Slashdot Mirror
Emergency Alert System Insecure
glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."
Dear FCC,
Since you asked, I thought I would weigh in with my comments about The U.S. Emergency Alert System (EAS). I think it's appalling that anyone with a 14.4 could tap into this system and alter it for their own aims. The whole system could be crashed by terrorists during an attack, compounding the devastation of any terrorist attack by cutting off access to the system, or providing false and possibly deadly information. For example, during the 9/11 attacks the EAS could have directed people to return to their desks in the WTC, magnifying the losses suffered that day.
I suggest you rebuild the EAS and take it offline until such a time that it can be secure.
>... the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency.
With the audio capabilities available today, it would be quite possible to dupe the public into thinking they were listening to George Bush, when in fact they were listening to the words of Osama bin Laden. And with the stuff Bush has been saying lately, the public might actually believe it was Bush no matter how insane the babble was!
Somehow you would want to have a method for ensuring the audio was legit, encrypted and unaltered. I'm sure there are many ways to do this today, so I'm not really sure why you're asking me! Throw up a bunch of secure pipes and give the president access to them. Come up with a way to keep his message secure. Yeah, it's going to be expensive, but not as costly as 80,000 employees of the WTC returning to their offices because the EAS said it was "just a test".
Kind Regards,
Scott
The dangers of knowledge trigger emotional distress in human beings.
I've always thought things like this were insecure. When I was in
:)
high school, I wanted to make a device to activate the tornado siren.
I figured I could just implement a simple replay attack. I never got
around to researching what frequency the signal was broadcast on, and
I didn't know how to record the signal once I knew where to get it
from. But it seems simple:
record when they do the monthly test, replay whenever. Panic everyone. Good
fun.
Apparently if you modify various bits you can make them play different
sounds and even broadcast voice. Plenty of fun to be had there.
If anyone has done anything like this, I'd be interested in knowing,
just so I don't have to get myself hauled off to jail trying to do it
myself
fp?
My other car is first.
10 bucks for whoever can get all of Nevada to evacuate due to imminent flooding.
after a mysterious color purple alert was issued. Officials believe it was the work of slashdot user outraged at the horrible color schemes on the popular news for nerds website.
XML
to give you this emergency message: ``Are your mortgage rates skyrocketing? Are your sexual organs too small? Do you have more money than brains? You can solve all of these problems by purchasing SUPER-VIAGRA! . . . and something about a tornado.''
MOUNT TAPE U1439 ON B3, NO RING
Conan + EAS + Bush picture + manlips = endless possibilities...
If you have to ask, you'll never know.
...how long until primetime television is interrupted so that we may be informed that 'all your base are belong to us'?
One idiot sentenced to 20 years in jail for broadcasting illegal emergency alerts ought to make people think twice about doing something so stupid.
This is yet another example why keeping infrastructure details secret is a bad idea. It's security through obscurity in the real world, and removes any incentive to actually fix these things. Now that there is a public report about it, there's at least a chance that pressure can be brought to bear, and get it fixed.
Well the above letter was kind of a joke. I mean, there were flames shooting out of the buildings!
But the seriousness of the insecure EAS could have been much more deadly. Like if a nuke was detonated and people were told that some city was safe to return to, even when in reality a bunch of nuclear fallout was starting to cling to everything within miles of the blast.
I'm not sure how effective hacking the EAS would be, but I am damn sure I wouldn't want to find out. I say, take it offline until they can secure it (and I don't mean by getting Diebold involved).
The dangers of knowledge trigger emotional distress in human beings.
Use this to replay a nation wide brown note. Also good fun. Buy stock in American Standard.
Oh my god! The russians are attacking!!!!!
Free Software: Like love, it grows best when given away.
http://generisite.net/
During the 9-11 attacks, did that beep come on the TV and radio? Some commedians have joked that it didn't so I don't know. I got my news from the web -- bbc.co.uk was fairly, and the local radio announcers gave the info as they saw it. Did the gov't even try to use the Emergency Alert System? Seriously, I thought the alert was just for a nuclear attack by the USSR, never ment to be anything more than that -- a useless anachronism since the 1970's. Sounds like another group of buearucrats who want some of the Patriot Act resources to pad a sagging budget.
Almost two years old, in fact:
http://www.securityfocus.com/news/613
I'm sure one could find even earlier discussions of this vulnerability.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
It was reported two years ago. We'll probably hear about it in 2006 too, unless someone takes advantage of it.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
NWR Specific Area Message Encoding (SAME)
Full spec (pdf)
EAS isn't a system that is actually used. Its just a porkbarrel project that Americans simply ignore. In fact, on 9/11 EAS wasn't even used. People simply watched cable.
I'm sure it's nothing Halliburton or Diebold can't fix for $400 Million via a no-bid contract.
If they went public with this, I'd bet good money it's a precursor to an already set up proposal from a well-connected contractor who wants to ride the wave of public fear all the way to ten times the cost of fixing it.
...don't fix it.
Seriously. We don't have to coat everything in 50 feet of kevlar, spaced 100 feet apart and communicating with 1GB encryption keys.
Unencrypted broadcasting modem: scales well and very cost-effective.
When it was made, that wouldn't have been a problem. It was put in to repeat a message sent in the event of soviet nuclear attack. Each node would relay to all the other nodes. Of course, modem technology was rather scarce at the time, so security wasn't the top concern. This thing was never designed for security.
This is one of the few times where I can see hacking as terrorism. If you hack this, you are, in my eyes and in those of the law, a terrorist. Leave this one be.
Since when has this country used intellectual elite as a pejorative term?
I had this idea. I so had this idea. It was going to be great. I was going America my naked ass on national TV live at 7:00 PM next month. I'd already worked out my monologue and everything.
Bastards.
That said - don't y'all sprain yer hamstrings to jump up and point fingers at the "government" or twist this into an open-source vs. closed source issue.
Every system is designed in relation to its operating environment. The EBS was originally designed for a far more benign environment than exists today. I bet the primary goal of the designers was to come up with a system that was simple and effective and would work even if large parts of the power grid and the telephone network collapsed. It is inconceivable that they did not ask themselves if they needed bullet-proof authentication mechanisms - it is equally probable that they discarded that requirement as being potentially failure-prone. Given the fairly benign security environment that they designed for, and given the technology available and the overarching goal of simplicity - they cam up with what is really quite functional.
And then the world changed (surprise, surprise). the environment that surrounded the EMS changed, rapidly and unpredictably. Where previously it was safe to assume that natural disasters would bring people in the community together to work in co-operation to face the threat, we now wonder which sleeper cells activate in these situations. The comfortable security blanket of yore that RipVanVinkle aka RVV dozed is suddenly yanked off - exposing us to the elements.
Its like waking up one day in the shadow of a dam and suddenly seeing a thousand leaks in it. The small leaks have always been there - all dams leak and sweat a little. But now we know that there are people out there that seek to widen the cracks and stuff them with C4 and stick some fulminate in them (amazing how much chemistry you can pick up from the newspapers isnt it?). So RVV franctically tries to seal the leaks in the dam. Paranoia? Perhaps.
The real tragedy is that the time that should be spent tending to his crops, playing with his children, making hot, sweaty love to his wife and dreaming big dreams in his afternoon nap is now spent in searching and classifying and closing the leaks in the dam.
Will RipVanVinkle make his dam perfect? Can any dam be made perfectly leak free? Go figure.
See that long UID - that's what you get for lurking too long
On February 21, 1971, an alert message announcing a nuclear war was sent over the teletype network by accident. Somebody at NORAD loaded the wrong paper tape. Almost no stations broadcast the message. One station in Florida actually did. After that, NORAD lost their authority to send emergency action messages on their own.
The current system has more input sources than the old one did. There are weather alerts, and now even child abduction alerts. If there's ever a phony message, it will probably come from some "authorized" input source.
A detailed history is here.
Damnit this means I'm going to have to dig through my spare parts for my old dialup modem, and I swore it would never see the light of day again.
______ Eagles may fly but monkeys don't get sucked into jet engines.
...of the Emergency Broadcast System. Had this been an actual emergency, you would all be dead now. This concludes this test of the Emergency Broadcast System
i think there must have been a mistake, mr. taco.
i seem to be able to modify everyone's preferences. it's right there, in the left hand corner!!!!!
Yes, its based on low-speed modem transmissions over public airwaves. What wasn't mentioned is:
The low-speed transmissions are done by 'primary' stations, who have big transmitters. 'Secondary' stations choose primary stations to monitor, and retransmit the alerts the primary stations transmit.
The low-speed transmissions are done on their broadcast frequency.
So, you know what you need to exploit this? Locally, you need to know which local station(s) is/are primary, and a transmitter big enough to override the monitored signal, or a group of transmitters big enough to override the monitored signal at each of the monitoring antennas.
Nationally, you would need to do this for EVERY primary station.
It isn't perfect, but its actually pretty reasonable security. A far bigger threat would be someone who could inject a believable warning into the primary systems, and even there, I'm not so certain its really a worry (see: 1970s NORAD mistake that no one broadcast).
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
This Emergency Alert System message would like to inform you that hakz0rz pWn j00 aLL. All j00R Em3Rg3ncy Al3rt sY5teM 4RE BeLoNG t0 Slashdot!
Its just a phase. I was insecure too when I was tht young.
________________________
Huh?
Everyone knows that the secret EMS pass code is 00000000! What posers!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
someone respond to my comment please, this is the first comment i ever made on /. after three years of lurking.
Most people thought the EBS looked kinda stupid when the blackout happened a while back.
Had it been an actual terrorist attack - we'd have been toast. Maybe they should switch to Vonage.
This shit was great back in 1950, but equal rights and democracy were great in the 60's and we don't seem to have them anymore either.
Stuff that matters.
It truly was designed for a different era, but has its uses even today. Virtually all weather emergency bulletins are sent out via the EAS protocols today, which doesn't normally affect people in, say, Silicon Valley, but makes a big difference in Tornado Alley and in Florida right now.
A few miles from here there was a fire at a chemical factory in La Mesa, CA... I was sitting there watching something on a high-cable channel when I hear a tone and see scrolling text at the top of the screen advising me to evacuate the area. Thank you EAS, and thank you Cox Cable.
When San Diego had its Cedar Fire in 2003 (largest fire in the history of CA, which altered everyone here's life) the EAS was used by the NWS, FD, and PD to provide information on evacuation across all channels on the cable systems (not sure about the radio, they might have been covering that themselves).
The California Office of Emergency Services has a Emerg. Digital Info Service that uses some of the same technology and protocols as well (includes the much-reknowned AMBER alerts).
Don't think that this is some relic, this is used and tested on at least a weekly basis nationwide (SD Info).
That being said, efforts to modernize and update things are great. I'd like to see some sort of emergency protocol for data packets, similar to the emergency phone service that allows infrastructure workers' phone calls to have priority in the midst of an emergency. There should be a EAS sitatuion website that is update out-of-bounds and is replicated (through some fancy AS routing) to servers all across the country, so it's always accessible. Think of a FEMA-run Akamai.
The company I work for was even considering some way to allow people to have EDIS/EAS alerts pop up (via Messenger service or some other client) whenever they were released for the area they're in (won't work because of all the RFC1918 space they use
Emergency Alert Systems, and Civil Defense systems in general ARE still around, and ARE working within their original intent, but more public attention needs to be brought to them, so that all know about them. It's not so much security, but having more eyes on them will undoubtedly help suggest further improvements.
And I agree with the earlier poster... ANYONE who hacks a system like this deserves the 20 years of time they'll get. That's just dumb. It's on a par with DOSing a 911 call center. Don't do it. You WILL cause loss of life and NO ONE will have any sympathy when you go to prison for a very, very long time. In fact, I'd love to help catch you.
Hire a Linux system administrator, systems engineer,
Nice to know terrorism is really being taken care of seriously, so between this, voting and letting anything onto a plane that the tabaco companies deem ok, what else isnt working? the next terrorism incident will strike terror into everyone not because of fire and death but because they will suddenly realise their worst fear - that the people incharge are all idiots!
This comment does not represent the views or opinions of the user.
For $40 Billion dollars.
Another article covered earlier in the day by The Register...
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
http://www.snopes.com/science/poolpiss.htm
Read the last paragraph
Explains everything!
http://generisite.net/
A) I live in California, they don't pre-announce earthquakes.
B) for a few years, I lived in Nebraska, where they did broadcast, with some regularity, warnings of tornados and flooding. Flooding NEVER applied to ME (since I didn't buy a house in a low area), and after a while, I began to treat tornado warnings as special invitations to go outside and see the cool angry-green lightning. My house was well built and held up well to 100 mph+ winds. No trailer for me.
C) Al Quesodilla just nuked LA. Well, shit, I guess I won't go there anymore.
Seriously, not to discount the system totally, but what percentage of you actually use/get benefit from it?
I suspect you don't need an emergency broadcast to tell you that Huricane XYZ is bearning right down on you now (sorry Tampa, hope you come out ok).
This issue is a bit more complicated than you think.
u suck
respond :)
I don't have the exact issue handy, but someone wrote an article in the past few years explaining exactly how the system works, and how to possibly gain access/control.
They could have already set up monitors that could very quickly traingulate the source of an interference, while in parallel secretly laying down a secure system. Then by encouraging press coverage of the security holes, they would raise the possibility of a terrorist trying to use said security holes, and in doing so, give up their location.
Puting on my meta-tin-foil-hat.
dear torrirst pls no attack pls thx
Oh trust me, it's for real. And yes, they do use it. And let me tell you, this article worries me. On a day like today, a script kiddy could inflict some really serious chaos.
Taylor B. Palm Bay, FL
based on my own view of the situation i think that an over hual is needed in a large scale national georgraphic
--- Website: http://spinhex.sytes.net/
What does it take to hijack a cable TV head-end or an STL? (studio transmitter link) If your TV tells you to "put your head between your legs and ...." wouldn't it be prudent to verify the information? While most pranksters would rather play an "XXX" film or get some political message accross a more devious action is certainly more thinkable than the unthinkable.
If you are not directly in an emergency, atleast take an effort to verify it. On 11 september 2001 my inital reaction was that it may be a 'super hack' and someone (some group) had managed to take control of all the news media from the US to Europe. In the tech company I was working, this was seen as a real possibility. Only after a couple calls actually confirmed it, did the shock and horror of it really set in.
While one should never trust one type of media, verification from multiple sources is very secure. EBS has served its purpose and EAS is certainly obsolete. It is however just one more source of information, little as it may actually represent.
Kids...Itchy and Scratchy can't be here today. But instead,
we've got the next best thing! It's the Stingy and Battery
show! They bite. And light. And bite and light and...yatta,
yatta, you know what I'm talking about.
Emergency Alert System is Pretty Much Fucked
Authority questions you. Return the favor.
About 13 years ago, St-Pierre (et Miquelon) was warned of an impending tsunami from some official New York source.
At least it looked official... and it could be a huge disaster for the whole island and its 6,000 or so inhabitants. Local learneds debated about it on radio and TV.
No confirmation with said authorities could be obtained, and Canadian media weren't reporting the story either. What to do? There had been a devastating tsunami in Newfoundland in 1929. Heck, a third of the old women in St-Pierre were refugees from that even; they came to work on the island, only to get married there. (Ok, the Prohibition meant they were also flush with cash, so they could hire maids and take them out to drink...)
But I digress. It seemed like a hoax, but it was plausible. Hundreds of people decided not to take risks, and go to the highest "mountain" (read hill) they could go to and wait.
No wave came. Parents preferred being safe than sorry, and kids played during this grand improvised mass picnic, a festival of sorts.
This was even though the mass of evidence was that this was just a hoax, not even cleverly executed. Based on this, I reckon an exageration about a real event could empty an entire city or village, perhaps even more. No doubt people living close to the hurricane in Florida right now that thought they were sufficiently far away from the "eye" might be convinced to evacuate.
What does a malicious hacker, criminal or terrorist do once people evacuate? Or is fucking with their minds the whole point?
Information: "I want to be anthropomorphized"
While it is a huge concern, it's neither new nor surprising information.
"someone respond to my comment please, this is the first comment i ever made on /. after three years of lurking."
Hi, dude!
As a broadcast engineer, this system was IMO, broken from the gitgo.
However, let me also point out that the huge majority of the system, if it all worked, which is rare, is secure in that the average stations gear can only accept input from the designated primary station in the area, and the NWS services which are also a part of the "network".
The rest of the secondary sites in a given area are proscribed from the generation of any spurious information by the FCC, with the penalties being both uncontestable, and damned expensive for the offender who originated the false message.
The rest of the problem is its dependability. The local system here has to jump the NRAO Quiet Zone, and is I believe now a satellite link, itself a huge problem in the event of an emp from an atomic device on the same side of the planet, or solar flares also can potentially render the link useless.
Once you get the alert up here from star city, then you have the problem of poorly designed gear foisted off on us broadcasters by the relatively short timetable mandated by the last methodology change about 15 years ago. That gear is now failing, and the maker, who was probably incorporated just to peddle the things, has since found it impossible to survive on the expendables the system requires, like its printers unique thermal paper etc. No schematics were furnished without a lot of yelling and screaming on our part, and sending it back for expert service? Fugetaboudit. Expert service does not exist in many cases.
And then the commission wants to fine us 27,000 per malfunction to boot. Most of the failures are beyond our control as the testing frequency is not sufficient to locate a malfunction before its a real malfunction.
Yes, its broken, hopelessly so. It needs to be replaced with something that actually works AND is secure from outside attacks.
And it needs to be stated up front that anyone with an idea of sueing the users for using an unknown submarine patent they ran to the patent office and got a patent on after the system was developed, will do jail time until such time as the system is declared unusable as this one s/b now. We went thru that already with this system, some jerk, smelling an easy dollar, ran and got a patent on it from our slumbering USTPO and sent all of us letters demanding $1500 a year for a license to use the system that was developed and mandated by the government. I think all of us were in close harmony during the chorus that told the commission and the equipment makers to pay it, we weren't about to pay annually for something that was mandated by them once we had purchased the original gear and installed it.
They faded away into the slime from whence they came eventually, and the patent was eventually set aside, or so we are being told.
Yah, we need a new system, one considerably more well thought out than this one ever was.
--
Cheers, Gene
You mean it's possible to gain control with an Atari 2600? W00t! And here all along I thought it was just for playing games. I can't wait to see this technology incorporated in my Colecovision too!
It sorta makes you wonder what would happen in the event of another terrorist attack on america. A terrorist sets a bomb off in washington DC, and our alert system is shutdown by a simple attack on the system. There was no real reason to question the systems security. The logical response would be the system is heavily encrypted and secure. Hats off to the government. After 9/11 they couldnt figure out that a SECURE system was required? Sigh. How many people would die before they changed the system? I doubt it would cost a terrible ammount to make the system secure. Thankfully someone brought attention to it before it was exploited.
"... this was a test of the Emergency Broadcast System. Had this been a real emergency, the tone you just heard would have been followed by panicked shouting and terrified screams. This concludes our test of The Emergency Broadcast System."
Can anyone tell me how to set my sig on Slashdot?
When I worked at a radio station, I was responsible for scheduling and issuing the required weekly and monthly tests of the EAS.
I always thought that the system wasn't exactly that secure, as it was a relayed system and if a primary station issued a false EAS message, it would be relayed to all of those stations designated to listen to the primary...
One time when configuring a new EAS machine, I was tempted to issue a Tsunami warning (for the Chicagoland area), but decided I'd rather not go to jail or pay some huge fine.
"We shall show mercy, but we shall not ask for it" -- Winston Churchill
Let us remember there is no such thing as "secure" there is only more secure. Don't rate this "100% funny" its not funny at all.
411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
Im sure every hacker right now is thinking "damn I wish I had thought of that! However even if the incoming server used authentication as basic as caller ID it would help alot. (but with VOIP spoofing who knows)
411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
add a digital signature of some sort with a public key, that would prevent any unauthorized use of the system, and still keep it open for any body. the only problem is how do you distribute the public key, not everyone has internet, and broadcasting it every now and then opens up the possiblity for abuse.
If you want to criticize stuff, you should learn to spell.
Anyone remember Terminator 3 where Skynet had created a virus that scrambled global communication? I would think that a virus could be used to broadcast bogus or misleading signals. And it could spread quickly enough, especially over cable to have a major impact.
EAS is trigged by unencrypted slow-modem-like broadcasts over the broadcast airwaves. That is, station A has a machine that listens to station B, and when station B broadcasts an alert that needs to be heard on station A, a magic box interrupts programming to broadcast the alert.
Sure, there's no tech security in the EAS system itself, but there is plenty of physical security at any TV or radio station under the jurisdiction of the FCC. To put it bluntly, if their broadcast signal is overtaken by a hacker by any means, that station is at risk of having its ability to do business taking away from them forever by losing their license.
To create a false EAS message, an attacker would need to know what stations monitors what other stations in the EAS network, and also be able to overtake on of those statioons to get their own broadcast on the air. This just plain isn't likely... not to mention whatever public panic might be created would be mitigated by the real EAS system quickly publishing a "Ignore last message, we've lost control of our system!" message.
No differerence, dude. They are mutually employed by each other, and the best of friends.
But why are these problems being brought to light NOW instead of the ~7 years ago when the EAS replaced the EBS?
In the age of terrorism suddenly every fucking thing is exploitable, yet none of this was brought to light when whatever legacy app was implemented 10 years ago.
...and that's all there is to it.
it was at least secure thru obscurity untill you told the people on slashdot!!!! now it will be hacked next week!!!!
Good books those. Especially the last one.
Reminds me of the bugs Captain Midnight found in the satellite TV system. Did they ever fix it, other than encrypting the signal?
As we speak, I am unloading tablespoon after tablespoon of my gelatinous haploid DNA all over your face. It is being rhythmically pumped from my vas deferens and prostate, straight through the quivering shaft of my penis and impacting at approximately 15mph.
Jesus Christ, this feels incredible.
Shut up, you stupid fuck. Osama Bin Laden is assuredly not Bush's "best friend." Just because one oil company's family is tight with the house of Saud does not mean George W. Bush SPECIFICALLY is butt-buddies with Osama.
Get a life. And wipe my cum off your face, already.
A realistic description of such a society may be found in Walter M. Miller Jr's science fiction classic A Canticle for Leibowitz . Some excellent reviews of this book may be found here, and, on our own Slashdot, here.
If I remember correctly, the first part of the book concerns a garden variety electronic schematic entitled "Transistorized Control System for Unit Six-B". A monastic religious order has devoted itself to the preservation of this and other "memorabilia". In an attempt to preserve it, one of the younger monks has reproduced it by hand. The reproduction is not an exact copy though; it has been "illuminated" with gold lettering, ivy climbing around the margins, and cherubs. One of my favorite scenes is when the "illuminated" copy is mistaken for the original.
I imagine that the residents of such a world would marvel at the amazing artifacts left by "the Ancients". They might wonder about things like Road , as the inhabitants of John Crowley's book Engine Summer refer to our freeway system. I can hear questions like "What was it used for?" and "I wonder how they lived." (See David Macaulay's Motel of the Mysteries for a scholarly discussion of what our descendents might think a toilet seat was used for.)
Of course, perspectives like these are not unfamiliar to us; think about how we view the Egyptians and the Mayans. Makes one wonder...
I'm in my late 40s, so I grew up with the US/Russian Cold War terrorist threat of nuclear war and I remember people building bomb shelters in their back yards when I was a kid. The first time I heard the Emergency Broadcasting System announce that this was a real warning, not a test, was probably around the late 80s, and I really freaked for a few seconds before realizing that they were using the thing for flood warnings. It's a perfectly sensible thing to do with it (:-), but for my whole life it had meant "If it's not a test, then Nuclear War Starts Now"
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's set in a quiet northern California town, nice family place, Dad's commuted to work in San Francisco the day the bomb hits, so after the TV goes out and enough communications gets restored to know there's been a nuclear attack, they know he's not coming back, and everybody starts dieing of radation from the fallout over the next few months, kids and old people first. None of the black twisted cities, it's still a nice sunny day out, and there's nothing they can do to stop it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
OK, not _all_ of Nevada, but lots of desert areas are susceptible to flash floods when it rains - that's why they teach you stuff about "never go down in the arroyo unless you can climb to safety if there's a flash flood". And there are lots of mountain areas in Nevada that do actually have water in the rivers, and you'll find cities usually get built where there's water. Reno in particular is at some risk of floods, though Las Vegas is much less so.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks