We are all used to hearing stories about cybercriminals hacking PCs — and more recently smartphones — but in a world where everything from nuclear power plants to kettles are connected to the internet, we are beginning to see hackers expand their horizons. A perfect example of this is the Dallas siren hack.
At 11:40 p.m. on Friday, April 7, residents of Dallas heard the city’s emergency siren sound. Over the course of the next hour and a half, disruptive alarms would sound 14 more times, with each blast lasting 90 seconds. The sirens are meant to alert the public to severe weather or other emergencies, but as Sana Syed, director of the public information office for the city of Dallas, told the New York Times, many people interpreted the alarms as a warning sign of a “bomb or something, a missile.” The alarms caused over 4,400 calls to the 911 emergency line to be logged during those hours — double the typical call volume.
While initially dismissed as a fault with the system, authorities finally admitted they had been hacked, and attacked consistently by a hacker clearly looking to cause chaos. While attacks on critical infrastructure like this are still relatively rare, incidents are on the rise. Federal data shows that 300 incidents were reported in 2013, a 50 percent rise from the previous year.
The problem lies with outdated software powering critical components of the government’s infrastructure, notes Alex Heid, chief research officer at SecurityScorecard. In this case “obviously something was connected to the internet that shouldn’t have been,” he says.
While the authorities have yet to reveal exactly how the Dallas siren hack was carried out, Heid has conducted his own research into the attack. He found that the emergency system in Dallas is controlled by a third-party legacy software, and the same software powers similar systems in a number of other areas including Tampa, New Mexico, Hawaii and L.A. County — meaning similar attacks could easily happen in these places.
“All of them are running old legacy software and the focus for a lot of these organizations is just to get the stuff to work. They are leaving things open that shouldn’t be, and this is definitely the beginnings of things to come,” Heid said.
Security experts have already seen hackers target infrastructure including electric road signs, emergency text alert systems and suburban dams, but with electrical grids, gas pipelines and soon the U.S. military’s nuclear missiles all connected to the internet, the need to put more robust security measures in place is obvious. “There really is no other choice, because at that level, it goes right or, that’s it, there is no earth,” Heid warns.
As technology becomes a more prevalent part of everyday life, citizens are increasingly pushing for more government transparency.