Hackers set off Dallas emergency sirens more than a dozen times in a few hours

City responded by temporarily suspending system.

Hackers set off Dallas emergency sirens more than a dozen times in a few hours
The city of Dallas, Texas believes computer hackers are responsible for setting off its emergency sirens more than a dozen times in just a few hours.

Dallas authorities say the city's 156 sirens began blaring shortly before midnight on 7 April. Fire-Rescue crews tried to fix the problem, but after the sirens sounded more than a dozen times, they had no choice but to disable the emergency system at around 1:20 a.m.

The Office of Emergency Management (OEM) sent out a public statement via Twitter explaining the siren system had experienced an issue and urging people to not call 911.

But many people didn't listen.

Before 3:00 a.m. on 8 April, the city's emergency services received 4,400 calls - twice the number residents normally place between 11:30 p.m. and 7:00 a.m.

Those calls swamped an already compromised 911 system, driving up the average wait time from 10 seconds to six minutes.

City spokeswoman Sana Syed is sympathetic with people having been concerned. As she told Dallas News:

"We understand that people were concerned. We had people asking if we were being attacked because of what's going on overseas."

It took Dallas authorities several hours to fix the issue. At around 9:00 p.m. on 8 April, authorities reactivated the system.

The city of Dallas is convinced someone outside its system compromised the sirens. They know how they did it, and they're working to prevent it from happening again. As of this writing, authorities don't know was behind the issue. But given the vulnerability of emergency systems to hackers, Mayor Mike Rawlings told Dallas News he's determined to find out:

"This is yet another serious example of the need for us to upgrade and better safeguard our city's technology infrastructure. It's a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens."

Attribution could prove to be a challenge. But you never know. The responsible party could have slipped up and made some damning mistakes that will lead law enforcement straight to their doorstep. Let's hope that's the case.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

2 Responses

  1. Patrick

    April 10, 2017 at 4:03 pm #

    I think I'd be careful in how I describe this event. Arguably a "hack", although likely not a cyber attack, per se. I might be picking nits here, but when I saw that the FCC was the agency investigating this, I came to the conclusion that the actor is most likely someone who spoofed the activation codes and transmitted into the radio system that activates the sirens. Keep in mind that warning sirens are generally tested once a month. It is relatively trivial to determine what frequency is being used to transmit the codes. Anyone with a decent scanner could probably pick those up and someone with some amateur radio knowledge likely has the equipment to record and decode the signal (assuming that it was not encrypted). Playing back the signal requires knowledge of the radio system and a transmitter at the right frequency. I'm not suggesting that a ham radio operator, per se, is responsible, but the equipment and knowledge is generally available. Since Dallas indicates that they have "fixed" the issue, I suspect that the signal wasn't encrypted or secured previously — and it is now.

    It's not uncommon for someone to buy a radio on eBay and set about sending rogue transmissions into public safety radio systems. Thus it wouldn't be a far stretch for someone to obtain the appropriate equipment to do this in the same manner.

    From publicly available documents, it appears that the warning siren system is relatively new, so this wasn't a trivial hack of an ancient system. Someone needed to understand the technology and have the means to transmit the signal. http://www3.dallascityhall.com/committee_briefings/briefings0809/PS_Outdoor_Warning_Siren_081709.pdf

    • Brent in reply to Patrick.

      April 11, 2017 at 4:09 pm #

      Nailed it. They've stated that the person who did this had to be in proximity to the system and probably had knowledge of the city's gear required to pull this off. The system communication was unencrypted and now is.

      https://www.dallasnews.com/news/news/2017/04/10/hacker-broadcast-signal-triggered-dallas-emergency-sirens-friday-night

      Also, this is not the first time this sort of thing has happened. Happened in Illinois in 2012.

Leave a Reply