Public works contractor CH2MHILL/OMI was hit with a phone-scam attack in late April that tied up their phone system for two days, preventing it from making or receiving legitimate calls, OMI Director Gregg Higgins said.

“It shut us down,” he said, regarding the extortion phone scam, which he learned is called a telephony denial of service or distributed denial of service attack. “They try to intimidate you into giving up money.”
Higgins said the first call started on a Friday. Someone claiming to represent a collections agency asked to speak to one their employees, he said. The caller claimed the employee had taken out a cash advance of a certain amount, and they demanded payment of the debt.

He said the employee denied ever taking out a cash advance. When the man, whom Higgins said spoke with peculiar accent, called back Monday, he demanded payment from the employee or his employer. If the caller didn’t get it via credit card or Western Union money transfer, he said he would call every day, all day long, said Higgins.

Calling him “very arrogant,” the OMI director said the caller only laughed when they told him they were going to call the police or phone company. Higgins said the calls after that must have been computer-generated because the caller would call back immediately after they hung up the phone.

“There was no time for him to even dial the number again and yet it was ringing,” Higgins said. “What we ended up doing is stopping the rollover of calls from our main line. That stopped the calls.
“We called the Hinesville Police Department, and Officer Joseph Madison investigated the calls. We also called CenturyLink and the (Federal Bureau of Investigation).”

Although they’ve not heard from the FBI, Higgins said they learned the calls were routed through a phone number for a collection agency in Massachusetts, but that agency said they never made the calls. He said they’ve since gotten information from the Association of Public Safety Communications Officers that list procedures to follow if they ever receive another  telephony denial of service.

Similar information was forwarded to local government-service offices, banking institutions and large businesses by Thomas Wahl, director of Liberty County Public Safety Communications. While forwarding a PowerPoint presentation prepared by CenturyLink, Wahl told recipients of his email messages that OMI had been a “victim of a TDoS attack several weeks ago.” He emphasized that the attacks can — and now have — happened locally.

“There have been over 200 attacks in the U.S. since last fall,” said Wahl, who thinks the source of the attacks is international. “It’s a big enough problem that APCO, FBI and the National Emergency Numbers Association have published warnings about the attacks. I brought it to the attention of our advisory board at our last meeting.”

Wahl said the best advice he can give a government-service office, bank or large business is to follow the list of things suggested by the APCO and NENA.

He said the list of procedures includes:
• save the voice recording of suspects who may call before, during or after the telephony denial of service event
• record all phone numbers and account information. If the caller demands payments, record start and stop times of the events, the number of calls per hour per day, phone numbers, Internet Protocol addresses (if applicable) and instructions for how to pay, such as account numbers or call-back numbers
• retain all call logs and IP logs
• attempt to separate the affected phone number(s) from 911 and other critical trunks.
• file a complaint with the Internet Crime Complaint Center, www.IC3.gov, local law enforcement, the FBI, the Federal Communications Commission and the Federal Trade Commission.
Whether the attacks are launched as a prank, vendetta or extortion scam, Wahl said a telephony denial of service can cripple its target. For more information, call 368-3911.