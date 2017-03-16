But what really struck me was how much we expect instant information these days. Took over 30 minutes to figure out what was happening. No coverage on local news, no "reverse 911" alerts indicating a problem (or lack thereof). Google eventually surfaced a tweet by the Dallas Morning News indicating it was a false alarm and they were asking city hall for answers.
Not sure what the protocol is for alerting people not to mind the blaring alarms, but seems like something should have happened given that 311 and 911 were overwhelmed with inquiries.
but it only took about 2 minutes for me to find a tweet about what was happening
Why do it? Raising noise with false alarms, desensitizes the intended signal of an alarm, ruining signal-to-noise, as people slack off about responding to alerts. It also serves as a probe to see what an actual outcome would look like. There's no profit (no money), and no incentive to whip emergency responders up into a confused state, for most non-state actors.
Even SWATTING is usually more targeted, with the prank being played on a specific person. Sometimes SWATTING serves to distract the target from something under their control. That doesn't seem to be present here.
North Korea's hacks usually come across as sort of impish in a lot of ways. They seem to like the attention of getting into the news. Messing with something reminiscent of air raid warnings seems to fit the personality of their general profile, given their ballistic missile ambitions. Other state actors in the news lately, probably wouldn't be as interested in domestic civil defense systems in the U.S.
They (whomsoever is responsible) might be motivated to do something like this (if it were a North Korean team) given some of the sabre rattling going around this season. It rings of something that would score points with Dear Leader.
But then again, yeah, maybe this is just the typical sort of "because it's there" hack, and some script kiddie found his way into another cookie jar.
Or someone pushed the wrong button. Remember, this is the same city that threw T-Mobile under the bus a month ago saying their callers were 'ghost calling' their 911 system with a bug causing the lines to clog.
In that case, it turned out to be actual callers trying to get through and the calls weren't being answered because a quarter of the already understaffed call center called out. https://www.dallasnews.com/news/dallas-city-hall/2017/03/20/...
So yeah, I'm not betting on hackers for this one. I'm betting on incompetence.
They've even downvoted that comment :)
Maybe it was specific to our setup, but our station was assigned two other stations to listen to for EAS alert tones. If the box heard the tones it would flip a relay and broadcast the audio from the station it heard the tones on. If you drove by the station with and FM transmitter and replayed the EAS tones, you could transmit whatever you want. I imagine the stronger FM stations have a bit more security than we did, but it always striked me as a rather vulnerable system.
Example: https://www.youtube.com/watch?v=oOVwgKmzROw
The new sound is even worse (and seemingly longer), and I imagine it's signal (which sounds more like fax machine squelches than an alert noise) has been crafted to prevent incidents like you describe.
Example: https://www.youtube.com/watch?v=Llrkn2ASVNQ
Also, to prevent deliberate piracy, which was something of an urban legend, but with real, known examples, like the Chicago Max Headroom instance:
https://www.youtube.com/watch?v=tWdgAMYjYSs
It's interesting, because I had always thought the noises were intended to capture the interest of viewers, since it sounds like something of an alarm. It never occurred to me that it might be a system-level control signal. Which makes much more sense now, since the tests were called out as tests, and not drills to prompt viewer activity.
It's funny, because after decades and decades of listening to the test drills, on 9/11 I had expected to hear it cutting in, but it was largely absent and unused. The only time I've ever heard it for real, was during weather-related situations like hurricanes.
This is the SAME (Specific Area Message Encoding) header, designed to deliver more detail to receiving devices about where the event is, the type, and how severe it will be.
https://en.wikipedia.org/wiki/Specific_Area_Message_Encoding
This is how you can buy weather radios that only deliver emergency weather messages for your county or town as opposed to the entire listening area of the station.
The evil part of me wonders if a replay attack would work for that more complex signal or whether it contains something tied to the current date.
The problem with emergency measures is they have to work in circumstances when you can't rely on other stuff any more which means they have to be as simple as possible.
For those who don't know, the tones -- which are indeed received from well-known designated primary stations -- come with a textual representation of the bad news, which is printed out on a little receipt-size slip from a box called a EAS-911 (a few vendors make them). One of two things happen next: either the EAS-911 takes over air automatically and rebroadcasts the bad news as it is received, or it is recorded instead and a little button begins blinking to indicate that the device is waiting for you to give it permission to take over air and rebroadcast the bad news. Pretty much everyone with resources is set up the latter way, partially for the very reason mentioned.
The real ugly scenario with the automatic relay stations is when the primary forgets the "I'm done" tones, and then every station in the state plays WGN for an hour. That's happened before. Fines have been levied.
This is backed up by me skimming the relevant section of the binder when I was training on a station, saying out loud "I didn't know there was a Presidential Activation of EAS," and my boss at the time replying "there is?" rather surprised.
As others have noted, larger stations generally always have at least one person present who can verify alerts before rebroadcasting them.
EAS is not a perfect system, but it's not the worst in terms of infrastructure weaknesses.
New rules recently in effect, presidential alert messages (PAM) are to be rebroadcast by station equipment immediately with minimal delay and without requiring operator intervention.
But, realistically, I'm forced to change to "bad". What I know will happen is there will be a bunch of hand wringing, minor panic, etc. Followed by a request for money. Lots of money. Lots and lots of money.
That money will go to cronies at companies that specialize in government contracts. Most of the money will be pissed away, aka legally stolen. And we'll only be very slightly better off (if that) than before these hacks happened.
http://www.leparisien.fr/boulogne-billancourt-92100/une-alar...
Possibly another hack in CT yesterday as well.
https://www.washingtonpost.com/news/the-intersect/wp/2017/04...
How many people that actually needed help during this time could not get any? It seems Dallas 911 is already killing people when the system is overwhelmed on good days:
https://www.washingtonpost.com/news/morning-mix/wp/2017/03/1...
