an outside line.

  2. So- they will tie up my company’s switchboard as a distraction to break into my servers? Seems silly to me, especially since it is two completely different systems and departments. Sure- I’ll get a call about it, but I would just offload it to the phone company to track down and block. I believe disrupting a communications system in this manner is also illegal in most places, possibly even in this joker’s country.

    1. I think you’re missing the point.  This service comes in when the attacker already has as much control as he figures he’s going to get over your company’s banking, and decides it’s time to pull the trigger.  If breaking into your servers was involved in getting that control, it happened last week or six months ago.
      Now it’s D-Day.  The attacker pays a few bucks to tie up the phone lines for a few days.  He pays a few bucks to someone else to knock the email system offline for the same period.  He pays a few grand to a money mule service to help him launder your company’s money out of the country.
      Then he starts draining the company’s bank accounts.  The bank starts sending email confirmations of the transactions, but they don’t get through.  At some point, a threshold of unusual transactions is reached and the bank starts phoning the company’s finance department, but they don’t get through.
      Two days later, the storm ends as suddenly as it began, the IT team collapses into an exhausted sleep, and that’s when the finance departmen starts to piece together what happened.
      And I very much doubt that anyone offering services to enable massive financial fraud is terribly concerned the legalities.

  3. “Cybercrime” and “service”.  Two unlikely bedfellows.  I hope one of them remembered the condom, or we are in for a lot more of the same.

      1. I had no idea the service was still in use. Remember the street cred gained by having a low user ID number? And it sure was useful those first couple of years playing Ultima Online…

  4. I suspect the real scam here is their escrow service provider, not the DoS service. The offer to pay only after you’re a happy customer is too seductive to be real — even from “fellow” criminals. You’re shafted even before you’ve tried their service and then SOL trying to report the loss — by your own criminal intent.

  5. I’m not entirely sure this would work too well. For starters, there’s ways to get around it, including but not limited to:

    • Calling the IT department directly, if everything’s not too overloaded
    • Calling the IT persons’ cell phones
    • Texting/IMing the IT dept
    • Sneakernet message system / public address system (sadly, this only works if everyone’s in the same building)

    1. This isn’t about the IT department.  They don’t care what the IT department does or knows.  It’s all about knocking the accountants offline for a day or so.

Comments are closed.