DHS: Hackers increasingly targeting emergency systems

WASHINGTON — The Department of Homeland Security and the Multi-State Information Sharing and Analysis Center are warning that cyberattacks against law enforcement, fire departments and other emergency services have become commonplace and are likely to increase in frequency.

An intelligence assessment obtained by WTOP, reads, “cyber targeting of the Emergency Services Sector (ESS) will likely increase as systems and networks become more interconnected and the ESS becomes more dependent on information technology for daily operations.”

The assessment said the unified nature of the systems “creates more targets for hackers,” and that “vulnerable systems include call-center communications-management software, closed-circuit TV camera systems, interactive voice response systems, and emergency alert systems — particularly wireless emergency alert systems.”

Hacking emergency systems is not a new phenomenon. Similar incidents date back more than four years. The most notorious took place in February 2013.

KRTV television viewers in North Central Montana heard the familiar emergency alert tones and saw the usual accompanying messages scroll across their screens, but what they heard next triggered a wave of panic in the first-responder community.

“Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages on screen that will be updated as information become available. Do not attempt to approach or apprehend these bodies as they are considered extremely dangerous,” was the message.

Similar messages were later broadcast on WMNU-TV and WBUP-TV, in the upper Michigan Peninsula area. Their systems, along with those in California, New Mexico and Utah, were hacked in the same manner: The hacker remotely logged in over the Internet and manipulated the system because of firmware vulnerability in those systems.

Authorities stopped the perpetrator overseas. But the attacks have continued.

Since then, the Department of Homeland Security has detected a pattern suggesting they will become more frequent. The DHS assessment says “approximately 600 critical government phone systems nationwide, including 200 public-safety answering points (PSAPs) were hit by telephony denial of service (TDoS) attacks.”

The next year police were targeted. A city “in Southern California and several local public-safety agencies were hit by ransomware” in June 2014; 100 computers and 10 servers were affected. In May 2015, a Nevada county sheriff’s department and a Wisconsin police department were victims of a ransomware attack that encrypted both departments’ shared folders.

The concern is not just limited to first responders. Earlier this month, Hollywood Presbyterian Medical Center, in Los Angeles, announced it was a victim of a ransomware scheme, and it paid close to $17,000 to have its files released.

Bracing for an increase in attacks, DHS has offered a list of best practices for first responders and emergency system operators to follow to avoid vulnerabilities.

• Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
• Maintain up-to-date anti-virus software, and keep operating systems and software up-to-date with the latest patches.
• Be cautious about all emails received, including those purported to be from “trusted entities,” and be careful when opening links within those messages.
• Do not input personal information or login credentials in pop-up windows or links within an email, and do not open attachments or click on links in unsolicited emails — access the links by navigating to the organization’s website directly.
• Look for uniform resource locaters that do not match a legitimate site, but appear to be associated with the site through small spelling variations or different domain names (.com vice .net).
• Be wary of downloading files from unknown senders. Malicious code can be embedded in commonly emailed files, such as .doc, .pdf, .exe, and .zip; and be particularly cautious of double file extensions (evil.pdf.exe).
• Only download software from trusted sites, and enable the feature to scan email attachments before downloading and saving them to a system or network.

J.J. Green

JJ Green is WTOP's National Security Correspondent. He reports daily on security, intelligence, foreign policy, terrorism and cyber developments, and provides regular on-air and online analysis. He is also the host of two podcasts: Target USA and Colors: A Dialogue on Race in America.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up