Hackers have taken down dozens of 911 centers. Why is it so hard to stop them?
Hackers have taken down dozens of 911 centers. Why is it
so hard to stop them?
America’s emergency-response networks remain dangerously
vulnerable to criminals bent on crippling the country’s critical
infrastructure.
by Jon Schuppe / Apr.03.2018 / 3:36 AM ET
When news broke last week of a hacking attack on
Baltimore’s 911 system, Chad Howard felt a rush of nightmarish memories.
Howard, the information technology manager for Henry
County, Tennessee, faced a similar intrusion in June 2016, in one of the
country’s first so-called ransomware attacks on a 911 call center. The hackers
shut down the center’s computerized dispatch system and demanded more than
$2,000 in bitcoin to turn it back on. Refusing payment, Howard’s staff tracked
emergency calls with pencil and paper for three days as the system was rebuilt.
“It basically brought us to our knees,” Howard recalled.
Nearly two years later, the March 25 ransomware attack on
Baltimore served as another reminder that America’s emergency-response networks
remain dangerously vulnerable to criminals bent on crippling the country’s
critical infrastructure ─ either for money, or something more nefarious.
There have been 184 cyberattacks on public safety
agencies and local governments in the past 24 months, according to a
compilation of publicly reported incidents by the cybersecurity firm SecuLore
Solutions. That includes Atlanta, which fell victim to a ransomware attack a
couple days before the one on Baltimore, scrambling the operations of many
agencies, but not the 911 system.
911 centers have been directly or indirectly attacked in
42 of the 184 cases on SecuLore’s list, the company says. Two dozen involved ransomware
attacks, in which hackers use a virus to remotely seize control of a computer
system and hold it hostage for payment.
Most of the other attacks involve “denial of service,” in
which centers are immobilized by a flood of automated bogus calls. One of the
first occurred in October 2016, when Meetkumar Desai, then 18, of Arizona,
distributed a computer bug on Twitter that overwhelmed 911 centers in 12
states. The motivations for such attacks are often less about the money than
doing damage — sometimes as a form of protest, as when the “hacktivist” group
Anonymous took down Baltimore’s city website after the death of Freddie Gray
while in police custody, experts say. Desai reportedly told authorities he
meant his attack more as a prank.
“911 is the perfect [target] because it can’t afford to
be down,” said Tim Lorello, SecuLore’s president and CEO.
This is how 911 works: When someone dials for help ─
typically from a mobile phone ─ the call gets routed from a cell tower to a 911
center, where a “telecommunicator” answers the phone and gathers basic
information. The telecommunicator enters that information into a computer-aided
dispatch system, where a dispatcher picks it up and coordinates a response from
firefighters, police officers or ambulances.
This 911 system relies on redundancy, meaning that call
centers that are taken out of service by a hacking attack can work around the
disruption by shutting down the computer-aided dispatch system and sharing
information person-to-person, or by sending calls to a nearby center. But
depending on the type of attack and a 911 center’s resources, those disruptions
can make it more difficult for people to reach someone in case of an emergency.
A July 2017 investigation by Scripps News on the vulnerabilities of 911 systems
noted the case of a 6-month-old Dallas boy who died after his babysitter’s 911
calls were delayed during an apparent denial-of-service attack.
J.J. Guy, chief technology officer at the cybersecurity
firm Jask, said that the spread of ransomware attacks on public safety agencies
and other key government operations shows the potential for cyberterrorists to
target the country’s critical infrastructure.
Last month, the Department of Homeland Security outlined
in a report how Russian hackers have gained access to American power plants.
The hackers did not cause service interruptions, but the fact that they could
gain access at all is troubling to security experts.
“To date, if you don’t have credit cards or lots of
personal information, attackers had little motivation and thus you were mostly
safe,” Guy said in an email. “This will change those dynamics. Manufacturing,
logistics, etc — any field with an operations mindset that loses money when
‘the line is down’ will be targeted.”
The attack on Baltimore was discovered March 25, after a
morning breach of its computer-aided dispatch system, officials said. The
city’s cybersecurity unit took the system down, forcing support staff to pass
911 calls to dispatchers using paper rather than electronically. Call-center
operations returned to normal early the next day, officials said. Investigators
later determined that the intrusion was an attempted ransomware attack, but “no
ransom was demanded or paid,” a city spokesman James Bentley said. He declined
to explain further, saying that “could compromise the investigation.”
Most ransomware cases end similarly, with governments
refusing to pay hackers, choosing instead to switch to a more primitive version
of 911 services while they rebuild their systems. Governments have caved at times,
however, although officials decline to say much about those incidents, out of
concern that it will encourage more attacks.
Another problem with the current 911 system is that it
doesn’t accommodate the ways people communicate in the modern world ─ through
texts, photos, videos, etc. That is why the 911 industry is pushing
telecommunication companies and state and local governments to adopt what it
calls Next Generation 911, which allows callers to send data through approved
telecommunications carriers and internet service providers (while still taking
calls from landlines).
Adoption of Next Generation 911 has been slow and costly,
said Brian Fontes, CEO of the National Emergency Number Association, or NENA. A
tiny fraction of America is on Next Generation 911; the short list includes
Maine and Vermont, with Indiana, Washington state’s King County and part of
Texas getting close, Fontes said.
The Next Generation 911 systems will have advanced
security baked into their foundations, including the ability to instantly
identify suspicious activity, immediately shut down in response to intrusions,
and simultaneously move incoming calls to other centers in a way that is
undetectable to someone dialing for help, officials say.
But the increased connectivity also opens the modern
systems to new potential modes of attack, experts say. No matter how
sophisticated a defense, all it takes is one overlooked vulnerability to let
hackers in, experts say.
That makes it essential to develop sophisticated defense
systems run by in-house cybersecurity teams, they say.
In Baltimore’s case, the ransomware attack was discovered
and repelled by Baltimore City Information Technology, which maintains defenses
across the local government. It determined that the hackers had found access
after a technician troubleshooting the computer-aided dispatch system made a
change to a firewall and mistakenly left an opening, the city’s chief
information officer, Frank Johnson, said in a statement. The FBI is now helping
the city investigate.
Howard, in Tennessee, knows how his attacker obtained
access to the 911 center — by finding a weak password left by a deceased former
system administrator. The FBI told him it looked as if the attack came from
Russia. But he still isn’t sure.
Howard cleaned and rebuilt his system, but struggles to
maintain patches for his outdated CAD system. “It’s been a nightmare,” he said.
No one has been caught or prosecuted in the Tennessee or
Baltimore attack.
Comments
Post a Comment