On Sunday, Baltimore’s emergency service dispatchers were forced off automated dispatching and onto getting the job done manually because of a hacked server.
According to the Baltimore Sun, the breach was confirmed by Mayor Catherine Pugh’s office, the FBI (which is helping with the investigation), Baltimore Police Commissioner Darryl De Sousa, and CIO Frank Johnson from the Mayor’s Office of Information Technology.
James Bentley, a spokesman for Pugh, told the newspaper that the attack, which came around 8:30 am on Sunday morning, affected messaging functions within the computer-aided dispatch (CAD) system.
The CAD system supports the 911 emergency service and the 311 mayor’s hotline. Johnson called it a “limited breach.” Services that back up the two numbers “were temporarily transitioned to manual mode,” he said, and continued to operate without disruption.
The Baltimore Sun quoted Johnson:
This effectively means that instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually.
After isolating the affected server and taking it offline, city workers did a “thorough investigation of all network systems,” Johnson said, and had the problem fixed and the server back online as of 2 am Monday.
Police Commissioner De Sousa said that police response time to crime reports didn’t slow down due to the attack.
There were no suspects as of Tuesday, and the motive for the hack was unknown. Nor is it known if this was the first such attack on Baltimore’s 911 system.
There are all sorts of motives that have been at the heart of similar attacks, though. As the Baltimore Sun reports, and as was confirmed by an association that represents 911 professionals across the country, there’s not much by way of personal or financial data on these systems.
The systems can, however, store some medical information and can give attackers access to cities’ important mapping systems. Taking them down also affects cities’ ability to quickly respond to disasters.
The newspaper quoted Brian Fontes, the CEO of the National Emergency Number Association (NENA):
If I’m a bad actor out there and I wanted to do some real harm beyond the 911 center, one of the main things I would want to do is bring down the 911 center.
If there were a concerted attack of some sort, you want to make sure that your 911 centers are up and running because they are your dispatch centers for emergency responses.
This isn’t the first time hackers have messed with 911 systems. In October, a 19-year-old hacker was sentenced to three years of probation for seriously disrupting Phoenix’s 911 system: a stunt he said he pulled in order to impress Apple.
He said he wanted to create a “non-harmful but annoying bug that he believed was ‘funny.’”
Go back to 2009, and you’ll find a 17-year-old hacker who ran a botnet with which to bombard the 911 system with hoax calls. He got nearly a year in juvenile detention.
Sooooooo not funny. Sooooo “we will lock you up” not funny.
Good luck with the investigation, Baltimore.
Steve
Throw the book at ’em. And make sure it’s a very large and heavy one.