Skip to content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Botnets, DDoS, and TDoS

What is a Botnet?

A botnet is a network of hijacked computer devices used to carry out cyberattacks such a Distributed Denial of Service (DDoS) and Telephony Denial of Service (TDoS) attacks or other nefarious activities.

What is a DDoS attack?

A DDoS attack overwhelms servers with a high level of internet traffic originating from many different sources, making it impossible to mitigate at a single source.

The availability of DDoS-for-hire services provides opportunities for any motivated malicious cyber actor to conduct disruptive attacks regardless of experience level.

Tips to prepare for a DDoS attack

  • Consider enrolling in a denial-of-service mitigation service that detects abnormal traffic flows and redirects traffic away from your network.
  • Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic attacking your network during an event.
  • Maintain continuity plans, which is the practice of executing essential functions through emergencies (e.g., cyberattacks) to minimize service interruptions. Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations. Evaluating continuity and capability will help identify potential operational gaps. Through identifying and addressing these gaps, organizations can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies.
  • Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
  • Review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors.

What to do in case of a DDoS attack

  1. Contain the Problem

    Quarantine or take offline potentially affected hosts.

  2. Reimage Compromised Hosts

    Unless you are instructed to forensically preserve compromised systems, they should be reimaged as soon as possible to prevent attackers from using them as part of their botnet.

  3. Reset or Revoke Compromised Credentials

    Reset all credentials that may have been exposed during the intrusion, including user and service accounts, compromised certificates, or other "secret" credentials.

  4. File a Complaint

    File a detailed complaint with www.ic3.gov. The complaint should contain all required data in provided fields. Be sure to use the word "DDoS" in the incident description.

  5. Stay Informed

    Visit www.ic3.gov for updated Industry Alerts regarding DDoS related attacks.

What is a TDoS attack?

A TDoS attack, is an attempt to make a telephone system unavailable to a user by preventing incoming and/or outgoing calls. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service.

TDoS attacks have evolved from manual to automated. Manual TDoS attacks use social networks to encourage individuals to flood a particular number with a calling campaign. An automated TDoS attack uses software applications to make tens or hundreds of calls, simultaneously or in rapid succession, to include Voice Over Internet Protocol (VOIP) and Session Initiation Protocol (SIP). Numbers and call attributes can be easily spoofed, making it difficult to differentiate legitimate calls from malicious ones. TDoS services and tools are widely available to actors with all levels of experience. The proliferation and low cost of VOIP software allows cyber actors to conduct the attacks with minimal preparation and Equipment.

Tips to prepare for a TDoS attack

  • Prepare in advance by creating a written Incident Response Plan for TDoS and other cyber-attacks.
  • Establish continuity of operations agreements with other PSAPs to provide redundancy and backup capabilities.
  • Consult with your telephone systems engineer on ways to protect your system from a TDoS attack.
  • Conduct cybersecurity assessments, identify capability gaps and vulnerabilities, and determine appropriate cybersecurity standards.
  • Consider deployment of a TDoS mitigation solution, which can detect and mitigate call overload on telephone lines.
  • Contact your telephone service provider to discuss your communication system and how best to respond to a TDoS attack, including identifying technical solutions and recovery activities.

What to do in case of a TDoS attack

  1. Preserve Any Recordings

    Save voice recordings of suspects who may call before, during, or after the TDoS attack.

  2. Make a Record of the Attack

    Record all telephone numbers and account information, and details of any demands (e.g. start and stop time of the events, number of calls per hour or per day, details of any payment demands, such as account numbers, call back numbers, etc.)

  3. Retain All Logs

    Retain all call logs and IP logs (if applicable).

  4. Isolate the Attack

    Separate the affected telephone number from critical trunks.

  5. File a Complaint

    File a detailed complaint with www.ic3.gov. The complaint should contain all required data in provided fields. Be sure to use the key words "TDoS" and "PSAP" in the incident description.

  6. Stay Informed

    Visit www.ic3.gov for updated Industry Alerts regarding TDoS related attacks.

Terms and Conditions

Prior to filing a complaint with the IC3, please read the following information regarding terms and conditions.

Should you have additional questions prior to filing your complaint, view FAQ for more information on inquiries such as:

  • What details will I be asked to include in my complaint?
  • What happens after I file a complaint?
  • How are complaints resolved?
  • Should I retain evidence related to my complaint?

Complaints filed via this website are analyzed and may be referred to federal, state, local or international law enforcement and partner agencies for possible investigation.

The complaint information you submit to this site is encrypted via secure socket layer (SSL) encryption. Please see the Privacy Policy for further information.

We thank you for your cooperation.

By clicking "I Accept" you acknowledge the following:

I understand any contact or investigation regarding any complaint I file on this website is initiated at the discretion of the agency receiving the complaint information. I will not be contacted by the IC3.

The information I'm providing on this form is correct to the best of my knowledge. I understand that providing false information could make me subject to fine, imprisonment, or both. (TITLE 18, U.S. CODE, SECTION 1001)