
Hackers set off Dallas’ 156 emergency sirens over a dozen times - shawndumas
https://arstechnica.com/security/2017/04/hackers-set-off-dallas-156-emergency-sirens-over-a-dozen-times/
======
ivyirwin
I was in Dallas when this happened. I can attest to the eeriness of sirens
going off all over town with no idea what they mean. In Texas we're accustomed
to tornado sirens, but when the skies are clear and they are going off, makes
you wonder what might be happening - especially when it lasts for over an
hour.

But what really struck me was how much we expect instant information these
days. Took over 30 minutes to figure out what was happening. No coverage on
local news, no "reverse 911" alerts indicating a problem (or lack thereof).
Google eventually surfaced a tweet by the Dallas Morning News indicating it
was a false alarm and they were asking city hall for answers.

Not sure what the protocol is for alerting people not to mind the blaring
alarms, but seems like something should have happened given that 311 and 911
were overwhelmed with inquiries.

~~~
cyanotic
Part of me suspects that there might be something in this related to current
events. If I were to spitball ideas about motives and modus operandi, it feels
like the kind of thing a state actor would tamper with, and in terms of style
I'd gravitate toward looking in North Korea's direction, since it feels like
their style.

Why do it? Raising noise with false alarms, desensitizes the intended signal
of an alarm, ruining signal-to-noise, as people slack off about responding to
alerts. It also serves as a probe to see what an actual outcome would look
like. There's no profit (no money), and no incentive to whip emergency
responders up into a confused state, for most non-state actors.

Even SWATTING is usually more targeted, with the prank being played on a
specific person. Sometimes SWATTING serves to distract the target from
something under their control. That doesn't seem to be present here.

North Korea's hacks usually come across as sort of impish in a lot of ways.
They seem to like the attention of getting into the news. Messing with
something reminiscent of air raid warnings seems to fit the personality of
their general profile, given their ballistic missile ambitions. Other state
actors in the news lately, probably wouldn't be as interested in domestic
civil defense systems in the U.S.

They (whomsoever is responsible) might be motivated to do something like this
(if it were a North Korean team) given some of the sabre rattling going around
this season. It rings of something that would score points with Dear Leader.

But then again, yeah, maybe this is just the typical sort of "because it's
there" hack, and some script kiddie found his way into another cookie jar.

~~~
Retr0spectrum
I can almost guarantee this was just a kid messing around. There's no real
motive for anyone else.

~~~
foota
The nation state actor who cried "BWOOOOOOOOOO"? That is, if you turn on the
sirens often enough, maybe they'll be ignored in an emergency.

~~~
lightbyte
That might be more plausible when it starts happening repeatedly. It's hard to
compare it to the boy who cried wolf when we only have a single occurrence.

------
yellowbkpk
When I helped run a college radio station as a student, one if the things I
had to check on was the Emergency Alert System (EAS). It's the system that
cuts into your broadcast and allows emergency personnel to transmit
information over TV and radio.

Maybe it was specific to our setup, but our station was assigned two other
stations to listen to for EAS alert tones. If the box heard the tones it would
flip a relay and broadcast the audio from the station it heard the tones on.
If you drove by the station with and FM transmitter and replayed the EAS
tones, you could transmit whatever you want. I imagine the stronger FM
stations have a bit more security than we did, but it always striked me as a
rather vulnerable system.

~~~
pavement
Growing up, the audio tone for that signal was etched into my brain over the
course of numerous Saturday mornings, when I woke up early enough to hear the
tests. This was before cable was normal. Sometimes it felt like the dial-tone-
like noise drilled into your ears for a solid 90 seconds.

Example:
[https://www.youtube.com/watch?v=oOVwgKmzROw](https://www.youtube.com/watch?v=oOVwgKmzROw)

The new sound is even worse (and seemingly longer), and I imagine it's signal
(which sounds more like fax machine squelches than an alert noise) has been
crafted to prevent incidents like you describe.

Example:
[https://www.youtube.com/watch?v=Llrkn2ASVNQ](https://www.youtube.com/watch?v=Llrkn2ASVNQ)

Also, to prevent deliberate piracy, which was something of an urban legend,
but with real, known examples, like the Chicago Max Headroom instance:

[https://www.youtube.com/watch?v=tWdgAMYjYSs](https://www.youtube.com/watch?v=tWdgAMYjYSs)

It's interesting, because I had always thought the noises were intended to
capture the interest of viewers, since it sounds like something of an alarm.
It never occurred to me that it might be a system-level control signal. Which
makes much more sense now, since the tests were called out as tests, and not
drills to prompt viewer activity.

It's funny, because after decades and decades of listening to the test drills,
on 9/11 I had expected to hear it cutting in, but it was largely absent and
unused. The only time I've ever heard it for real, was during weather-related
situations like hurricanes.

~~~
joezydeco
_The new sound is even worse (and seemingly longer), and I imagine it 's
signal (which sounds more like fax machine squelches than an alert noise)_

This is the SAME (Specific Area Message Encoding) header, designed to deliver
more detail to receiving devices about where the event is, the type, and how
severe it will be.

[https://en.wikipedia.org/wiki/Specific_Area_Message_Encoding](https://en.wikipedia.org/wiki/Specific_Area_Message_Encoding)

This is how you can buy weather radios that only deliver emergency weather
messages for your county or town as opposed to the entire listening area of
the station.

------
PhantomGremlin
My first inclination is to say "good". My thought is that maybe incidents like
this will get governments (actually everyone) to take security more seriously.

But, realistically, I'm forced to change to "bad". What I know will happen is
there will be a bunch of hand wringing, minor panic, etc. Followed by a
request for money. Lots of money. Lots and lots of money.

That money will go to cronies at companies that specialize in government
contracts. Most of the money will be pissed away, aka legally stolen. And
we'll only be very slightly better off (if that) than before these hacks
happened.

~~~
adolph
There may be some things that require relatively low security within a high
trust environment. For example, fire extinguishers behind glass in a building.

------
henryw
Could this done in order to cover the tracks of some illegal activity like a
bank robbery? Seems like something out of Ocean's 11.

------
patrickmn
Video with sound:
[https://twitter.com/deadlyblonde/status/850576467234869248](https://twitter.com/deadlyblonde/status/850576467234869248)

------
EvanAnderson
I've heard that the tornado siren system in my locality is protected by a
short DTMF code transmitted over a licensed radio frequency.

~~~
j0217995
A quick google confirms this. I live in Michigan and there is a discussion
here:[https://forums.radioreference.com/michigan-radio-
discussion-...](https://forums.radioreference.com/michigan-radio-discussion-
forum/839-tornado-sirens.html) about the frequencies used for the tornado
systems. Not quite sure if they have changed since the post and discussion was
made in 2004?

------
retox
People were reporting that this happened in Paris yesterday as well, but I
can't find any news stories...

\-- edit to add link [http://www.leparisien.fr/boulogne-billancourt-92100/une-
alar...](http://www.leparisien.fr/boulogne-billancourt-92100/une-alarme-
assourdissante-perturbe-boulogne-billancourt-08-04-2017-6836055.php)

------
leesalminen
> [http://www.wfsb.com/story/35104169/no-cause-for-alarm-
> false-...](http://www.wfsb.com/story/35104169/no-cause-for-alarm-false-
> alarm-issued-by-national-weather-service)

Possibly another hack in CT yesterday as well.

------
Jpoechill
Also here: [https://thenextweb.com/us/2017/04/10/hackers-cause-panic-
in-...](https://thenextweb.com/us/2017/04/10/hackers-cause-panic-in-dallas-by-
triggering-156-emergency-sirens/)

------
aaron695
Physical 'hack' which I suspect might change to just change to not a hack but
a prank.

[https://www.washingtonpost.com/news/the-
intersect/wp/2017/04...](https://www.washingtonpost.com/news/the-
intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-
loud/)

------
csours
> At its peak, the call volume and a short-staffed call center pushed wait
> times as high as six minutes—the city's goal is to answer most 911 calls
> within 10 seconds.

This is why we can't have nice hacks.

~~~
ZanyProgrammer
911 systems (alas) get overwhelmed all the time in large cities (for various
reasons).

~~~
imglorp
This was intentional, and it was harmful.

How many people that actually needed help during this time could not get any?
It seems Dallas 911 is already killing people when the system is overwhelmed
on good days:

[https://www.washingtonpost.com/news/morning-
mix/wp/2017/03/1...](https://www.washingtonpost.com/news/morning-
mix/wp/2017/03/16/t-mobile-ghost-calls-clog-dallas-911-families-blame-backlog-
for-deaths/)

