Last week, around 2:30 a.m., blaring emergency sirens woke the people of two Texas towns… and then, until about 4:00 a.m., the alarms kept sounding, on and off, until crews finally managed to turn them off.
The towns of DeSoto and Lancaster are both in Tornado Alley: one of two regions of the US that have a disproportionately high frequency of tornadoes (the other being Florida). The outdoor alerts are meant to warn people to get to safety. But there were no tornados on 12 March: just the noise of false alarms that had been set off by hackers, as officials of the two towns concluded.
Over 30 sirens kept going on and off, with 10 in DeSoto and 20 in Lancaster.
The city of DeSoto said in a statement that there was no malfunction in the warning system. The false alarms set off in both cities seem to have been triggered intentionally. The matter’s been turned over to the affected cities’ police departments for investigation.
City residents took to Twitter to try to figure out what was going on:
I’m in DeSoto.
— Summer G (@summer_galvez) March 12, 2019
The (tornado?) sirens stopped but started right back.
Any insight? This is scary. @wfaaweather @Fox4Weather
We need answers please.
🤦♀️why do we have a false tornado siren going off in Lancaster Tx? Smh Thanks Lancaster for waking us all up at 2:30 am.
— Deanna Laurence (@LaurenceDeanna) March 12, 2019
The hell these Lancaster/ Desoto sirens goin off. Got work at 8 A.M I ain't seen 1 tornado comin thru.
— The Unluckiest Fraud, Jay (@FraudBomb) March 12, 2019
Lancaster officials warned that whoever’s responsible is looking at arrest and prosecution:
Based on the widespread impact to the outdoor sirens located in two separate cities, including Lancaster, it has become evident that a person or persons with hostile intent deliberately targeted our combined outdoor warning siren network.
Sabotage against a public warning system is more than vandalism. It is a criminal act and those responsible are subject to arrest and prosecution.
The cities managed to take the hacked systems offline the next morning, and as of Monday this week, they were still offline.
Fortunately, the residents of the two cities lucked out. Severe storms, and possibly tornados, had been announced for the entire week in North Texas. But although a severe thunderstorm did hit the two cities on the night following the false alarms, it brought no tornado with it.
It if had, they wouldn’t have been able to warn residents with the external alerts. There are backup systems, though, for residents to stay informed and to receive warnings. DeSoto officials said:
The main purpose of these sirens is to alert people who are outside during inclement weather to seek shelter inside. Once a person is safe inside, the most important thing that they can do is to secure the most current and accurate weather information possible. The first step should be for all DeSoto residents to sign up for the Code Red emergency weather warning system which was not impacted. […]
We will continue to make every effort to safely restore our outdoor siren system and to work with our law enforcement agencies in any follow-up investigations that are conducted.
The city of Lancaster likewise said that it’s consulting with technical experts about the warning systems and following up with police on the investigation into the hacking. Lancaster, like DeSoto, said that it’s relying on the Code Red emergency weather warning system, the city website, and social media for communications.
Take a spin on the Fear-o-rama
Texans have seen their share of fear-and-panic-spreading public systems hacks before.
On a Friday night in April 2017, 18 minutes before midnight, every single one of Dallas’s 156 emergency weather sirens started doing this:
Ever wonder what the end of the world feels like? #dallas #sirens pic.twitter.com/dvokKWkZ6N
— Manic Pixie Dream Gay (@deadlyblonde) April 8, 2017
They blared for an hour and a half – “to the annoyance, terror or amusement of 1.3 million residents,” as the Washington Post reported. It took months to encrypt all the sirens and get them up and running again.
In that instance, a hacker exploited a “radio issue” to set off the sirens in the middle of the night. Dallas responded by adding encryption to the radio signal that controlled the city’s sirens, to make it harder for unauthorised radio users from again hijacking the control signal.
Super-serious false alarms from electronic warning systems happen more often than you might like, as in the case of a fake missile alert in Hawaii in January 2018.
People sought shelter by crawling under tables in cafes, were ushered into military hangars, and huddled around TVs to watch the news for the latest developments. Some put their kids into the bathtub, others sought shelter in tunnels, while some tried to get to the airport to clear out before the heavens rained down.
That one was immediately followed by Japan doing the same thing: because of a switching error, another fake missile alert was sent out. The false alert said that North Korea had probably launched a missile and warned people in Japan to take cover.
Then, in January 2019, a much more domestic but just as terrifying false alert was blasted out to a family by way of their security camera. The hacker took over a family’s Nest security camera to broadcast a fake warning about three incoming intercontinental ballistic missiles (ICBM) launched from North Korea, sending a family into “five minutes of sheer terror.”
To paraphrase one Tweet on the subject of the North Texas tornado system hacks, it takes one hell of a keyboard-thumping lump – one who lacks humanity – to leave people sitting in the dark like that, a life-threatening storm potentially headed their way.
DeSoto and Lancaster’s tornado siren systems were hacked last night so they turned them off, according to the news. A whole twister could be headed this way and we’re just stuck in the dark. Literally. 😐
— Summer G (@summer_galvez) March 13, 2019
Jeff
For the April 2017 incident in Dallas, the article referred to “amateur radio enthusiasts”. Was there evidence that an actual FCC licenced Amateur Radio Operator (ham radio operator) was involved in that incident, or does the term as used in the article refer to a non-professional and non-licenced radio enthusiasts? (Traditionally, licenced Amateur Radio Operators have been at the forefront of public service, providing communications during emergencies.)
Paul Ducklin
Good point. The words “amateur radio enthusiast” made me think of ham radio, and given that ham operators have to pass the electromagnetic equivalent of a bus-driver’s test, and hold the electromagnetic equivalent of a bus-driver’s public conveyance licence, they tend to hold themselves to high standards and make positive community contributions – in the same way that owners of classic sports cars generally don’t go in for TWOCcing and cutting other drivers up for sport (and they enjoy surprisingly low insurance premiums, even though some of them are, ahem, spirited drivers who aren’t averse to getting the hammer down).
So I changed it to say simply, “unauthorised radio users”.
Anonymous
“Other warning systems have likewise been hacked to trigger false alarms, including a fake missile alert in Hawaii in January 2018.”
The article it links to specifically says that the fake alert was caused by user error, not a hack
Paul Ducklin
Fixed the wording, thanks!
anonymous
Most populated areas of the US also are able to receive location-specific NOAA Weather Radio Alerts, including tornado warnings. These alerts are triggered moments before mobile phone alerts and sirens. So far, these radios have never been hacked… probably because it’s analog.
This Space Intentionally Left Blank
Just an aside from someone that has lived their entire life in Texas tornado alley — often a block or two from tornado warning sirens. These systems are generally just theatrics. You can hear them loud and clear during daylight testing. You can hear the one closest to you and echos of 10 more in the distance. I am very sure that these hacked systems woke people up out of their sleep. I have, however, never in my life actually heard one going off in a storm. The sound of the storm (and possibly the lake of water falling from the sky) dampen the sirens such that you are unlikely to ever hear them. You are much better off with a weather radio.