Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hack Sets Off City Emergency Alarms in Dallas

The City of Dallas, Texas, emergency alarm system was compromised by a hacker or hackers late Friday night. All 156 outside sirens, usually used for severe weather warnings, were activated more than a dozen times between approximately 11:45 pm Friday and 1:20 am Saturday until engineers manually disabled the system.

The City of Dallas, Texas, emergency alarm system was compromised by a hacker or hackers late Friday night. All 156 outside sirens, usually used for severe weather warnings, were activated more than a dozen times between approximately 11:45 pm Friday and 1:20 am Saturday until engineers manually disabled the system.

The Dallas Outdoor Warning Sirens are designed to alert people outside to go indoors for shelter and information. The sirens are not meant to be heard indoors. Their primary function is to warn of imminent severe weather; but with no immediate sign of this, some people worried about reprisals for recent US military action in Syria. 

The 911 emergency service, already under pressure through staff shortage, received approximately double its usual number of calls; and waiting time at its worst increased from the usual 10 seconds to around six minutes.

No details of the hack have yet been released, although it is believed the attacker is from the Dallas area. “For security reasons,” said spokeswoman Sana Syed, “we cannot discuss the details of how this was done, but we do believe that the hack came from the Dallas area. We have notified the FCC for assistance in identifying the source of this hack. We are putting in safeguards to ensure this type of hack does not happen again.”

Attacks against emergency alert systems are rare, but not unknown. In 2013, hackers breached an emergency alert system (EAS), causing TV stations in Michigan, California, Montana and New Mexico to broadcast a zombie warning, “the bodies of the dead are rising from their graves and attacking the living.”

Dallas engineers are thought to have located the source of their own breach, and have ruled out both their control system and remote access. If the attacker breached the communications channels this could explain the belief that he or they are local to the area. 

At the time of writing, the police had not been notified.

Dallas Mayor Mike Rawlings commented on Facebook, “This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure. It’s a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind.”

Advertisement. Scroll to continue reading.

In November 2016, the City Council approved a $567,368 budget to maintain and repair the emergency sirens over the next six years. Michigan-based West Shore Services, a distributor of Federal Signal outdoor warning products, won the contract.

When approached over the weekend, West Shore’s director of operations, Luke Miller, had not been informed of the breach by the Dallas Office of Emergency Management. “I am trying to get information along with everyone else,” he said. “I don’t know anything.”

Martin Zinaich, chief security officer for the city of Tampa, Florida, told SecurityWeek, “We keep putting more and more ‘things’ (including critical infrastructure) on a public network that everyone in the world, both good and bad, have access to — yet we still do not have information security being considered as part of a complete business risk profile.”

Zinaich believes it is symptomatic of an ever-worsening cyber security condition that will require drastic action to solve. In a paper comparing cyber security to the long, slow descent and ultimate destruction of Eastern Air Lines Flight 401, he says, “In short, what we have put in place are insecure computing devices connected together using insecure protocols over a fabric connected to support some of our most critical dependencies and let anyone in the world — good or bad — have access to it.”

His own solution would be for American CISOs to come together in a professional association, similar to the AMA, so that together they could influence the quality of security much as the AMA has influenced and improved the quality of medicine.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...