US Hacker Sets Off 156 Sirens At Midnight

"I had the displeasure of being awoken at midnight to the sounds of civil-defense/air-raid sirens," writes very-long-time Slashdot reader SigIO, blaming "some schmuck with a twisted sense of humor." The Dallas News reports: Rocky Vaz, director of Dallas' Office of Emergency Management, said that all 156 of the city's sirens were activated more than a dozen times... Dallas officials blame computer hacking for setting off emergency sirens throughout the city early Saturday... It took until about 1:20 a.m. to silence them for good because the emergency system had to be deactivated. The system remained shut down Saturday while crews safeguarded it from another hack.

The city has figured out how the emergency system was compromised and is working to prevent it from happening again, he said... The city said the system should be restored Sunday or Monday.
City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.

Just a matter of time

In before Russia

Don't encourage him

He's a dick who doesn't give a shit about endangering people who really need emergency services.

Re:Don't encourage him

He didn't break the 911 emergency number. The people did that to themselves by flooding the number with calls. Blame where blame is due.

Re:Don't encourage him

[ShanghaiBill]

He didn't break the 911 emergency number. The people did that to themselves by flooding the number with calls. Blame where blame is due.

Those people were idiots. If the sirens are blaring, then it is obvious that the authorities are already aware of the problem.

Re:Don't encourage him

[phantomfive]

If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.

Re:Don't encourage him

[ShanghaiBill]

If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.

1.2 million people live in Dallas. 4400 confused people, or about a third of 1%, dialed 911. You can't extrapolate from that to say that "no one" knew what to do.

For the clueless, here is what you should do when you hear a siren:
1. If you are in a tsunami warning area, head for higher ground.
2. Make sure your house isn't on fire.
3. If you have an air raid or fallout shelter, get in and seal the door.
4. If none of the above apply, then go back to bed and hope that someone else deals with the problem.

Re:Don't encourage him

[AxeTheMax]

So in this case, that would be no one matching the first criterion, almost no one matching the second, a very few with a shelter that they could use. So everyone else goes back to sleep. The article did not say what the immediate response of the authorities was, did radio and TV stations promptly transmit a 'do not worry' message? What is the point of the emergency siren again?

Re: Don't encourage him

Around here, it is almost always a call for the volunteer firefighters to report to a fire. Thankfully, they are all aware of that and don't just go to bed.

Re:Don't encourage him

[Ol+Olsoc]

He didn't break the 911 emergency number. The people did that to themselves by flooding the number with calls. Blame where blame is due.

Those people were idiots. If the sirens are blaring, then it is obvious that the authorities are already aware of the problem.

Then again, so is turning the Sirens into yet one more IoT failure point.

I remember when I pointed out that if it was cheap and easy to control all these IoT things, it would likewise be cheap and easy to get into them.

I remember when I was scoffed at every time I brought that up.

We are going to find out what things are connected to the internet in the next couple years by them failing.

Re:Don't encourage him

[Ol+Olsoc]

If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.

1.2 million people live in Dallas. 4400 confused people, or about a third of 1%, dialed 911. You can't extrapolate from that to say that "no one" knew what to do.

For the clueless, here is what you should do when you hear a siren:

1 Check facebook

2. Update your status

3. have all your friends send you thoughts and prayers

FTFY

Re:Don't encourage him

[clovis]

5) climb onto your wife to heroically protect her with your body or whatever
One of the few perks of living in tornado alley is having sex in a raging thunderstorm with tornado sirens in the background.
Add some WWII air raid flavor by putting on your uniforms.

Re:Don't encourage him

a) Standard procedure case of an alarm sounding is to have a broadcast message on the (analog, standard, long wave) radio. I see no mention of this, so whoever's responsible for emergency response should be fired. The message should have been simple: "The emergency alarms are out of control, please ignore and do not call a this time. Listen for further information."

b) If 911 failed in this case, then there's something wrong with it. This should be fixed rather than blaming the messenger. Sure, if he's caught there should be some punishment, but probably nothing serious. The people responsible for the emergency centre, on the other hand, should be being interrogated by the police at the present moment and should have some pretty good excuses if they are to avoid prison.

Re: Don't encourage him

Probably because we mostly all preach it here to ourselves. Forgot to tell everyone else

Re: Don't encourage him

[starblazer]

Don't you have VHF pagers in your neck of the woods?

Re:Don't encourage him

[EvilSS]

If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.

1.2 million people live in Dallas. 4400 confused people, or about a third of 1%, dialed 911. You can't extrapolate from that to say that "no one" knew what to do.

For the clueless, here is what you should do when you hear a siren: 1. If you are in a tsunami warning area, head for higher ground. 2. Make sure your house isn't on fire. 3. If you have an air raid or fallout shelter, get in and seal the door. 4. If none of the above apply, then go back to bed and hope that someone else deals with the problem.

Great, you just killed everyone in tornado country. Hope you are happy.

Re: Don't encourage him

[Ol+Olsoc]

Probably because we mostly all preach it here to ourselves. Forgot to tell everyone else

They don't listen. I got tired of warning people. Now I just sit back and go "Poor Lambs, it's so hard some times, and those people are so mean!"

Except in here where I vent about it.

Re: Don't encourage him

"Poor Lambs". Goddamn I can sense the aura of your smug face, greasy combover, and pizza crumb covered matted-to-the-point-of-dreadlocks longbeard from here. Yeeech.

Re: Don't encourage him

[jrmcferren]

Don't laugh, but that's actually how the sirens in my county are activated. Each fire station's siren has a tone pair along with an all siren tone pair and a cancel tone pair for the all call tone. For an auto accident you usually get (not sure of the order) Siren Tones, Fire Pager Tones, EMS Pager tones, and a human decoded auto accident tone. This is simulcast from two sites on the main frequency (not sure if the other UHF system is still active) and the audio is carried on the digital P25 dispatch talk group.

Oh and we don't use what the people in the business call VHF (15X to 16X MHz range) we use Low Band (3X and 4X MHz Range).

Re:Don't encourage him

[rtb61]

Heh, heh,
5. Bend over and kiss you arse goodbye.

Re:Don't encourage him

[Maritz]

I remember when I was scoffed at every time I brought that up.

In case you somehow got the impression that you're the only person who thought connecting everything ever to the internet was/is a bad idea, let me reassure you that you're not, and I don't think you ever were.

Re: Don't encourage him

30MHz and up what you use is still VHF.

Re:Don't encourage him

[Ol+Olsoc]

I remember when I was scoffed at every time I brought that up.

In case you somehow got the impression that you're the only person who thought connecting everything ever to the internet was/is a bad idea, let me reassure you that you're not, and I don't think you ever were.

I had no idea I wrote that I was the only person who thought that way. Just relating my experiences when people only half-thought out solutions to problems, and mistook understanding for pessimism. Suits, yes men, and marketers are a nasty combination, prone to making really stupid mistakes, like the IoT. But no, I'm not the only one who spoke out against the IoT.

But back to your reply. Something about my confidence that strikes you as smug or something? Your reply would indicate as much. I'm not particularly smug, I'm a Cassandra. Some folks have trouble seeing the difference.

Open letter to the so-called hacker: Grow up

You woke me up. If you are still in Elementary School, I'll give you credit for skills beyond your years, but you need to know that waking people up in the middle of the night and making people wait 2 minutes for a 911 operator is wrong on so many levels.

If you are older than about 12, you don't get any kudos. Waking people up and doing thing to flood 911 is not just wrong but it's totally lame. I hope you spend some time in jail for this.

Re: Open letter to the so-called hacker: Grow up

What the fuck are you calling 911 for? That's NOT what the sirens mean, jackass.

Re:Open letter to the so-called hacker: Grow up

[Alain+Williams]

Maybe you should be grateful. He has exposed a security hole that will now be fixed - hopefully. Far better than it being found after, for instance, an arsonist disables the alarms before burning down a neighbourhood.

Re: Open letter to the so-called hacker: Grow up

And I say this person demonstrated a flaw that our enemies could exploit during an actual war, in a far more dangerous way that this childish prank. Kudos to him, because that's the only way this shit might get fixed, by having a big flashing sign of "incompetence" flashing over the desk of they people. In charge.

Kudos.

Re: Open letter to the so-called texan: STF up

Dear Texas: you have shit security and morons managing it. This is dangerous. I sounded the appropriate warning systems.

Maybe not what it seems...

[shaitand]

There have been recent reports of problems with the Dallas 911 infrastructure causing hold times and delays which resulted in deaths. This may have been an attempt to further highlight the problems.

Re:Maybe not what it seems...

[Zemran]

I like the way they blame the unknown entity "hackers" rather than accept responsibility for their own lax security. First and foremost it is their fault for running an open system. The hackers should be sought but first and foremost the problem is lax security.

Re:Maybe not what it seems...

[Ol+Olsoc]

I like the way they blame the unknown entity "hackers" rather than accept responsibility for their own lax security. First and foremost it is their fault for running an open system. The hackers should be sought but first and foremost the problem is lax security.

I mostly agree, but not totally.

The sirens should not be on the internetz period. Nothing life critical should be on the internet. But The people who made these decisions are using the same level of stupid as the businesses who are stuck on Internet Exploder 6 because they designed their business around it.

But having lax security is not a a reason to exploit it. Just because I don't have armed guards with authorized lethal force around the perimeter of my yard, and razor wire to keep out the riffraff, that doesn't mean it's my fault if someone robs me. They are still at fault.

Re:Maybe not what it seems...

[Motherfucking+Shit]

They probably aren't on the internet; most of these sirens are radio-activated. If you have a big enough transmitter and know what to send, you're good to go. Much like the Emergency Alert System, security is being retro-fitted as an afterthought in the form of signed control messages. But the rest of your point is on target, the designers unfortunately decided to rely on obscurity (the frequency, the message format and contents, etc.) to secure these things. Until they've all been upgraded, we'll have to put up with the occasional zombie warning or tornado sirens going off at random.

Re:Maybe not what it seems...

[shaitand]

The problem is people want to paint things in terms of black and white when the world is very very grey. There is no fixed amount of blame to be distributed between the involved parties, all are 100% responsible for what they've done wrong. This includes anyone responsible for supplying enough resources to secure the system and handle the call volumes as well as leadership over the team that secured the system.

The leaders should be on the chopping block and pointing a lower level resource and taking action against them shouldn't mitigate their blame at all.

I don't know the details of the hack but the security involved could be bad enough to amount to criminal negligence. On the flip side the flaws could have been present despite reasonable due diligence or due to a lack of resources.

The hacker(s) could have a mitigating factor if making a misguided attempt to expose flaws and problems with the 911 system, this method of exposure is misguided and may have risked lives but given that the flaws and problems with the 911 have cost lives already trying to get them resolved could still be a significant mitigating factor. In most states there is the concept of an affirmative defense wherein you've committed a crime but done so in order to prevent a greater crime. Grabbing a woman off the street against her will and throwing her in the car to drive away is kidnapping, doing so because you know there is an active shooter roaming the park targeting women and don't believe there is time to explain... that is arguably an affirmative defense to that crime.

The culpability of other parties does not in and of itself mitigate ones own culpability. This is a fallacy. Having poor security doesn't mitigate the culpability of the people who robbed you for their crime, the fact you are the victim in their crime doesn't mitigate your culpability for making yourself an easy target with lax security.

We say "don't blame the victim" but the right message is probably more like "blame the offender for creating a victim, the victim should blame themselves for being the easy meat" in the case of a public entity "themselves" includes both the entity and the public so everyone should do what they can stop their public entity from being the easy meat even if all they can do is bitch loudly while paying taxes so their representative has to take action.

Re:Maybe not what it seems...

[martinfb]

Somebody killed a 911 operator for holding too long?!

Re:Maybe not what it seems...

[shaitand]

No but someone should kill the computer that puts you on hold when call 911. If an operator screened the calls before using the hold button it wouldn't be such an issue.

City full of Stupid

City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.

People, people, people, when the emergency sirens are sounding, the authorities already know about the emergency. You don't need to call 9-1-1 to tell them about it, really.

People are so incredibly stupid.

Re:City full of Stupid

I'm guessing it was a bunch of "hey, so, this city siren thing is going off? what do i do? i threw away the pamphlet because past me was somehow certain it would never be important to future me; but now it's super-duper important"

City probably gave a similarly zero amount of fuck-all to the system, so it was just a chorus of bewildered "Uh...?" all around.

Except for some shit somewhere enjoying a rightfully earned "lawl."

That isn't to say the lulz acquisition is condoned, only that the criteria of one was met, through means good or bad. I explain this nuance on principle, that is, with no expectation of anyone actually learning the distinction from it.

Re:City full of Stupid

Those of us who grew up during the Cold War know very very well what an air raid siren means. Clearly this is a complete failure on the part of parents to educate their children about the real world.

Re:City full of Stupid

'Round these parts, it means one of two things: "Tornado Warning somewhere within xx miles", or "It's 3:30 PM on Wednesday".

Re:City full of Stupid

cut 'em some slack. most the callers went to texas public schools.

Re:City full of Stupid

[Ol+Olsoc]

We test them at noon every day in these parts.

I wonder what would happen if a disaster happened right at noon?

Re:City full of Stupid

Not sure were "these parts" are, but your test siren probably has a different sequence than the real one.

Let me guess

[JustAnotherOldGuy]

Let me guess, SQL injection strikes again?

Re:Let me guess

[gijoel]

Damn you Bobby Drop_Tables.

Re:Let me guess

[Megane]

Just "Dangit, Bobby!" would probably be most appropriate in this case.

No up to date firewall?

[ITRambo]

I've seen municipal systems that were set up years ago without any hardware firewalls, just Windows XP. They ignored my advice to harden the systems. It's alarming that towns are not fully proactive about their municipal Internet-of-things. This alarm system in Dallas is simply mischief that points out the flaws in one system. Other systems, some critical to a town's functioning, are still vulnerable. Politicians are mostly dumbasses that run on ideas, but once in office are dumbfounded, dazed and confused., on all levels of government.

Re:No up to date firewall?

[Sarten-X]

On the one hand, you have a low-damage attack that has happened once in a few decades. On the other, you have the real cost of continually upgrading and hardening (and re-hardening) a system over those few decades, taking funding away from other public programs.

As a taxpayer, I'm okay with risking an unscheduled wakeup, if it means my local high school gets an arts program. As a security expert, I'm still okay with the low risk of leaving such vulnerabilities open, as long as they aren't able to be used as staging for other attacks.

Re:No up to date firewall?

[ogdenk]

If it only costs them $800 to properly secure the civil defense alarms.... that won't buy your HS an arts program and they should lock it down. And when these alarms go off, we don't want people desensitized to them. It means get in your bomb shelter.

The last thing you want is to get nuked and have these alarms disabled beforehand. Few survivors beats no survivors.

Re:No up to date firewall?

Few survivors beats no survivors.

You are completely utterly totally wrong. Let me ask you a serious question. Have you ever met people? People do not deserve to survive. People are crap.

Re:No up to date firewall?

[ogdenk]

And otters rape baby seals. What's your point. Life is a cancer in general but it is intriguing and I want to see it persist.

Re:No up to date firewall?

[Sarten-X]

I'm very curious about the basis for your analysis. The only price tag mentioned in TFAs is a half-million-dollar contract to "maintain and repair" the system over the next 6 years. Roughly speaking, that's two salaried ($47,000/year) employees working full-time.

Per TFS, there are 156 alarm systems. At the low end, you're estimating a cost of $5 per system. That's not enough funding for a security consultant to sneeze at a system, let alone actually fix anything. Even if the $800 covers a centralized fix for all of the alarms, that would barely cover the time for a consultant to perform a mediocre security audit, or the price tag for a low-end hardware device, but not both. Of course, being a government panic-driven project, you can safely expect that the expensive-but-fast solution will be chosen, probably driving the cost upwards of $10K per instance.

However, $800 does buy a decent amount of consumable art supplies (paint, paper, wire, plaster), and if someone covers the consumable cost, it's actually pretty easy to find local artists and studios willing to donate time and nonconsumable supplies (work space, tools). Considering your analysis at the high end at $800 per alarm, the total price tag is $124,800... which is sufficient to hire an art teacher and rent space, as well.

Regarding the effectivity of the alarms... that's not really how it works, at all. If we get into a political situation where the sirens are likely to be necessary, you can expect a public-education campaign reminding people what they're for. No, it won't be as effective as keeping people in a persistent state of panic, but it's overall the safer route, compared to having the population on a hair-trigger to go rushing into shelters.

Re:No up to date firewall?

[ogdenk]

So have those 2 salaried employees learn how to lock down the system better? It doesn't take a specialized security consultant to learn typical IT best practices for locking down a public-facing system to reduce the likelihood of it getting pwned by a script kiddie.

If it's radio-based and uses DTMF tones and we're partying like it's 1979 it may be a little more interesting but not impossible to tackle. You'd probably have to replace some control systems with ones that support some form of authentication. Maybe using some kind of OTP that gets updated every so often to avoid pad reuse.

Either way, locking it down 100% might be expensive but to do a MUCH BETTER JOB would be trivial.

Re:No up to date firewall?

That's a great attitude as long as it's just some relatively harmless script kiddie messing about. When there's someone set on causing some real damage, you might rethink your attitude that having shit security is good.

I'm glad that I don't rely on your expertise in regards to security.

Re:No up to date firewall?

There is a reason why people that truly know security make 50k more than everyone else. You won't find anyone that knows what they are doing for less than 90k a year.

Either way, locking it down 100% might be expensive but to do a MUCH BETTER JOB would be trivial.

This gives away that you are out of your element. 100% security is impossible.

Re:No up to date firewall?

[ogdenk]

This gives away that you are out of your element. 100% security is impossible.

Of course it is with modern systems and humans playing any role. But if you can hack the 8-bit microcontroller in my 10 year old microwave remotely I'll personally hand you a solid gold trophy. Part of the problem is that people think that every single device on the planet needs to be connected to a network and run a clone of what was intended to be a multiuser timesharing system on a lightswitch.

You can get very near 100% with a lot of money and effort on simple systems however.

Re: No up to date firewall?

Help, I farted and I can't get it up.
#oldpeopleproblems

What's even the point of living until you get cancer. Your weird rape fetish isn't that interesting.

Re:No up to date firewall?

[swb]

I would suspect that the civil defense system if its computerized is weak on the computer side. I've worked with engineers recently on plant process control and they do a great job on the controls side, but their IT infrastructure and security is poor and they really resent being told what to do by non-"engineers".

So if its computerized, its setup screwy and not easy to fix unless you have a good working idea of the control setup, which nobody with an IT background will know how to control. I've dealt with systems like that and you basically treat them as black boxes because NOBODY but the installers/designers understand them, especially not the people you deal with.

Managing it over time seems like way more than $800, too. Regular firewall updates, OS updates, etc, basically somebody has to manage it like any other network.

Re:No up to date firewall?

I think security for emergency services are or should be focused on the availability and integrity parts of the security equation, since those affect each other. Of course, since the systems are increasingly interconnected, the confidentiality part comes in play when the emergency services can be disabled by hacking a smart light bulb at the city hall.

Re: No up to date firewall?

*Shoots your microwave wave with a rifle from across the street*

There I came up with a DoS attack for you old microwave.
You can just burn your money, I don't know want it but I don't want you to have it either.

Re:No up to date firewall?

[sootman]

"It's alarming that towns are not fully proactive..."

Literally. :-)

Re:No up to date firewall?

[sootman]

As a security expert, I'm still okay with the low risk of leaving such vulnerabilities open, as long as they aren't able to be used as staging for other attacks.

Well, yeah... it's not a problem, until it is, and then it's too late to solve. One prank per decade, and then they start running continually while a dozen other attacks are happening.

Most of the times when someone is telling me about a dog bite, the story contains the line "... and the owner said the dog had never bitten anyone before." Right. A dog never bites anyone, until the first time they do. I'm all for arts programs, but important infrastructure needs to be maintained at least somewhat.

Re:No up to date firewall?

It may only cost $800 now - but that's because the hacker has already done the expensive bit, which is identifying the vulnerability.

Take out their contribution, and you have to add about three more zeros to that price tag.

Re:No up to date firewall?

[Kabukiwookie]

As a taxpayer, I'm okay with risking an unscheduled wakeup, if it means my local high school gets an arts program.

Problem is probably that your tax money does not go to either the arts programme, nor improving security, but is spent on security theatre, with police being 'tough on crime' and picking up people for jay-walking, walking through a park after 10PM or person use of cannabis instead.

Re:No up to date firewall?

Water systems controlled by SCADA, no password, and full remote desktop access.

I fired the client (a water municipality in north Texas) after they refused to fix it.

Re:No up to date firewall?

[Maritz]

You say that, but you're still alive, and therefore a hypocrite.

In the past

[AHuxley]

John would call Bob on the POTS and they would talk. At the end of the chat Bob would activate the local siren.
Over the years the siren staff would get to know the other staff and no false calls and fake orders could occur.

Re:In the past

John would call Bob

Groovy! It's a story about the glory days when white men ruled the world.

Re:In the past

[Sarten-X]

...Until John gets fired, and he calls Bob from the parking lot saying there's an unscheduled federal readiness inspection, including a response test.

Every system is vulnerable. The only difference is the attack vector.

Re: In the past

I met the guy that does this in my tiny home town of less then 300 people a few years back. He literally had to walk 300 feet from his house to the shed at the base of the siren and flick a switch. Kind of amazing.

Who really cares about total security for these systems? I'd rather be woken up then not have it go off when needed because x component between state metrologist and the switch failed because of authentication errors.

If it was serious (as I've seen during a real tornado) then often you see law enforcement with sirens blaring patrol the streets.

Re:In the past

[thebigmacd]

But if Bob knows John, then the authorities will know who called in the fake test. Pretty risky for John.

Re:In the past

[martinfb]

Oh, but we were so much older then. We're younger than that now.

Re:Russians did it

Great idea for Trump! International sanctions in the form of cutting off Russia from the internet!

Re: Open letter to the so-called texan: STF up

[Sarten-X]

Everywhere has shit security. Every manager is a moron. Everything is dangerous.

A door being unlocked does not give one the right to steal what's behind it, and similarly having a vulnerable system does not give one the right to attack it.

Easily compromised

[Torin+Darkflight]

Having in the past been "one of those weird people interested in warning sirens as a hobby", I have a fair bit of knowledge to how insecure their control systems actually are, and thus how trivially easy it is to compromise them. Although security is slowly improving, a lot of older siren systems are controlled using unencrypted analog radio signals transmitting standard DTMF (telephone-type) tones. For a malicious person, it is shockingly easy for them to turn on an off-the-shelf police scanner, find the frequency used to control the system, record the activation signal (such as during a regular monthly test), then at a later time use an illegal transmitter of some sort to rebroadcast that recorded activation signal on the same frequency over and over. I do not know what control method Dallas uses for their siren system, but the fact that one of the news articles (CBS News) I read about this said the FCC has been asked to help investigate leads me to believe more than likely such an attack was utilized...and this isn't the first time such has happened.

Re:Easily compromised

Blah blah blah. Fascinating, certainly. But you really do have to wonder about the intent of the designers. Do you think maybe possibly they could have been trying to build something simple that would fucking work in an emergency. No, that couldn't be it.

Re:Easily compromised

It turns out they implemented a system that can be compromised easily at any time. GREAT JOB!

Re:Easily compromised

[phantomfive]

I cut those old system designers a break. Security wasn't well understood in those days. Remember most Unix systems were still using telnet and rlogin. We were all a little lousy at security.

Re: Easily compromised

Many security experts end up recommending solutions which create a failure when the system is needed. Even uninformed commenters here presume the phone network would be readily available to activate the system when that might not be the case.

The person who did this deserves to be fully prosecuted. The security gaps are not unknown with such systems. And with probably in excess of 10,000 hours of reaction work, discussion, and other loss the direct cost of this event could easily exceed $1M

Re: Easily compromised

[phantomfive]

The person who did this deserves to be fully prosecuted.

It's most likely the person who did this will never be caught.

Re: Easily compromised

[BaggyEyes]

This is the best comment so far imho. the typical internet (-security) relies on a heap of infrastructure. And dont get me started on OCSP ....

Re: Easily compromised

Not DTMF, but two-tone. It's late 1960s technology used mostly in paging systems. If anyone remembers the old TV show "Emergency," the two tones before the fire station alarm went off and a dispatcher told them where to go help someone was the same system.

The storm alarms are arranged in zones, each zone having a different two tone combination. Some systems will also have a tone pair that's an "activate all."

All that was needed to accomplish this attack was a $40 (max) cheap Chinese radio from Amazon, a quick online search for the frequencies and PL tones of the DPD analog repeater's paging channel, and the two-tone information. Many of those cheap radios will decide the tones for you.

Depending on how often they test there (or activate them for storms) a sociopath could accomplish the groundwork in less than two days, if they use overnight shipping. This isn't a sophisticated hack. The solution is to page over a P25 digital channel instead, but the retrofit will be north of $2000 a siren, probably $400,000 or so for the system in Dallas. Since Emergency Government gets shit for resources, and there's close to a zero chance the FCC could triangulate one short, low power HT signal somewhere in the Dallas metro (mobile makes it much harder) this probably won't be solved until it repeats itself.

Re:Easily compromised

Interesting thing is that I heard that something went wrong in the test for this month, too. I don't know details on it, though, and should probably look around to find out more.

Re:Easily compromised

[LesFerg]

I was amazed to find youtube vids by people who restore old air raid sirens, then drag them out into unpopulated regions to start them up.
Made my hobbies seem so insignificant... and quiet.

Prosecute the implementation team maybe?

I would like to know more about how the system was compromised. If it turns out that the company/group maintaining the system is negligent (e.g., 1+ year unpatched vulnerability, a default admin password, bonehead web server configuration error, common attack vector like SQL injection) then the action should be taken against them. Forget finding the "hacker". If someone repeatedly leaves their car windows rolled down, doors unlocked, and laptop sitting on the passenger-side seat... they're going to have a tough time getting the insurance company to pay that claim. Same thing here. Our government run systems are continuously found to be secured and maintained inadequately.

Re: Prosecute the implementation team maybe?

The implementation team is long retired or dead.
It makes no sense to prosecute old people because old tech wasn't secure. There were no security experts back then. That's like killing your parents for not telling you every possible way you could be killed.

That's not a siren. Now this is a siren.

[__aaclcg7560]

The only air raid siren I hear is the alarm on my iPad 2 going off at 4:30AM so I can start my government IT job at 7:00AM during the week. On the weekends I sleep in late and get up at 6:30AM.

Re: Open letter to the so-called texan: STF up

Person who activated the sirens could have stopped at one or two to show his ability; 156 is harassment.

Terrorist fears

[phantomfive]

From the article:

"We had people asking if we were being attacked because of what's going on overseas."

So they called 911. When terrorism strikes, call 911 for all your news info! (Not really, that's a bad idea).

Dallas Air Raid Sirens

Why do they need that? Nobody is stupid enough to waste a perfectly good bomb on that shit hole of a city.

Re: Open letter to the so-called texan: STF up

[Max_W]

I agree. I would like just to add that a door has several functions, and one of them is being a border line, not only physical one but also moral, legal, psychological, etc.

For example, if there is a picket fence around a property it does not mean that this fence must be impenetrable, i.e. to have barbed wire, movement sensors, etc. But still it is a good picket fence which have got many useful functions.

And people should not think, - oh, this picket fence is not secure, so I can cross it and do whatever I want on this property.

Re: Open letter to the so-called texan: STF up

One or two sirens shows his ability. 156 is a desperate cry for attention. I hope he gets that attention from stern men in uniform with no sense of humor.

Re: Open letter to the so-called texan: STF up

[Sarten-X]

Eh... not necessarily.

In a past professional life, I maintained an Emergency Broadcast System transmitter. EBS works by cutting into radio transmissions if a neighboring station transmits the right signal, repeating the broadcast on the local station. Essentially, if one station reported an emergency, the whole region would repeat it automatically. If the sirens work similarly, hijacking one would trigger the whole system.

The whole point is moot, anyway. Ability doesn't need to be shown.

Re: Open letter to the so-called texan: STF up

A door being unlocked does not give one the right to steal what's behind it

That is correct. However, when the entire world has immediate access to that door, then not securing the door makes you an incompetent idiot who has no business holding any job related to security. Depending on the good behavior of literally everyone with an internet connection makes you at fault for whatever happens if it was your job to secure it. Securing it is possible. The existence of malicious parties does not negate your responsibility, it strengthens it. The chance of encountering malice on the internet is 100%.

Re: Open letter to the so-called texan: STF up

normally those are to keep things in like dogs but also just for looks a lot of times too.

Color me unimpressed

Wake we when he can launch all our ICBMs. Then maybe I'll take notice. In the meantime all you crybabies complaining about a little noise should STFU!

Re: Open letter to the so-called texan: STF up

it also seemed yo have no purpose unless he or she is going to be all just checking your security for you sir. why you know unless its to distract or get attention away from another crime(not saying thats ok but i would understand it) whats the point at all. guess just brushing up on hacking practice makes perfect but creating that much attention maybe not the best approach.

Re: Open letter to the so-called texan: STF up

[phantomfive]

Dogs can jump over picket fences.

very-long-time Slashdot reader SigIO

Very-long-time? As if, that casual has a 6-digit UID!

Re:very-long-time Slashdot reader SigIO

[thegreatbob]

UID doesn't really tell us anything beyond how long ago someone registered their account... I was reading Slashdot for several years before I ever registered an account. Might still have been in the 6 digits, I don't really know. I also don't really care.

Re:very-long-time Slashdot reader SigIO

[SigIO]

Been reading since 98. Didn't register until 2000+.

Subtract 19 years from the AC poster above, and I think someone's grossly incontinent.

It's funny

I am sure people were grumpy, but it adds interesting variety to life. Appreciate it. Laugh it off.

As for everyone phoning 911, they shouldn't have done that, they should have phoned non-emergency numbers, in addition to seeking shelter.

Re: Open letter to the so-called texan: STF up

They can also dig under them, but that's not the point. If you have a picket fence to enclose a dog, i'd imagine it would be at a height where that is not possible.

Telnet or VNC?

My money is on Telnet or VNC.

Re: Open letter to the so-called texan: STF up

[Zxern]

There is no such thing as perfect security. Given enough time any system can be broken.

Re: Open letter to the so-called texan: STF up

What attack? That was normal operation of the sirens.
An attack would have been if he cranked up the volume and blew them out. Or maybe planting malware for more nefarious purposes.
If you leave your door unlocked and somebody comes by and opens then closes it every few minutes is that an attack?

Re: Open letter to the so-called texan: STF up

Now can you tell us where is this line in the digital world? Is it you IP address ? Or maybe it's you router ? Or your web server's TCP port number ? Is there a line somewhere between the data served by your web server and the data that's not served by your web server but which is still located on your web server.

See, the door analogy isn't that obvious in the digital world. Unless you took all necessary precautions to make me know that the data / system is protected and shouldn't be accessible, I have no other means of knowing it. The only way to ensure it is protected would be to encrypt it.

What if you forgot to enforce authentication for that obscure URL that starts all alarms around the city and I happen to be the one hitting it unknowingly?

I am not saying this is not a crime, just that the "door" doesn't really exist in the digital world and things are not that obvious, that's why you have laws and regulations.

Re: Open letter to the so-called texan: STF up

[phantomfive]

Now can you tell us where is this line in the digital world? Is it you IP address ? Or maybe it's you router ? Or your web server's TCP port number ?

If you access any of those with the intent to hack, then you might go to jail for it. People have gone to jail for going to a URL with their browser.

See, the door analogy isn't that obvious in the digital world.

I'll clarify it for you: break into someone's house, go to jail. Break into someone's computer system, go to jail. That is the analogy. It's not perfect, but the point is correct: "poor security" isn't a defense in a court of law.

Re:Russians did it

[Jason1729]

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.

I've seen that film

[OpenSourced]

Then, when the real air attack happens, two hours later, the alarm system is disconnected, I think that was with a museum or something, but the idea is the same. RIP Dallas.

Re:I've seen that film

[johnnys]

"How to Steal a Million". 1966 movie with Peter O'Toole and Audrey Hepburn. Lots of fun. :)

Re: Open letter to the so-called texan: STF up

I didn't say anywhere that poor security is a defense.

I was just saying that a door in the physical world is an object with well defined properties, that all people are expected to be aware of.

The closest analogy in the digital world would be authentication or encryption. However if none of these are used and there is no indication that there is a door, you can't complain of people trespassing it ...

Far worse...

[johannesg]

So the sirens sound, and presumably the North Koreans have a nuclear strike on the way. And what do the good citizens do? _nothing_. Only 4400 actually tried to figure out what was wrong; the rest simply ignored it.

You might as well get rid of the entire system, nobody cares about it anyway...

Re:Far worse...

[JaredOfEuropa]

You figure out what's wrong by turning on the TV or radio. In fact isn't that what they advise you to do when the siren goes off? What do you expect froma call to the emergency number? "Yes, a nuclear strike was launched and you have about 10 minutes. Would you mind warning your neighbours? Oh, and remember to duck and cover, have a nice day".

The emergency number is for people with an actual emergency

Re:Far worse...

[johannesg]

Yeah, but was there actually any information on radio or TV? Of course not: those weren't hacked.

Missiles are inbound in five minutes. What do you do next?

Re:Far worse...

[Mordaximus]

So the sirens sound, and presumably the North Koreans have a nuclear strike on the way. And what do the good citizens do? _nothing_. Only 4400 actually tried to figure out what was wrong; the rest simply ignored it.

You might as well get rid of the entire system, nobody cares about it anyway...

Considering that the sirens are to get people indoors in the event of Severe Weather and that most people were probably indoors when they went off, it's not surprising they did _nothing_ apart from what they are supposed to do - monitor radio and television.

Dallas outdoor warning sirens.

Re:Far worse...

[mrzaph0d]

I have family there. They said no information on the TV, nothing on the radio. I think the time it started contributed, all of the newscasts had already ended.

Re:Far worse...

[yodleboy]

Around here (dallas area) no one gives two shits if the sirens go off and the weather is not bad. We aren't concerned about imminent nuclear strikes, we're concerned about being at the tail end of Tornado Alley. Perhaps you've heard of it? I got a nice day after christmas treat a year ago when a tornado went through my neighborhood and missed my house by a block. Lucky for us, when the power went out, and we couldn't watch the news, the sirens went off in enough time for use to shit ourselves in a closet.

We'll keep the system, thank you very much.

Re:Far worse...

Actually, I flipped through the channels during it and saw that NBC was running a crawler when it happened. But not the other channels.

Re:Far worse...

[hexadecimate]

"The smoke alarm went off in the hallway upstairs, either to let us know the battery had just died or because the house was on fire. We finished our lunches in silence." -- Don DeLillo, _White Noise_.

Re:Far worse...

[Maritz]

This guy seems to think the 'smart' thing to do is pack up your stuff and head for the hills/get in a bunker without confirming what, if anything, is happening.

Could be a distraction

Why would anyone bother doing something that insane unless they needed a distraction for something much worse? All it does is provide an excuse to nearly indefinitely monitor Dallas communication systems until it's "safe," to which there's no actually definition. Matter of fact, unlike the larger cities such as New York city, you know Texas isn't on board with cameras all over the place. Well, keep an eye out because I got feeling they're getting them now.

Oh please,

[geekprime]

I lived literally across the street from one of those fucking things and was working second shift. Every single fucking "test" Wednesday, I would wake up at 10 am in sheer fucking terror and try to hide under a desk thanks to the duck and cover indoctrination I was given as a child.

Awww, it went off when you were awake? My tiny violin laughs in your general direction.

Air raid sirens??? How delightfully "Cold War"

[HuskyDog]

Apologies for my ignorance, but are sirens like this common in the USA and if so, what for?

So far as I am aware we don't have any such things her in the UK (I haven't seen one, heard one being tested, received a leaflet about them or seen a news report about them). We certainly used to have them when I was a child back in the 1970s and I remember occasionally hearing the one in our village being tested when I was at school. But we got rid of them all when the cold war ended.

I can see how such a thing might be useful in areas where tornados could be expected, but (and again sorry for my ignorance) I thought that tornados couldn't strike built up areas like Dallas as big buildings broke up the air flow.

Re:Air raid sirens??? How delightfully "Cold War"

[DamonHD]

I hear them from time to time here in the UK. Could be for individual buildings or at larger scale, I don't know.

Rgds

Damon

Re:Air raid sirens??? How delightfully "Cold War"

Yes, these are common in the USA as part of county emergency services.

They are tested monthly usually at noon on a Saturday. Hearing them at any other time means something else is up. If it is raining, I'll turn on the weather. If not, I'll turn on a local news channel.

Last week they went off and it was clear, but had been raining a bunch. Flash flood warnings for my area.

Dallas has tornadoes. Tornadoes travel many miles. Everywhere east of the Rockies does and a few have been seen west of there. Here's a map of some tornadoes in the USA since 1950:
http://mrcc.isws.illinois.edu/... I know it is missing some that came near my house, so it isn't 100%. Bldgs aren't a consideration for 300mph winds - they don't care - only a mountain will stop them. That is the normal use and only when there is a real warning. They (govt) don't cry wolf often, so we tend to believe them. Places that don't have tornadoes have other natural issues - earthquakes, extremely high winds, flooding caused from rain hundreds of miles away. In the canyon-lands, water gets channeled and flows hundreds of miles. Empty, dry, canyons can be fulled with 20 ft of rushing water without warning.

Of course, way, way, out in the country, only the county "seat" would have these sirens, probably near the airport/weather station.

We don't "duck and cover" anymore here either. It would be useless. I grew up living at nuclear targets. I wouldn't want to survive any attack. Vaporize me immediately, please.

Re:Air raid sirens??? How delightfully "Cold War"

[Mordaximus]

They aren't air raid sirens.

Dallas outdoor warning sirens.

Re: Air raid sirens??? How delightfully "Cold War"

Not just county seat, in my central midwest state any incorporated town has one. Because Tornadoes and high winds are a very real and terrifying concern every year.

Why my ancestors moved from western Germany in the late 1880s I don't know. No major wars vs apocalyptic natural phenomenon

Re: Air raid sirens??? How delightfully "Cold War"

We used to have them where I live in Canada also back in the 70's, early 80's. They would test them every summer. I really miss hearing them actually and if I find one for sale in going to buy it. They took them down but I'm not sure what they did with them, they were pretty big though so I think I'd have to find a small version.

Re:Air raid sirens??? How delightfully "Cold War"

[EvilSS]

Apologies for my ignorance, but are sirens like this common in the USA and if so, what for? So far as I am aware we don't have any such things her in the UK (I haven't seen one, heard one being tested, received a leaflet about them or seen a news report about them). We certainly used to have them when I was a child back in the 1970s and I remember occasionally hearing the one in our village being tested when I was at school. But we got rid of them all when the cold war ended. I can see how such a thing might be useful in areas where tornados could be expected, but (and again sorry for my ignorance) I thought that tornados couldn't strike built up areas like Dallas as big buildings broke up the air flow.

They are part of the emergency alert systems here. Their main use these days is to warn of severe weather such as tornadoes or dangerous thunderstorms. If you are outside (or even indoors if close enough to a siren) they can alert you to incoming dangerous weather and to seek shelter. The system also sends out automated signals to local TV and radio stations, as well as cell phones.

As for tornadoes striking cities, it's rare but not impossible. In 2000, for example, a tornado hit downtown Fort Worth, Texas . Fort Worth is part of the larger Dallas-Fort Worth metro area and it's downtown is fairly built up. Plus a lot of big cities have suburban areas around their downtown cores that get hit as well. Outside tornadoes there are also severe thunderstorms that can strike and have dangerous lightning, hail, and straight-line winds.

Re:Air raid sirens??? How delightfully "Cold War"

[HuskyDog]

So, I think the key conclusion here is that if we in the UK had weather as "exciting" as yours then we might have kept our cold war sirens!

Re:Air raid sirens??? How delightfully "Cold War"

Industrial accidents causing toxic or nuclear fallout, chemical fires near populated areas beside the obvious natural phenomena and actual war like conditions are all something to be considered. The former might be more probable than the latter here in Finland, for now. We test the systems monthly in densely populated areas so even if the UK has a similar system, the sound of the tests might not reach places like the village you grew up in.
  As far as the US is concerned, I saw a TV programme about a US town which had lightning detector triggered sirens because of the area were they were located was in the thunderstorm corridor (or something similar). The system had managed to save lives already then.

Re:Air raid sirens??? How delightfully "Cold War"

[Cimexus]

As someone who moved to the US (from Australia) hearing these sirens is one of the (many) surreal things about living here. Australia relies on radio, TV and SMS/phone alerts - no sirens.

The sirens here in the US sound like something out of an old cold war movie. Duck and cover! They test them at noon every Wednesday in the area I live in...

Re:Air raid sirens??? How delightfully "Cold War"

[Aqualung812]

Australia relies on radio, TV and SMS/phone alerts - no sirens.

Part of the reason sirens are used is that they don't depend on the same centralized systems, normally.

If the storms have knocked out power, the only likely remaining source active is SMS, and not everyone has it, or has it charged. It is not uncommon for a storm to knock out power, preventing everyone with their phone charge level in the single digits from recharging, and then a more severe storm to show up a few hours later.

The sirens are almost always equipped with battery backup and can be activated without a central system.
That distributed nature may also be what was leveraged to commit this attack.

Radio / TV

[DrYak]

The article did not say what the immediate response of the authorities was, did radio and TV stations promptly transmit a 'do not worry' message?

How does this work in the US ?
Here around in Europe, the authorities are supposed to immediately broadcast informations about the alert on all available channels (TV, radio, web, public announcement systems, etc.) informing about the nature of the threat and the proper procedure to follow to stay sage.

(Well in theory. In practice, given the relative peacefulness of life Europe, 99.9% times you're going to hear a siren, it's just a test of the system as announced the day before in the local newspaper / newscast, and the only thing you're supposed to do is just check that you can hear them and then eventually proceed with the announced evacuation drill that your employer has planned to coincide on that day).

Re:Radio / TV

[markdavis]

>"How does this work in the US ? Here around in Europe, the authorities are supposed to immediately broadcast informations about the alert on all available channels (TV, radio, web, public announcement systems, etc.) "

Correct, that is the way it works here. If sirens go off, you are supposed to seek out a broadcast to determine the nature of the emergency. Where I live, it is always a weather emergency (like a tornado warning; and no, even though we don't live in "tornado alley", several touch down every year).

They are also used for nuclear power plant incidents, extreme thunderstorms, hurricanes, and civil defense.

Re: Radio / TV

In Dallas, 99% of our sirens are for tornados. Get to your bathroom or closet. We test our sirens on the first Saturday of each month at noon.

Re:Radio / TV

[Megane]

In these days of shifting from "Cable is King" to Cord Cutters... well, as far as I know, they did get the cable companies to put emergency interrupt capability in every fucking channel. But it's a bit hard to do that with Netflix, or even an https request.

And the problem with disaster emergencies is that they are so infrequent that the mindless masses have no clue what to do, because it hasn't happened since the last Oscars, and that's as far as they can remember before their ADD kicks in and they start wondering what all the gossip page celebrities are doing.

To make it worse, now mostly mundane stuff has become an "ALERT!!!!!111!!!", which contributes to giving everyone alert fatigue, and when something real happens, they don't even know if they are supposed to care. But a siren going off while they're trying to sleep? In the land of people calling 9-1-1 because their fast food isn't fast enough?

Re: Radio / TV

[Ol+Olsoc]

In Dallas, 99% of our sirens are for tornados. Get to your bathroom or closet.

Good idea, because when I hear the sirens, I shit myself.

Re:Radio / TV

[Ol+Olsoc]

I

To make it worse, now mostly mundane stuff has become an "ALERT!!!!!111!!!", which contributes to giving everyone alert fatigue, and when something real happens, they don't even know if they are supposed to care?

Exactly this. We've gotten so many alerts that we gave up and turned them off. And most were stupid. Most are too far away, most are false alarms, like when a woman thought her kid was abducted by her Ex, and it turned out the little girl had gotten in the car, took it out of gear, and the car drifted down the driveway and into the nearby woods. Even so, that alert was like 200 miles away.

We had one right in our neighborhood when a little boy was a couple minutes late walking home from school. Full alert with the dogs and police and rescue groups activated. Turned out the reason he was 5 minutes late was he stopped to talk to a friend. So 10 minutes after the alert, it was called off. And my alerts were all turned off.

Society might be happy to go insane, And turn it up to 11 on everything, but I don't feel like participating.

Re: Radio / TV

[demonlapin]

Same story in my city. We test on the first of the month at noon (unless there is bad weather). There was a siren mounted on top of the hospital where I used to work; it would always freak out people who weren't from the area.

Re:Radio / TV

[knorthern+knight]

> In these days of shifting from "Cable is King" to Cord Cutters... well, as far as I know,
> they did get the cable companies to put emergency interrupt capability in every
> fucking channel. But it's a bit hard to do that with Netflix, or even an https request.

That's where AM and FM radio excel. Turn it on and listen. They both have longer range than cellphone cells, and continue functioning when the cell network gets overloaded. While we're at it, most smartphones *SHOULD* be capable of FM radio reception. But many smartphones in the USA are deliberately crippled, due to cell carriers demading this from OEMs. This is greed, pure and simple. The carriers want people to pay through the nose for data over-usage, rather than listening to FM radio for free. https://yro.slashdot.org/story...

Re:Radio / TV

[timholman]

Exactly this. We've gotten so many alerts that we gave up and turned them off. And most were stupid. Most are too far away, most are false alarms ...

About a year ago, my employer used our cellphone emergency alert system (originally intended to warn everyone of an actual campus emergency) to call everyone at 12:30 a.m. with a prerecorded message, telling every university employee that a shooting had occurred at a restaurant about 1.5 miles from campus. About an hour later, we got another alert telling us that the shooter had fled from the restaurant, and was being sought by city police. As you might guess, the shooter never came anywhere close to campus before being captured.

The next day, I checked with my colleagues, and everyone had done the same thing - either opted out of the emergency alert system, or blocked the number. The system became useless and was abandoned in favor of an emergency warning app that everyone is supposed to download and install - which, of course, no one has.

The so-called "fake news" controversy doesn't hold a candle to the very real problem with "fake alerts". One day an honest-to-God emergency will really happen, and no one will be listening.

Re: Radio / TV

Hopefully not in the closet.

Re:Radio / TV

[Ol+Olsoc]

The system became useless and was abandoned in favor of an emergency warning app that everyone is supposed to download and install - which, of course, no one has.

The so-called "fake news" controversy doesn't hold a candle to the very real problem with "fake alerts". One day an honest-to-God emergency will really happen, and no one will be listening.

Ach. Did you folks get the sexual assault notices? I kept them off my phone, but still get email. Most are weird, and tend to go like this: An unknown person was assaulted by an unknown person at an unknown time in an unknown location. The report was made by an unknown person. It was not known if the assailant knew the victim.

And they wonder why no one wants to get those required by law to make alerts.

Re:Radio / TV

[Megane]

A good one here in Texas is the so-called "Silver Alert". Whenever an elderly person drives off in a car, AMBER ALERT goes up on highway text signs all over the state. Except that they always list the city name of the suburb where the person was last seen, and it's usually somewhere around Houston, because apparently they're the only ones making these reports, so nobody outside of the Houston area has ever heard of the place where it's happening.

Re:Radio / TV

In Australia we have shark sirens at many swimming and surfing beaches.

I don't live anywhere near cyclones hit but I imagine that they have sirens as well.

Here emergencies are generally broadcast on a low frequency AM band. If there is a bush fire any phone anywhere near the effected areas gets SMS notifications, I'd imagine the people up north get the same when there is a cyclone bearing down.

Re:Radio / TV

[Ol+Olsoc]

A good one here in Texas is the so-called "Silver Alert". Whenever an elderly person drives off in a car,

So that's what those roadway lightboards are all about. I kept seeing that when I was down south this winter.

The name connection is sorta amusing.

Re:Radio / TV

[Cro+Magnon]

Yesterday, I was driving around with my GF, and her phone made a awful noise. Turned out there was an Amber Alert. For a second I wondered why my phone hadn't gone off, then I remembered I'd turned off Amber Alerts after that time it went off 5 times at night for an alert in a nearby city that turned out to be a custody dispute.

Re:Radio / TV

[Talderas]

As a counter example to your 5 minute example...

http://wane.com/2016/10/10/jai...

Amber Pasztor claims she killed her kids after hearing the amber alert.

Re:Radio / TV

[Ol+Olsoc]

As a counter example to your 5 minute example...

http://wane.com/2016/10/10/jai...

Amber Pasztor claims she killed her kids after hearing the amber alert.

Weoh, although I think that our local mother was just hypersensitized by the barrage of child abduction stories and the fearmongers.

This Paztor woman was just evil incarnate http://wane.com/2017/02/28/new...

Re: Radio / TV

[gregorthebigmac]

Lucky. I've lived in a few places in IL, so I'm assuming it's a state-wide thing (correct me if I'm wrong, here), but everywhere in IL I've lived, it's always 10am on the first Tuesday of every month. So you're at work, coding away, or in class, trying to hear a lecture? Siren test! Game off, everybody, until this stupid siren finishes its thing. Very annoying. Saturday at noon would be way better.

Re: Radio / TV

[poofmeisterp]

In Dallas, 99% of our sirens are for tornados. Get to your bathroom or closet. We test our sirens on the first Saturday of each month at noon.

Don't forget to call 911 on the way to the closet to let them know you're safe and not to worry about you.

Re:Radio / TV

[poofmeisterp]

In these days of shifting from "Cable is King" to Cord Cutters... well, as far as I know, they did get the cable companies to put emergency interrupt capability in every fucking channel. But it's a bit hard to do that with Netflix, or even an https request.

And the problem with disaster emergencies is that they are so infrequent that the mindless masses have no clue what to do, because it hasn't happened since the last Oscars, and that's as far as they can remember before their ADD kicks in and they start wondering what all the gossip page celebrities are doing.

To make it worse, now mostly mundane stuff has become an "ALERT!!!!!111!!!", which contributes to giving everyone alert fatigue, and when something real happens, they don't even know if they are supposed to care. But a siren going off while they're trying to sleep? In the land of people calling 9-1-1 because their fast food isn't fast enough?

It doesn't surprise me. I wouldn't be at all phased if I found out that 90% of the younger generation has to get dressed and go out to their car to get access to a radio with broadcast receive capability. No, I'm not joking.

Re:Russians did it

[drinkypoo]

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.

Hence the interest in satellite-to-satellite communications.

So what SHOULD people do?

[Bruce66423]

I guess they should turn on their TV to see if the emergency broadcast system had kicked in. If it had, do what that says. But is that how people reacted.

The sirens appear to offer little purpose if they aren't achieving that; more thought required?

Re:So what SHOULD people do?

[DalM]

Check Twitter. Make Jokes.

Re:Russians did it

Wouldn't we just then reroute all traffic through South America? Of course, at the rate we are going, I don't think we'll have anyone out there in the rest of the world who cares enough to talk to anyway.

Re: Open letter to the so-called texan: STF up

Dogs will often respect a fence they could jump over. Ditto horses.

This isn't a new stunt...

[flightmaker]

My father told me afterwards that the air raid sirens in the UK all had their own power supply with a relay, all controlled by cables from a switch in the police station which seems reasonable.

Soon after we moved into a new home together, maybe 25 years ago, at around midnight one night, some jokers managed to break into the building housing the local air raid siren. All they needed to do was use a length of wood to jam the relay contacts together and everybody was on the phone to the emergency services to confirm whether or not the Russian nuclear bombers were heading this way!

So blame the civil defense people?

Why is it most comments blame the civil defense people and not the idiots who had nothing better to do but hack the sirens and cause trouble? Do we really expect everyone to obsess over every system to prevent idiots from hacking them or should we focus on punishing those who do the hacking. Its like saying people who paint graffiti are not the issue, we should make walls that do not accept graffiti. Especially this time of year, the sirens are a critical alert system for severe weather.
You can spend a lot of money trying to hack proof a system with no success. But punish a few of these idiots and you'll reduce the frequency of them.

Re:So blame the civil defense people?

[knorthern+knight]

> Do we really expect everyone to obsess over every system to prevent idiots
> from hacking them or should we focus on punishing those who do the hacking.

When "idiots" can compromise a warning system, and potentially cause a lot of deaths,YES!

> Its like saying people who paint graffiti are not the
> issue, we should make walls that do not accept graffiti.

People who paint graffiti are *AN* issue. The problem is that there are a lot of assholes, and just plain evil people, out there. And that's just in the USA. There are 7 billion people on the planet. If you allow all of them access to your systems, there'll be someone who hates you enough to screw you over...
* Kim Jong Un
* or some random Russian criminal who wants some bitcoins to restore your documentation files
* or the thousands of islamic militants who are perfectly willing to blow themselves up if they can kill several "infidels" in the process
* etc, etc

It's not paranoia if they really are out to get you. The correct answer is similar to the military's "need to know" approach. Ask yourself "who *REALLY* needs to access this system", and then only allow them access.

Yes, go ahead, blame the pranksters....

[140Mandak262Jamuna]

But never even think for a moment the people who left the doors wide open, keys in the ignition, built homes without doors....

Re:Yes, go ahead, blame the pranksters....

I hope you wise the fuck up before you hurt someone or get yourself thrown in prison proving how much more clever you are than everyone else.

"Compromised" might be too strong a word

The city where I live had the same thing happen. When they bought the system they decided to use touch-tone commands sent over an unencrypted radio channel to activate the sirens. Yes, someone figured it out and simply replayed the tones and they all went off multiple times. The city shut them all down for years because it was going to cost $40,000 to "encrypt" the radio communications. Forty grand. Another clueless city giving bloated contracts to "friends of the family" no doubt.

So they stopped maintaining them and some years later a tornado blew through town and destroyed some homes. All of a sudden it became a high priority to fix the run-down sirens and replace their control mechanism.

The Panic was real

[SigIO]

Understand folks, these sirens NEVER go off unless they're testing or there's a tornado,large hail, etc.

Rousing people from their sleep in this manner, coincidentally right after we launch 60 cruise missiles at a Russian ally, is fucking frightening.
Frankly, it wasn't until I learned on Twitter that Dallas was the only place were the sirens were going off that the panic subsided.

Re:The Panic was real

[ledow]

I'm amazed that a modern country bothers to spend money maintaining (or rather, pretending to maintain) a system that achieves... well, nothing.

"Large hail"? Really? Though I'm sure it can be quite damaging and painful, it's not a large-scale emergency, especially if you have no way of knowing what the fuck is going on.

And let's say, for instance, that it was warning of a retaliatory response. What, precisely, are you going to do about it? What action can an entire city take that will significantly enhance their chances of survival?

And what action DID you take about all this and which convinced you nothing was wrong? You went on Twitter (i.e. a communications medium perfectly serviceable for such an event that you could set up alerts for if you actually cared about fucking hail).

To be honest, I don't think my country even HAS such warnings except in very, very small areas (e.g. chemical plants have chemical alarms that can be heard locally, etc.). I've certainly never heard of one, and nor have my parents. Because they're expensive to maintain and upgrade and provide literally fuck-all warning that you don't already know about, convey zero information, and are vulnerable to mis-use.

Like the "text alert" systems that I hear about in other countries, where everyone in a city gets a text to alert you to a missing child? Well-intentioned, sure. But I'll be switching that shit off after the first time it wakes me up, whether at 4pm or 1am.

It's a pointless, archaic, useless and expensive way to panic people (often unnecessarily) in the modern age.

Re:The Panic was real

[SigIO]

We had softball size hail the other day. To people outside, that's potentially lethal. The killing power of tornadoes speak for themselves.
Most countries don't have the frequency, or magnitude, of tornadoes and hail that the United States' midwest does.
That is the primary, and most certainly useful, purpose of the civil-defense sirens. (...you insensitive clod.)

Absent severe weather, the sirens blaring at night is potentially an indicator that you should prepare to kiss your family, neighbors, and ass good-bye.

Re:The Panic was real

[gosand]

I'm amazed that a modern country bothers to spend money maintaining (or rather, pretending to maintain) a system that achieves... well, nothing.

"Large hail"? Really? Though I'm sure it can be quite damaging and painful, it's not a large-scale emergency, especially if you have no way of knowing what the fuck is going on.

OK, so from the rest of your comment it's obvious you don't understand. I am not in Texas, but where I live we do have these warning sirens. They are absolutely real, and for good reason. They are mainly used for tornadoes, which are absolutely fucking deadly. If the tornado siren goes off in the middle of the night, I would immediately get my family into our basement. That would absolutely save lives in a real emergency. I don't know where the hell you live, but you seem to be unaware of things in the US like dangerous weather, so a basement is an underground portion of a house that is poured concrete. It's the safest place to be if a tornado comes through.

And to your comment about hail, it can be pretty dangerous. When I was 18 we had a hailstorm where they were the size of softballs... that's bigger than a baseball/tennis ball... again, don't know where you're from. It broke out windshields of cars. I had to drive in it to get my brother from school, and it was scary. My dad sold insurance, and he had pictures of one guy's house where a FOOTBALL (American) sized chunk of hail went through his room and landed in his living room!

They test those sirens once a month where I live, and if you hear one outside of that scheduled test, you'd better pay attention. Severe weather can be deadly, and I hope whoever pulled this 'prank' pays a price for it. There was probably a safer way to make a point.

Re:The Panic was real

[EvilSS]

Let me guess, you are either not from north america, or live on the west coast? I find people from outside the US and Canada or who have only lived in the relatively milder west coast areas of the continent tend to grossly underestimate the severity of the weather we get over here.

Re:The Panic was real

You are a nattering neigh-bomb of negativism. Just enjoy the show. Personally I wish they would have a fire works demonstration every time there was an important alert coming down the pipe. How cool would it be to shoot off fireworks every time there was a chance of a tornado. Barring that they could at least have a cool laser light show (assuming its night)

Re:Russians did it

You really believe that do you?

Re: Open letter to the so-called texan: STF up

Every time one of these things happens slashdot blames the sys admins. Yes, I'm sure there are a lot of shitty systems out there being poorly managed and that need better oversight, but the real issue is that cyber crimes are still ill defined, poorly understood, and the punishments too inconsistent and weak.

Some asshole is always going to find a hole and exploit it. We need a stronger deterrent and better education for the general public about the issue.

Uncool.

The kid should be stung up for something like this.

Re:Uncool.

[Ungrounded+Lightning]

The kid should be stung up for something like this.

You could jail him under a siren and test it a lot.

Re: Open letter to the so-called texan: STF up

Oh, yeah, I guess you're right and I'm wrong. And just to prove how right you are and wrong I am, would you mind providing me with your credit card numbers, bank account numbers, social security number, and anything else that you can think of that would let me completely bankrupt you? You are obviously arguing that we shouldn't even bother with security since, given enough time, everything is breakable. So you should put your money where your mouth is, and give me access to all that information right now. :)

Just a thought

For the folks who are giving these people a ration of shit for calling 911 . . . .

It's nearly 1:00 am and the sirens have been blaring for an hour now. There is no information being broadcast over the usual channels so no one knows WHY the sirens are still activating.

There is no one else you can call this time of day that will answer the phone.

As they only go off in an EMERGENCY, and it's definitely not a test, who the fuck would you expect them to call if, for no other reason, to try and find out what the emergency is ? Emergency type dictates the proper response to it. IE: You don't duck and cover or stop-drop and roll for a flood :|

Some of you people are so GD judgemental it's fucking pathetic. Any chance there is to belittle folks for any reason you just jump all over it.

They haven't found the hacker, which may not be US

[Fly+Swatter]

Calling it a 'US hacker' is completely wrong at this point since they have not identified the hacker. News titles should stick to facts.

Re: Open letter to the so-called texan: STF up

I'll clarify it for you: break into someone's house, go to jail. Break into someone's computer system, go to jail. That is the analogy. It's not perfect, but the point is correct: "poor security" isn't a defense in a court of law.

That doesn't actually clarify it. At what point have I broken in? Did I break in when I performed the equivalent of asking your PC to let me connect to it? No falsified credentials, no lock picking, just a nice and pleasant "excuse me Mr PC, may I view your c-drive please?" and the PC going "certainly stranger whom I do not know".

This is why I prefer the Crazy Ex analogy over my fellow AC's attempt at maintaining the door analogy. If I knock on your door, and for whatever reason your Crazy Ex is inside, and they invite me in, I have no reason to suspect that this person is not allowed to let me in, and I have committed no crimes by entering. If your Crazy Ex is having a yard sale while you are out of town, and I buy all your stuff from your Crazy Ex, again I have no way of knowing that they do not have permission to sell these things, and I have again committed no crimes (whether or not the stuff should be returned is a different discussion. The point is, I committed no crime when acquiring those items.).

Likewise, if I change a query string variable, and suddenly I can see my neighbor's account information, I have no way of knowing whether or not AT&T meant for me to be able to view that, or whether their "Crazy Ex" is in the building granting access to things that others should not see. You might claim it obvious, but in reality, it isn't. For another example, I can look up the water bills of anyone in my county, just by knowing the house address. I'm not even changing a query string variable. My county literally has a form that consists of "enter an address and click 'submit'". Sure, it feels weird that I can do that, but I arrived at the page simply by navigating from the county home page, so I have to believe that it is perfectly legal.

Re:Russians did it

[Ol+Olsoc]

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.

Hence the interest in satellite-to-satellite communications.

But in humans propensity for insanity, we'll no doubt send up some satellite killers, and the resulting rubble will make our first war in space be our last for at least a hundred years, depending on the orbital decay And that's we as in all of us.

And for Ivan bragging about his subs, why would you cut off one of the best weapons you have? Cutting off the US would hurt you and your tactics more than ours. How you going to alter the vote counts then?

O($1K) per siren to secure?

[Mathinker]

Someone has cited an multi-thousand dollar cost per siren to fix the broken system which used unencrypted radio and touch tone signalling.

I'm sure that it is possible to set up a Raspberry Pi to authenticate the received touch tones in a way similar to the two-factor authentication fobs, at a much reduced cost, no? Or am I missing something?

Re: O($1K) per siren to secure?

[Ungrounded+Lightning]

I'm sure that it is possible to set up a Raspberry Pi to authenticate the received touch tones in a way similar to the two-factor authentication fobs, at a much reduced cost, no? Or am I missing something?

What you're missing is that it's a life-critical system that has to run unattended for years and work every time when needed, or people depending on it may be injured or killed.

So the equipment has to be engineered, built, and tested to high standards.

How high? High enough to convince the insurance company city-raters to believe it will do the job. Otherwise the city's rating will drop and everybody's insurance premiums there will go up, to the tune of many millions per year.

(Insurance companies are capitalism's way of mapping risky behavior's costs from damage, suffering and death into money out-of-pocket BEFORE people get hurt and damage gets done.)

better it happens now than later

Sad to say that black hat or white hat this is probably the only way the system would ever get fixed. Given the history of companies/governments dealing with being informed of security flaws tending towards threatening those informing them of said flaws with jail time/lawsuits rather than fixing the problem. Why systems like this are ever accessible to internet threats is the bigger question here.

Re: Open letter to the so-called texan: STF up

[Ol+Olsoc]

A door being unlocked does not give one the right to steal what's behind it

That is correct. However, when the entire world has immediate access to that door, then not securing the door makes you an incompetent idiot who has no business holding any job related to security.

Let's go, mod AC up.

Especially in a country like the US, where we have the dual issues of being interventionist, and being top of the worldwide heap for a while, we make a lot of enemies (don't feel smug about it, everyone gets a turn) Just being at the top of the heap means there are groups who want to tear you down.

And the internet invites them into our living rooms, and our warning sirens. And a lot of other things as well. We've put things on the IoT that never should have been there. IoT is a pretty good illustration of unfixable stupid.

Re: Open letter to the so-called texan: STF up

[Ol+Olsoc]

There is no such thing as perfect security. Given enough time any system can be broken.

And when you have a system that the whole world can hack it, all you do is make it certain that it will be hacked.

A system where people need actual physical access isn't perfectly secure, but it is hella unlikely that a Nigerian Prince is going to have direct access to it.

I mean it isn't like we didn't have these things before the internet. Wonder how humans survived?

Re: Open letter to the so-called texan: STF up

[Ol+Olsoc]

What attack? That was normal operation of the sirens. An attack would have been if he cranked up the volume and blew them out. Or maybe planting malware for more nefarious purposes. If you leave your door unlocked and somebody comes by and opens then closes it every few minutes is that an attack?

You don't buy into psychological warfare?

Re: Open letter to the so-called texan: STF up

[raind]

Who wants to bet there's some new files on the system?

Re: Open letter to the so-called texan: STF up

[Ol+Olsoc]

Every time one of these things happens slashdot blames the sys admins.

I don't know about that. I know myself, I blame the dumfuks who decided to put life-critical systems on the internet. That should not even be legal.

And those sirens are life critical. Texas is hit by a fair number of tornadoes, and the public siren is the last leg of "get your ass under cover. A lot of people have no doubt been saved by the sirens.

So if someone wanted to start invoking "boy who cried wolf" syndrome, just start sending a lot of commands for false alarms.

Sysadmins just do what they are told to do, the powers that be make the decisions to put life-critical devices on an inherently open communications system,

Easy fix.

There's an easy way to fix this problem. Go to the government and find the stupid, cheap, incompetent anal aperture(s) who decided to save a few dollars by connecting a CIVIL DEFENCE system INSECURELY to the INTERNET, so they could look good at budget time.

When you have that (those) fool (fools) identified, put them and all their genetic offspring up against a wall and fill them all full of hot lead. Make sure they die screaming. (You really want to cull that defective genetic material from the human gene pool.) Film it and put it on the 6 o'clock news. And Youtube.

That might start to discourage the venal little slimy cockroaches running around cheaping out on security with our critical and sensitive publically-owned security systems. If they realize there's real-world consequences for their criminal negligence they may start thinking twice before implementing stupid every time.

Geez, do I ever need coffee...

Re: Open letter to the so-called texan: STF up

You can talk idealized theory all day, but the real world doesn't give a sh*t about your utopia. If something can happen, it will happen. The person responsible for the system should take full responsibility for allowing even the "can happen" to exist. The jerk hacking the system is just a victim of their twisted mind. But the person in charge of the security of the system is professionally negligent.

Re: Open letter to the so-called texan: STF up

Given enough time, even protons break down. Perfectly secure system can be done given competent enough designers and enough time. The problem is the difficulty of the task scales quickly by the complexity of the system. Simple problems solved in simple ways are trivial to make perfectly secure. What we have is an on-off switch for a siren that should only be allowed to be toggled by an authorized user. Not difficult at all.

The user may get hacked in some way, but the user's security it outside the scope of the internal system. Helping enable the user to remain secure is orthogonal to the system, but would benefit if the implementation of the security of the system helped facilitate the user remaining as secure as possible.

not hacking

it's not really hacking when you're running xp and your password is the word "secure", you dumb pigs.

I thought as much...

[Raxxon]

I live in Dallas. Worked overnight Friday, saw people posting things on facebook about the sirens going off at somewhat random locations across the city. Co-workers saw similar posts from their friends.

"Well that's fucked up. Who tests the sirens in the middle of the damn night?"
"No one. That's done at like 1pm on a Wed... Odds are some jackass managed to hack the control systems."

Now, if he were a super dick there'd be a hidden job to make it happen again in a week or two.

Seems obvious.

Hey kids, just because you can connect it to the internet does not mean you should.

Re:Russians did it

[fahrbot-bot]

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.

Hence the interest in satellite-to-satellite communications.

Sure, but the Russians have subs parked near every satellite too -- checkmate.

Guy should get the presidential medal of freedom

He exposed a blatant weakness that will surely be exploited when Russia / China / Mexico attacks the USA. We need to encourage this kind of hacktivist. This is totally unlike Snowden who exposed U.S. secrets and is hiding out in Russia.

Politics is the wedge with which our enemies will divide the USA so that she might be raped by the homosexual hordes of hellish Hitite hommies hangin out in Asia and Mexico.

Re: Open letter to the so-called texan: STF up

[phantomfive]

Did I break in when I performed the equivalent of asking your PC to let me connect to it? No falsified credentials, no lock picking, just a nice and pleasant "excuse me Mr PC, may I view your c-drive please?"

Yes.

Likewise, if I change a query string variable, and suddenly I can see my neighbor's account information, I have no way of knowing whether or not AT&T meant for me to be able to view that, or whether their "Crazy Ex" is in the building granting access to things that others should not see.

It doesn't matter. What matters is what the jury will think of your intentions.

"lie in a ditch or ravine" is suicideal

[Ungrounded+Lightning]

The page advises:

If you are outdoors when the sirens go off

Seek shelter immediatelyâ. If shelter is not available and severe weather is in the area lie in a ditch, ravine, culvert or low-lying area. Make sure the low-lying area you choose is not prone to flooding. Use your arms or a piece of clothing to protect your head and neck.

If this is an approaching electrical storm (and tornadoes are often VERY lightning-generating), lying in a ditch or other cut in the ground can be suicidal.

When lightning strikes the ground the current spreads out, just as the other end does in the cloud. (And it doesn't have to even hit: When a charged cloud is over the ground the opposite charge collects beneath it, and when the cloud discharges it the collected charge runs away, creating a "surge" with much the same effect).

The current tends to spread out near the surface. A ditch or other cut into the ground makes a gap in this easy path - and a bolt will tend to cross it at the narrowest point. If you're crouching in the ditch the easiest path across the ditch is through you.

Re:"lie in a ditch or ravine" is suicideal

[rerogo]

If you're in the open in an electrical storm with tornadoes, you are already having a bad day. If the sirens are going off, it means there's known to be a tornado near you already, so the lightning is kind of a secondary concern at that point.

Re:"lie in a ditch or ravine" is suicideal

On the other hand, when you consider the circumstances of everything else that is going on when a tornado is present... As dangerous as being in a ditch would be in case of a lightning strike, there's also debris in the air from the tornado. You don't need to have the tornado on top of you to be in danger of the debris from it- stronger tornadoes can have a field of debris extending a mile or two away from it. When you look at the things that can be done with those wind speeds (you can see a straw shot through a tree, for example), the littlest of things can be dangerous.

Thankfully, Dallas is a pretty heavily urban area where the siren issue happened, so it's not as big of a deal (outside of park areas, which don't always have shelters), and I've even been one of the crazy people outside who had to take shelter, and thankfully people let us in their home to take cover with them when it happened.

The warning is there because of a 'last resort' sort of issue.

Re:"lie in a ditch or ravine" is suicideal

If this is an approaching electrical storm (and tornadoes are often VERY lightning-generating), lying in a ditch or other cut in the ground can be suicidal.

When lightning strikes the ground the current spreads out, just as the other end does in the cloud. (And it doesn't have to even hit: When a charged cloud is over the ground the opposite charge collects beneath it, and when the cloud discharges it the collected charge runs away, creating a "surge" with much the same effect).

The current tends to spread out near the surface. A ditch or other cut into the ground makes a gap in this easy path - and a bolt will tend to cross it at the narrowest point. If you're crouching in the ditch the easiest path across the ditch is through you.

Do you have any evidence backing up your claims? Because almost every emergency preparedness guide recommends low-lying areas for protection from lightning.

Re:"lie in a ditch or ravine" is suicideal

The page advises:

If you are outdoors when the sirens go off

Seek shelter immediatelyâ. If shelter is not available and severe weather is in the area lie in a ditch, ravine, culvert or low-lying area. Make sure the low-lying area you choose is not prone to flooding. Use your arms or a piece of clothing to protect your head and neck.

If this is an approaching electrical storm (and tornadoes are often VERY lightning-generating), lying in a ditch or other cut in the ground can be suicidal.

When lightning strikes the ground the current spreads out, just as the other end does in the cloud. (And it doesn't have to even hit: When a charged cloud is over the ground the opposite charge collects beneath it, and when the cloud discharges it the collected charge runs away, creating a "surge" with much the same effect).

The current tends to spread out near the surface. A ditch or other cut into the ground makes a gap in this easy path - and a bolt will tend to cross it at the narrowest point. If you're crouching in the ditch the easiest path across the ditch is through you.

This is more for tornadoes than lightning. Chances are, if you are outside with a tornado, you are doomed either way. 6 in one hand, half dozen in the other.

Re: "lie in a ditch or ravine" is suicideal

Low lying areas versus a ditch. Similar but different.

I don't know what is correct exactly re: ditch but they aren't the same concept.

Re: Open letter to the so-called texan: STF up

proton decay has never beem observed

Internet?

[Ungrounded+Lightning]

Go to the government and find the stupid, cheap, incompetent anal aperture(s) who decided to save a few dollars by connecting a CIVIL DEFENCE system INSECURELY to the INTERNET,..

What makes you think it was done over then Internet?

Downgrade

[Spazmania]

"This is yet another serious example of the need for us to upgrade and better safeguard our city's technology infrastructure," Rawlings said

This is an even better example of the need to downgrade. The sirens weren't always connected to the Internet. What compelling reason requires them to be connected to the Internet now?

Internet security lesson #1: if it doesn't need to be connected to the Internet, don't connect it to the Internet.

Air raid sirens?

[yorgasor]

Today I learned that the emergency weather warning service can double as an air raid service as well!

Re: Open letter to the so-called texan: STF up

[grimr]

Opens neighbours unlocked door. "Hello. You left your front door open. This is a really bad neighbourhood and you should lock your doors before someone not nice comes along."

Re:They haven't found the hacker, which may not be

If the hack was through radio, then the hacker had to be close.

Connected

We must connect everything to the Net, everything.

That's a clear example of how civilization will fall, right there.

Only in the land of morons

Only a total horse's posterior would connect the controls to ANYTHING to an internet-connected computer, thus rendering them hackable. It ought to be a capital offense to do it with a public safety system. Has everybody forgotten that as little as 20 years ago NOTHING was attached to the net and we all got along just fine? There should be PROOF that something MUST be connecred to the net to perform its primary function before that thing gets connected to the net.

Re: Open letter to the so-called texan: STF up

A sufficiently pissed off dog can go through a picket fence.u

Attack cross-section of networked things: large

[PeterM+from+Berkeley]

There's a large difference between a vulnerability that requires someone to be physically present to exploit it (graffiti on a wall) and a vulnerability that potentially anyone on the planet with an internet connection can exploit--or a radio.

I actually agree with you, it's often not cost-effective to secure things that require physical access to exploit. However, network-connected things have potentially billions of attackers.

Furthermore, the attacks can be automated, so that one person can attack millions of targets.

Anything connected to the Internet is at far more risk than anything that is not.

--PM

Inverted Responsibility Tree

I "like the way" you've inverted responsibility here.

"First and foremost" blame the hacker(s) for fooling with a safety system. They have no business doing that unless they are authorized and I'm quite sure they were not authorized. We are in a 'responsibility free' era where the activities of black-hat hackers are concerned and that needs to stop.

The secondary issue is dealing with internet connectivity, security systems and all the rest.

Why is this important? Even with 'good security' (no matter how you define that), hackers can penetrate the security structures and cause harm. Security is only ever implemented to a level that is affordable, would seem to discourage most bad actors, and can be supported by the technical capabilities of the securing organizations. Thus you can never set up security that cannot be defeated somehow, some way, by someone. You can however send the hackers to jail. And thereby discourage them from trying this shit.

Re: Open letter to the so-called texan: STF up

Phantom five just violated the CFAA. I didn't give him permission to post his message on my pc screen. He is a felony hacker and should go to jail for this vandalism and felony misappropriation of resources.

Crazy ex indeed.

Hell yes

This type of stuff (emergency systems) should not be centralized. I recently toured a nuclear sub. No systems on the sub were connected so no guy in his parents basement was sinking it because he was bored. Good on you hackers give them hell until they learn. It was also sort of funny too...

Re: Open letter to the so-called texan: STF up

Except in this case he did it at 2 am while jumping on you and your wife's bed with a bullhorn.

If he just pulled the stunt at 3pm it would've been much less dickish.

Re: Open letter to the so-called texan: STF up

[Maritz]

Proton decay might or might not ever happen. Not decided yet as far as I know.

Re:Should have used apps!

Yeah. People call programs that run on smartphones 'apps'. You should probably try to get over it some day. You'll be happier.

Slow clap

[DarthVain]

Other than the hilarity and the lulz of it all, one could argue that the hacker did them a favor by highlighting a flaw in their security in a fairly harmless way which will now be fixed to prevent it from happening again. Though unlikely, should such flaws be taken advantage of in a more nefarious way they could be used to deactivate during an actual attack or otherwise mess with the system for criminal intent.

Re:Slow clap

[Cinnamon+Beige]

It's not just a fairly harmless way, but in a way that ensures they can't stick their fingers in their ears and pretend the flaw doesn't exist. I'd not precisely be surprised if they did that to less...drastic attempts to tip them off to security flaws. The state seems to generally attempt for security through obscurity when it comes to their own internet things.

Hackers?

My guess is that someone did sh*t and "hackers" took the blame.

Better Theory

[Cinnamon+Beige]

It's Russia. If that's not paranoia, the odds are that those subs have been there since before the USSR collapsed--and are still there because they're not going anywhere, unless somebody works out how to tow a mildly defunct sub that can't manage to surface.

I'm getting rather amused by the Left's current paranoia about Russia's abilities. I'm more inclined to think that this air raid siren hack will turn out to be the result of incompetence, particularly given the speed of the patching of security. It looks suspiciously like they'd been told politely to patch, were too lazy to patch, and got put in a position where they had to patch.

Re: Open letter to the so-called texan: STF up

[Cinnamon+Beige]

What attack? That was normal operation of the sirens. An attack would have been if he cranked up the volume and blew them out. Or maybe planting malware for more nefarious purposes. If you leave your door unlocked and somebody comes by and opens then closes it every few minutes is that an attack?

You don't buy into psychological warfare?

Depends on what is done when the door is opened and closed. If the person is opening it, reminding the people inside that "This door is supposed to be locked," and closing it--the only problems are if it doesn't get done, if the person(s) who ought to have locked the door keep their jobs if this goes on for long, and if the person who is delivering the 'lock the effing door' message isn't part of security because then it means somebody else is having to do security's job.

How?

It would be nice to know how this happened. And, I'm not just talking about how the hacker got in, but how the alert system was put in a position to be compromised in the first place.

It's almost certain that this alert system was created before the internet (probably as old as the 50s). So, did some bright child decide that the system needed to be "fixed" by connecting it to the internet? Or, was it still using its old comm system (likely based on the telephone network)? If so, how did that get compromised?

Re:Russians did it

[Oswald+McWeany]

Sure, but the Russians have subs parked near every satellite too -- checkmate.

Metaphorically, they probably do. I'm sure they have plans in place to knock out satellites should a war ever occur.

Someone's finally cracked the CRM 114

[jetkins]

P-O-E