The demand stunned the San Diego hospital employee. She had picked up the emergency room's phone line, expecting to hear a dispatcher or a doctor. But instead, an unfamiliar male greeted her by name and then threatened to paralyze the hospital's phone service if she didn't pay him hundreds of dollars.
Shortly after the worker hung up on the caller, the ER's six phone lines went dead. For nearly two days in March, ambulances and patients' families calling the hospital heard nothing but busy signals.
The hospital had become a victim of an extortionist who, probably using not much more than a laptop and cheap software, had single-handedly generated enough calls to tie up the lines.
Distributed denial-of-service attacks - taking a website down by forcing thousands of compromised personal computers tosimultaneously visit and overwhelm it - has been a favored choice of hackers since the advent of the Internet.
Now, scammers are inundating phone lines by taking advantage of vulnerabilities in the burgeoning VoIP, or Voice over Internet Protocol, system.
The frequency of such attacks is alarming security experts and law enforcement officials, who say that even though the tactic has mainly been the tool of scammers, it could be adopted by malicious hackers and terrorists to knock out crucial infrastructure.
"I haven't seen this escalated to national security level yet, but it could if an attack happens during a major disaster or someone expires due to an attack," said Frank Artes, chief technology architect at information security firm NSS Labs and a cybercrime adviser for federal agencies.
The U.S. Department of Homeland Security declined to talk about the attacks but said in a statement that the department was working with "private and public sector partners to develop effective mitigation and security responses."
In the traditional phone system, carriers such as AT&T grant phone numbers to customers, creating a layer of accountability that can be traced. On the Web, a phone number isn't always attached to someone. That's allowed scammers to place unlimited anonymous calls to any landline or VoIP number.
They create a personal virtual phone network, typically either through hardware that splits up a landline or software that generates online numbers instantly. Some even infect cellphones of unsuspecting consumers with viruses, turning them into robo-dialers without the owners knowing their devices have been hijacked.
In all cases, a scammer has access to multiple U.S. numbers and can tell a computer to use them to dial a specific business.
Authorities say the line-flooding extortion scheme started in 2010 as phone scammers sought to improve on an old trick in which they pretend to be debt collectors. But the emerging bull's-eye on hospitals and other public safety lines has intensified efforts to track down the callers.
Since mid-February, the Internet Crime Complaint Center, a task force that includes the FBI, has received more than 100 reports about telephone denial-of-service attacks. Victims have paid $500 to $5,000 to bring an end to the attacks, often agreeing to transfer funds from their banks to the attackers' prepaid debit card accounts.
The hospital attack, confirmed by two independent sources, was eventually stopped using a computer firewall filter. No one died, the sources said, but frustration levels at the hospital were dangerously high.
Typical firewalls, which are designed to block calls from specific telephone numbers, are less effective against Internet calls because hackers can delete numbers and create new ones constantly. Phone traffic carried over the Internet surged 25 percent last year and now accounts for more than a third of all international voice traffic, according to market research firm TeleGeography.
To thwart phone-based attacks, federal officials recently began working with telecommunications companies to develop a caller identification system for the Web. Their efforts could quell denial-of-service attacks and other thriving frauds, including the spoofing and swatting calls that have targeted many people, from senior citizens to celebrities.
Unclassified law enforcement documents posted online have vaguely identified some victims: a nursing home in Marquette, Wis., last November, a public safety agency and a manufacturer in Massachusetts in early 2013, a Louisiana emergency operations center in March, a Massachusetts medical center in April.
Wall Street firms, schools, media giants, insurance companies and customer service call centers have also temporarily lost phone service because of the attacks, according to telecommunications industry officials.
The Marquette incident is noteworthy because when the business owner involved the Marquette County Sheriff's Department, the scammer bombarded one of the county's two 911 lines for more than three hours.