DDoS Attacks on 9-1-1 Emergency Services

• Published in: IEEE transactions on dependable and secure computing Vol. 18; no. 6; pp. 2767 - 2786
• Main Authors: Mirsky, Yisroel, Guri, Mordechai
• Format: Journal Article
• Language: English
• Published: Washington IEEE 01.11.2021; IEEE Computer Society
• Subjects: Botnet; Call centers; Cell phones; Cellular communication; Cellular networks; Cellular telephones; Computer crime; Critical infrastructure; DDoS; Denial of service attacks; Denial-of-service attack; Emergencies; Emergency communications systems; Emergency services; Infrastructure; Malware; Mobile handsets; Security management; Terrorism; threat analysis; United States > US
• ISSN: 1545-5971; 1941-0018
• DOI: 10.1109/TDSC.2019.2963856

The 911 emergency service belongs to one of the 16 critical infrastructure sectors in the United States. Distributed denial of service (DDoS) attacks launched from a mobile phone botnet pose a significant threat to the availability of this vital service. In this article we show how attackers can launch several types of DDoS attacks from mobile phone botnets. In one of the attacks, which we demonstrate, the attacker has the botnet randomize all cellular identifiers while issuing emergency calls repeatedly. Since there exists legitimate unidentified emergency calls, and since the FCC requires such calls to be forwarded, the network and the emergency call centers cannot block these calls (technically and legally). To understand and verify the threat of DDoS attacks on 911, we explore the 911 infrastructure and implement different forms of the attack on a small cellular network. Finally, to quantify the threat, we simulate and analyze DDoS attacks on a model of current 911 infrastructure in the US. We found that with less than 6K bots (or 100K hardware), attackers can block emergency services in an entire state for days. We believe that this article will assist the respective organizations in preventing possible 911-DDoS attacks in the future.