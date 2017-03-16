Hacker News new | comments | show | ask | jobs | submit login
Hackers set off Dallas’ 156 emergency sirens over a dozen times (arstechnica.com)
I was in Dallas when this happened. I can attest to the eeriness of sirens going off all over town with no idea what they mean. In Texas we're accustomed to tornado sirens, but when the skies are clear and they are going off, makes you wonder what might be happening - especially when it lasts for over an hour.

But what really struck me was how much we expect instant information these days. Took over 30 minutes to figure out what was happening. No coverage on local news, no "reverse 911" alerts indicating a problem (or lack thereof). Google eventually surfaced a tweet by the Dallas Morning News indicating it was a false alarm and they were asking city hall for answers.

Not sure what the protocol is for alerting people not to mind the blaring alarms, but seems like something should have happened given that 311 and 911 were overwhelmed with inquiries.

Tbh it might be best to not have protocols for ignoring sirens.

I think it's less "ignoring sirens" and more "communicating about emergency alerts". Even if the siren legitimately went off during clear skies, people would be confused and you'd want a way to communicate why the sirens are going off. In most places around the US, they use the Emergency Alert System for that, pushing the message to TVs, radios, and cell phones. Already the EAS is set up with a protocol to let you know it's safe to ignore this alert, they test the alerts and say "this is only a test". And they already set off sirens that they expect you to ignore, in my area it's every Friday at noon.

I had the same thought. IF hackers can get into the sirens themselves, what would stop someone from telling people to ignore sirens in an actual emergency.

It was pretty eerie walking outside past midnight to clear skies and sirens all around

but it only took about 2 minutes for me to find a tweet about what was happening

Part of me suspects that there might be something in this related to current events. If I were to spitball ideas about motives and modus operandi, it feels like the kind of thing a state actor would tamper with, and in terms of style I'd gravitate toward looking in North Korea's direction, since it feels like their style.

Why do it? Raising noise with false alarms, desensitizes the intended signal of an alarm, ruining signal-to-noise, as people slack off about responding to alerts. It also serves as a probe to see what an actual outcome would look like. There's no profit (no money), and no incentive to whip emergency responders up into a confused state, for most non-state actors.

Even SWATTING is usually more targeted, with the prank being played on a specific person. Sometimes SWATTING serves to distract the target from something under their control. That doesn't seem to be present here.

North Korea's hacks usually come across as sort of impish in a lot of ways. They seem to like the attention of getting into the news. Messing with something reminiscent of air raid warnings seems to fit the personality of their general profile, given their ballistic missile ambitions. Other state actors in the news lately, probably wouldn't be as interested in domestic civil defense systems in the U.S.

They (whomsoever is responsible) might be motivated to do something like this (if it were a North Korean team) given some of the sabre rattling going around this season. It rings of something that would score points with Dear Leader.

But then again, yeah, maybe this is just the typical sort of "because it's there" hack, and some script kiddie found his way into another cookie jar.

I was going to joke that I'm surprised this wasn't posed as "Russian hackers set of sirens" considering that the US currently tries to pin everything on them but it seems you beat me to it -- and with Poe's law in full effect, too.

I don't know, I think Americans are right to be concerned about and sensitive to Russian cyberattacks:

https://www.dni.gov/files/documents/ICA_2017_01.pdf

I can almost guarantee this was just a kid messing around. There's no real motive for anyone else.

>I can almost guarantee this was just a kid messing around.

Or someone pushed the wrong button. Remember, this is the same city that threw T-Mobile under the bus a month ago saying their callers were 'ghost calling' their 911 system with a bug causing the lines to clog.

In that case, it turned out to be actual callers trying to get through and the calls weren't being answered because a quarter of the already understaffed call center called out. https://www.dallasnews.com/news/dallas-city-hall/2017/03/20/...

So yeah, I'm not betting on hackers for this one. I'm betting on incompetence.

While I agree this is the most obvious suspect, the crippling effect it had on emergency services like 911 probably got the attention of more nefarious players.

I'm not saying that I agree that it was a foreign power that did this, but there are motives. If you can turn the sirens on and keep them on for a while, you can probably turn them off and keep them off for a while. That could be bad in a situation where they really, really needed to be turned on.

The nation state actor who cried "BWOOOOOOOOOO"? That is, if you turn on the sirens often enough, maybe they'll be ignored in an emergency.

That might be more plausible when it starts happening repeatedly. It's hard to compare it to the boy who cried wolf when we only have a single occurrence.

The above comment is a ghostly gray right now. Why? cyanotic is merely stating a conjecture out loud. There's nothing rude in the comment, it's not attacking your favorite company/paradigm/X and he even concedes to the "default"/"correct" opinion at the end.

Why downvote that? Are we Reddit now?

No, hence the downvotes. His comments belong among the conspiracy theorists over at reddit, always ready with a few tea-leaves to read.

So we're punishing thinking?

> conspiracy theorists ... always ready with a few tea-leaves to read.

That's how you see it. I didn't see that comment as a "conspiracy theory." It wasn't a rambling rant. I'd say you're always ready to see everyone as a conspiracy theorist if they don't parrot the default explanation.

In any case, remember that people voicing concerns about widespread government snooping were shut down and derided as "conspiracy theorists" barely 10 years ago.

Honestly, more than 50% of the downvoted comments I see on HN do not deserve to be downvoted. Less than half of them are rule-breaking, rude, useless, etc.

Frankly, downvoting here has become just as bad as on Reddit: it happens because people don't like the comment for any reason, including, e.g. that what they had for lunch is giving them indigestion at the moment they lay eyes on it (but mostly it's because they simply disagree, which is shameful).

This particular comment is full of speculation, but it's not unreasonable speculation, and the linked article gives no details to contradict it. I wish we could have an interesting discussion about what might be, rather than mindlessly censor it by downvoting so that we can only have approved conversations.

This just reinforces my conclusion that the only kind of voting should be upvoting. If a comment breaks a rule, flag it, otherwise leave it alone, and concentrate on upvoting good comments. This shaming-by-graying is becoming very tiresome. It's ridiculous that it only takes a few random downvoters to turn a comment gray, because it's not an indication of what the community as a whole thinks, only those who happened to downvote it (after which the likelihood of it being upvoted by people who do like it diminishes, because it being downvoted decreases the likelihood of anyone seeing it).

TLDR: Voting on HN is badly broken. It only takes a few selfish, childish people to kill comments and prevent the community from even having a chance to correct the downvotes.

You can see [dead] comments if you enable the show-dead flag in your profile. Also, you can vouch a [dead] comment to revive it. (You need to have a minimal amount of karma for this.)

And if you see something egregious, you can send an email to the mods hn@ycombinator.com

I've had show-dead on for a long time, and I use custom CSS [1] which even makes dead posts stand out more.

The downvote abuse here is ubiquitous. The mods don't care, I supposed because 'pg decreed long ago that downvoting for disagreement is acceptable. The finger-wagging of the invisible hand is working as intended.

That doesn't make it right.

1: https://github.com/alphapapa/solarized-everything-css/blob/m...

@alphapapa: 'Honestly, more than 50% of the downvoted comments I see on HN do not deserve to be downvoted'..

reply


As expected.

When I helped run a college radio station as a student, one if the things I had to check on was the Emergency Alert System (EAS). It's the system that cuts into your broadcast and allows emergency personnel to transmit information over TV and radio.

Maybe it was specific to our setup, but our station was assigned two other stations to listen to for EAS alert tones. If the box heard the tones it would flip a relay and broadcast the audio from the station it heard the tones on. If you drove by the station with and FM transmitter and replayed the EAS tones, you could transmit whatever you want. I imagine the stronger FM stations have a bit more security than we did, but it always striked me as a rather vulnerable system.

Growing up, the audio tone for that signal was etched into my brain over the course of numerous Saturday mornings, when I woke up early enough to hear the tests. This was before cable was normal. Sometimes it felt like the dial-tone-like noise drilled into your ears for a solid 90 seconds.

Example: https://www.youtube.com/watch?v=oOVwgKmzROw

The new sound is even worse (and seemingly longer), and I imagine it's signal (which sounds more like fax machine squelches than an alert noise) has been crafted to prevent incidents like you describe.

Example: https://www.youtube.com/watch?v=Llrkn2ASVNQ

Also, to prevent deliberate piracy, which was something of an urban legend, but with real, known examples, like the Chicago Max Headroom instance:

https://www.youtube.com/watch?v=tWdgAMYjYSs

It's interesting, because I had always thought the noises were intended to capture the interest of viewers, since it sounds like something of an alarm. It never occurred to me that it might be a system-level control signal. Which makes much more sense now, since the tests were called out as tests, and not drills to prompt viewer activity.

It's funny, because after decades and decades of listening to the test drills, on 9/11 I had expected to hear it cutting in, but it was largely absent and unused. The only time I've ever heard it for real, was during weather-related situations like hurricanes.

The new sound is even worse (and seemingly longer), and I imagine it's signal (which sounds more like fax machine squelches than an alert noise)

This is the SAME (Specific Area Message Encoding) header, designed to deliver more detail to receiving devices about where the event is, the type, and how severe it will be.

https://en.wikipedia.org/wiki/Specific_Area_Message_Encoding

This is how you can buy weather radios that only deliver emergency weather messages for your county or town as opposed to the entire listening area of the station.

> The new sound is even worse (and seemingly longer), and I imagine it's signal (which sounds more like fax machine squelches than an alert noise) has been crafted to prevent incidents like you describe.

The evil part of me wonders if a replay attack would work for that more complex signal or whether it contains something tied to the current date.

The problem with emergency measures is they have to work in circumstances when you can't rely on other stuff any more which means they have to be as simple as possible.

Most stations have that device configured to only automatically take over air for the most egregious emergencies, with the rest aired on a discretionary basis. You generally only see full auto relays with full auto stations; pretty much every station with a butt in the big seat is wired discretionary, with individual station policy regarding which alerts to rebroadcast. I wouldn't generally retransmit a severe thunderstorm warning, for example, though I repeated every test. To my knowledge, only a Presidential Activation of EAS bypasses everything, and by law there's a book next to every eligible transmitter that describes the procedure for that (it's a bit unique).

For those who don't know, the tones -- which are indeed received from well-known designated primary stations -- come with a textual representation of the bad news, which is printed out on a little receipt-size slip from a box called a EAS-911 (a few vendors make them). One of two things happen next: either the EAS-911 takes over air automatically and rebroadcasts the bad news as it is received, or it is recorded instead and a little button begins blinking to indicate that the device is waiting for you to give it permission to take over air and rebroadcast the bad news. Pretty much everyone with resources is set up the latter way, partially for the very reason mentioned.

The real ugly scenario with the automatic relay stations is when the primary forgets the "I'm done" tones, and then every station in the state plays WGN for an hour. That's happened before. Fines have been levied.

> To my knowledge, only a Presidential Activation of EAS bypasses everything, and by law there's a book next to every eligible transmitter that describes the procedure for that (it's a bit unique).

Let's not give anybody ideas here, twitter is bad enough.

Don't worry, half the country probably doesn't know how to operate an actual EAN, nor where the book is when it comes. I have a feeling the Wikipedia page on it is going to be very busy in the first ten minutes after a president decides to pull the trigger.

This is backed up by me skimming the relevant section of the binder when I was training on a station, saying out loud "I didn't know there was a Presidential Activation of EAS," and my boss at the time replying "there is?" rather surprised.

The nationwide tests of the EAS have apparently not gone terribly smoothly, and that was with advance notice and planning. So it wouldn't surprise me in the slightest.

Volksempfänger would be damn classy propaganda. But Trump is not classy, never was, and never will be.

Well, the small stations who don't have a person decided when to play the alerts are typically listening to two larger stations, and it varies which ones they are listening to. So yes, a malicious actor could conceivably do this, but he/she would have to be close enough the antennas and have a transmitter powerful enough to broadcast over the assigned signals.

As others have noted, larger stations generally always have at least one person present who can verify alerts before rebroadcasting them.

EAS is not a perfect system, but it's not the worst in terms of infrastructure weaknesses.

> larger stations generally always have at least one person present who can verify alerts before rebroadcasting them.

New rules recently in effect, presidential alert messages (PAM) are to be rebroadcast by station equipment immediately with minimal delay and without requiring operator intervention.

Oh, great. Can't wait for them to hack that one...

The SAME format has no inherent security to it. Some implementations do some signal processing (thresholding really) to try to mitigate fake messages.

My first inclination is to say "good". My thought is that maybe incidents like this will get governments (actually everyone) to take security more seriously.

But, realistically, I'm forced to change to "bad". What I know will happen is there will be a bunch of hand wringing, minor panic, etc. Followed by a request for money. Lots of money. Lots and lots of money.

That money will go to cronies at companies that specialize in government contracts. Most of the money will be pissed away, aka legally stolen. And we'll only be very slightly better off (if that) than before these hacks happened.

There may be some things that require relatively low security within a high trust environment. For example, fire extinguishers behind glass in a building.

Could this done in order to cover the tracks of some illegal activity like a bank robbery? Seems like something out of Ocean's 11.

Video with sound: https://twitter.com/deadlyblonde/status/850576467234869248

I've heard that the tornado siren system in my locality is protected by a short DTMF code transmitted over a licensed radio frequency.

A quick google confirms this. I live in Michigan and there is a discussion here:https://forums.radioreference.com/michigan-radio-discussion-... about the frequencies used for the tornado systems. Not quite sure if they have changed since the post and discussion was made in 2004?

Also here: https://thenextweb.com/us/2017/04/10/hackers-cause-panic-in-...

People were reporting that this happened in Paris yesterday as well, but I can't find any news stories...

-- edit to add link http://www.leparisien.fr/boulogne-billancourt-92100/une-alar...

> http://www.wfsb.com/story/35104169/no-cause-for-alarm-false-...

Possibly another hack in CT yesterday as well.

Physical 'hack' which I suspect might change to just change to not a hack but a prank.

https://www.washingtonpost.com/news/the-intersect/wp/2017/04...

> At its peak, the call volume and a short-staffed call center pushed wait times as high as six minutes—the city's goal is to answer most 911 calls within 10 seconds.

This is why we can't have nice hacks.

911 systems (alas) get overwhelmed all the time in large cities (for various reasons).

This was intentional, and it was harmful.

How many people that actually needed help during this time could not get any? It seems Dallas 911 is already killing people when the system is overwhelmed on good days:

https://www.washingtonpost.com/news/morning-mix/wp/2017/03/1...

