Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacked Tornado Sirens Taken Offline In Two Texas Cities Ahead of Major Storm (zdnet.com)

Posted by BeauHD on from the commence-panic dept.

An anonymous reader quotes a report from ZDNet: A hacker set off the tornado emergency sirens in the middle of the night last week across two North Texas towns. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system a day before major storms and potential tornados were set to hit the area. The false alarm caused quite the panic in the two towns, as locals were already on the edge of their seats regarding incoming storms. The city had run tests of the tornado alarm sirens a week before, but the tests were set during the middle of the day and had long concluded. The two hacked systems were taken offline the next morning, and remained offline ever since.

Bad weather, including storms and potential tornadoes, was announced for all last week in the North Texas area. A severe thunderstorm hit the two cities the following night, on March 13. Thunderstorms are known to produce brief tornadoes, but luck had it that no tornado formed and hit the towns that day. Tornadoes are frequent in Texas, as the state is located in Tornado Alley, and tornado season, a period of the year between March and May when most tornadoes happen, had officially begun. Nevertheless, a tornado didn't form on March 13, and, luckily, the sirens weren't needed.

195 comments

  1. Garr by cascadingstylesheet · · Score: 2, Insightful

    It's times like that you kinda wish cracking/hacking carried the death penalty ...

    1. Re: Garr by Anonymous Coward · · Score: 0

      Great Googly Moogly

    2. Re:Garr by GoTeam · · Score: 5, Informative

      The annoying part is that this happened in 2017 as well in the north Dallas area. It happened in the middle of the night and went on for over an hour. You'd think the other cities in the area would have learned from this vulnerability and fixed the problem. Although that would require local governments to be competent.

    3. Re: Garr by Anonymous Coward · · Score: 0

      LOL Uhh no. The crime here was putting these systems on a non-secure network. This is what IoT gets you. reap what you sow

    4. Re: Garr by Anonymous Coward · · Score: 0

      I'll keep that thought in mind when some kid decides to hack your pacemaker thinking it's just a joke. Regardless of the ineptness of the manufacturer, FDA, etc.

    5. Re: Garr by Type44Q · · Score: 1, Insightful
      Indeed... but I'm not sure who I'd punish worse: the contracting corporation that sold the [hackable] alert system, the mouthbreathing bureaucrat who. approved the purchase... or the scumbag who "revealed" the problem.

      Perhaps we could shoot all three at each other, out of cannons...

    6. Re:Garr by AmiMoJo · · Score: 5, Informative

      The problem is that these systems are old and crap, and can't be secured. The only option is to rip them out and replace them with something better.

      They are radio based. When a particular signal is sent on a particular frequency they sound. Kinda like a garage door opener, but much longer range so that only one high power transmitter can cover a wide area. Unfortunately, like most garage door openers, they are very easy to spoof and the main challenge is transmitting a relatively high power signal and getting away with it.

      Most of these radio based systems are similarly vulnerable. The RDS system, for example, can be spoofed with a few hundred bucks worth of gear bought on eBay.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Garr by DickBreath · · Score: 3, Insightful

      Don't blame the hacking / cracking. Blame the insecure implementation.

      The "kill the messenger" mentality is the underlying cause. Someone comes forward with a vulnerability, they are not taken seriously. Or if they are taken seriously, they are treated as a criminal who must be prosecuted. If not taken seriously, then they prove the vulnerability, which makes them a criminal.

      Maybe it should be a crime to not seriously react to a provable vulnerability and get it fixed.

      --

      I'll see your senator, and I'll raise you two judges.
    8. Re: Garr by omnichad · · Score: 1

      So now you want pacemakers on non-secure networks? They are already better than that.

    9. Re:Garr by Anonymous Coward · · Score: 0

      No. Just no. An asshate deliberately hurt people. That should be punished to deter future malicious behavior. That the system was insecure does not, in any way, excuse the malicious behavior.

    10. Re: Garr by Anonymous Coward · · Score: 0

      Oh there's more than one way to punish an asshat. That can be depended upon.

    11. Re:Garr by Anonymous Coward · · Score: 1

      Don't blame the hacking / cracking. Blame the insecure implementation.

      Why? Both of those things have the potential to be wrong, and in those cases it should be blamed.

      The "kill the messenger" mentality is the underlying cause. Someone comes forward with a vulnerability, they are not taken seriously. Or if they are taken seriously, they are treated as a criminal who must be prosecuted. If not taken seriously, then they prove the vulnerability, which makes them a criminal.
      Maybe it should be a crime to not seriously react to a provable vulnerability and get it fixed.

      While I agree with your general "Don't kill the messenger" sentiment, you're over simplifying everything to the point of becoming unrealistic and incorrect.

      For the first aspect, a message about a problem is one thing, while taking advantage of a problem is quite another.
      You may very well consider this particular instance just a message, but ignoring the fact vulnerabilities are taken advantage of and pretending those two things are somehow mutually exclusive is dishonest at best and hypocritical at worse.

      For the second, that simply isn't how the world ever works. Risk mitigation is never binary. Never.

      Ignoring and pretending a vulnerability doesn't exist when you know it does is of course stupid.
      But you have no reason to think that is or isn't the case here, and that is a very important detail once you add in the concept of "fixing" it.

      If it is going to cost tax payers millions of dollars to replace the whole system, you must compare that to the risks of not replacing the whole system.
      Will the worst case risks coming true cost less than replacing the system? Because if so the right and correct action is to live with the risk.
      Only if those risks will cost more than the fix is the right solution to mitigate it by replacement.

      If it was decided at the time to live with the risk, then there is by definition no problem to be fixed, this was an acceptable outcome.

      Being that the government is involved, you can't even use the fact they took it offline as an indication the above was true or not.
      A hive mind the government is not, different people within can make different choices, and there is no rule that a single person can't change their mind.

    12. Re: Garr by Anonymous Coward · · Score: 0

      Do I see a tornado, old chap? With no siren? My god, pass the mead. Oh that's exquisite mead. Duck!

    13. Re:Garr by pr0fessor · · Score: 3, Interesting

      Garage doors are far from secure, most new cars come with a built in universal garage door opener that can be programed to an older garage door opener in a just a couple minutes with out ever getting out of your car or even knowing the name brand of the garage door opener.

    14. Re:Garr by cascadingstylesheet · · Score: 5, Insightful

      Don't blame the hacking / cracking. Blame the insecure implementation. The "kill the messenger" mentality is the underlying cause. Someone comes forward with a vulnerability, they are not taken seriously. Or if they are taken seriously, they are treated as a criminal who must be prosecuted. If not taken seriously, then they prove the vulnerability, which makes them a criminal. Maybe it should be a crime to not seriously react to a provable vulnerability and get it fixed.

      It's a good thing we can do both - work towards having more secure systems, and also prosecute those who play dangerous games with public safety equipment.

      It doesn't matter how easy the firetruck is to hotwire (or even if the fireman left the keys in it), it's still illegal for me to jump in and take it for a joyride, or steal it. Doesn't matter if I say I was doing it to prove a point about how easy it is to do. I still can't do it.

    15. Re:Garr by tsqr · · Score: 2

      Garage doors are far from secure, most new cars come with a built in universal garage door opener that can be programed to an older garage door opener in a just a couple minutes with out ever getting out of your car or even knowing the name brand of the garage door opener.

      Our opener is at least 15 years old, and for both of our cars required the use of a working remote to program the cars' openers.

    16. Re:Garr by Anonymous Coward · · Score: 0

      Many local governments are actually competent. Its jokers like you that don't want to fund them to do the job they are required to do blah blah lower taxes blah blah!

    17. Re: Garr by Anonymous Coward · · Score: 0

      There is no 'network', and it sure as hell isn't IoT. It is simple mechanical sirens controlled by a simple radio receiver.

    18. Re:Garr by lactose99 · · Score: 2

      Discovering a vulnerability and reporting it to the implementor or manufacturer is one thing, setting-off a false alarm tornado siren is another.

      Apples and oranges, the guy in the later case should be locked-up.

      --
      Fully licensed blockchain psychiatrist
    19. Re:Garr by Anonymous Coward · · Score: 1

      The problem is that these systems are old and crap, and can't be secured. The only option is to rip them out and replace them with something better.

      Then that is what they must do.

      We really need at least one nerd on every city council. That's where representation is really going to matter as we progress into the future and rely further on technology.

    20. Re: Garr by Type44Q · · Score: 1

      Were you trying to be funny or was that a Stewie quote?

    21. Re:Garr by bigpat · · Score: 1

      The annoying part is that this happened in 2017 as well in the north Dallas area. It happened in the middle of the night and went on for over an hour. You'd think the other cities in the area would have learned from this vulnerability and fixed the problem. Although that would require local governments to be competent.

      Go ahead, blame the victims. You would have thought we would have learned that criminals and terrorists that pull this shit need to be hunted down, jailed and made an example of.

    22. Re:Garr by Jaime2 · · Score: 2

      I don't know, security guys know that IoT vendors won't get off their asses unless a demonstration is made that makes the news. With the current "hush it up" climate, it's the only thing that works.

    23. Re:Garr by drinkypoo · · Score: 3, Insightful

      The problem is that these systems are old and crap, and can't be secured. The only option is to rip them out and replace them with something better.
      They are radio based. When a particular signal is sent on a particular frequency they sound.

      You don't have to throw away the whole system, just the communications part. That's a relatively small portion of the whole. Why don't they base it on some of that encrypted police radio they seem to love so much?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    24. Re: Garr by Anonymous Coward · · Score: 0

      talking sense to these pontificating buffoons is a waste of time.

    25. Re: Garr by Anonymous Coward · · Score: 1

      Now people will ignore the siren when it goes off, "oh probably just hacked again" even for the next 50 years. It's a serious problem.

    26. Re: Garr by Anonymous Coward · · Score: 0

      Oh, so you want hackers attacking pacemakers then? Why not just let them shoot people in the streets? After all, it's your fault for not wearing a bulletproof vest.

    27. Re:Garr by gweihir · · Score: 1

      If you add the same penalty for the city officials that operate insecure critical infrastructure and thereby endanger lives, I may even be willing to get on board with that. (Well, not really. I am not a cave-man. But significant prison times for all that fucked up here, that I could agree on.) There is more than one fuckup in this story. For things to get wrong this bad, there usually is.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    28. Re:Garr by gweihir · · Score: 0

      Governments are not formed by people that can contribute something good to society. They are formed by those that want power over others.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    29. Re:Garr by Archangel+Michael · · Score: 1

      You would have thought we would have learned that criminals and terrorists ...

      That is all fine well and good, but it is clear that finding, capturing, and successfully prosecuting said terrorists is largely fruitless ventures. You can't even guarantee that they are in any jurisdiction that even if you knew who they were could even get your hands on them to prosecute. For all you know, they are in Russia, NK, China or Pakistan, and good luck getting those criminals to trial.

      It is much easier to properly secure your shit in the first place. You can think government is here to help you, but you're wrong. Government is the last step in helping yourself, not the first.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    30. Re:Garr by gweihir · · Score: 2

      So, if you leave a sum of money on a park-bank, the blame is purely on the person that took it? Yeah, that makes sense. Running insecure critical infrastructure is an invitation to any potential attacker and no better than what the attacker does.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    31. Re: Garr by gweihir · · Score: 1

      I say put them all in the same cell for a few years. That would fit the crime. They may get along splendidly though, because they are cut from the same cloth.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    32. Re:Garr by Anonymous Coward · · Score: 0

      Don't blame the hacking / cracking. Blame the insecure implementation.

      Ah the good old "blame the homeowner for not locking their door, not the burglar who came in and stole all their stuff" argument.

    33. Re:Garr by omnichad · · Score: 1

      Don't blame 9/11 on those terrorists piloting the plane. Blame the airlines for insecure cockpits.

    34. Re:Garr by dcw3 · · Score: 2

      There are plenty of ways to demonstrate/publicize the problem w/o this kind of BS. Sorry, no excuse.

      --
      Just another day in Paradise
    35. Re: Garr by Anonymous Coward · · Score: 0

      No, but like swatting, if these actions cause death or injury, the consequences should be severe.

    36. Re: Garr by JudgeFurious · · Score: 1

      Either way after you said that it's impossible to read it without hearing it in Stewie's voice. Well done sir!

      --
      Appended to the end of comments you post. 120 chars.
    37. Re:Garr by Anonymous Coward · · Score: 0

      The problem is that these systems are old and crap, and can't be secured. The only option is to rip them out and replace them with something better.

      No the only option is to hunt down anyone who would intentionally endanger a community and put them in jail or put a bullet in their head.

      Or if they are just some idiot kid who thinks it is just a game, then you have some compassion yet still you put the fear of living hell into them to make them realize that what they are doing is seriously dangerous and to instill upon them that there will be consequences.

      No system can be secured against an attacker that you are just going to let get away with it. And society shouldn't have to bear the cost and futility of trying to secure every system against bad actors.

      Blaming the victim and making them just buy more locks to put on the door is what is counter-productive and expensive.

    38. Re:Garr by AmiMoJo · · Score: 4, Informative

      If you had read beyond the first sentence you would have realized that this likely has nothing to do with the internet or IT.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    39. Re: Garr by Anonymous Coward · · Score: 0

      I dont get it. Did the hacker somehow break the sirens?

    40. Re: Garr by Anonymous Coward · · Score: 0, Funny

      Yes, and caused worthless texan drumpf rednecks to die.

    41. Re:Garr by SirSlud · · Score: 1

      Archangel doesn't base any of his opinions or understandings on information right in front of his nose. That's kind of his thing.

      --
      "Old man yells at systemd"
    42. Re:Garr by Anonymous Coward · · Score: 0

      The solution is not arrest and prosecution - it' elimination. Then it doesn't matter where they are, you send someone to eliminate them. Fuck jurisdiction issues. Someone hacks something, they get eliminated. There is NO valid reason for criminal hacking.

    43. Re:Garr by AmiMoJo · · Score: 1

      It's a well tested tactic on Slashdot. Rush in with a generic rant about how stupid having anything important being connected to the internet is and hope that moderators give you a +5 insightful without noticing that it's not really relevant.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    44. Re:Garr by Anonymous Coward · · Score: 1

      "like most garage door openers"

      Most modern garage doors operate on a rotating code-set of over a million possible combinations. While I'm sure it is possible to hack them it's probably easier to just break a window. Older systems generally still use a code you could manually set with some DIP switches, but it was a fixed code with a limited number of combinations. I think they were also vulnerable to RF spikes due to their simple design, I knew someone once upon a time who had a CB radio with a booster, it kicked the signal up from a 4 watt to I believe a 16 watt and he chuckled that if he pulled up to most garages and tapped the transmit button they'd often open.

    45. Re:Garr by trg83 · · Score: 2

      IoT?! It's literally Cold War era technology based on incredibly simple RF and tone technology. You could potentially fault a lot of people, but IoT vendors are off the hook here.

    46. Re:Garr by sjames · · Score: 1

      That's the easy way, easy so that someone with no particular skill can follow the directions and be successful.

      The "hard way" just requires a radio receiver in range listening when you open your garage door.

      On some really old door openers, you can use a universal remote that just brute forces it.

    47. Re:Garr by sjames · · Score: 1

      These systems don't use TCP/IP over the cell network. They have a radio receiver and listen for an activation signal. That signal is transmitted periodically to test the system. They don't even do two way, the siren is rx only.

      To secure them, the controller has to be replaced.

    48. Re:Garr by sjames · · Score: 1

      Terrorist or prankster? Let's see, manifesto? nope. Political demand? nope. People intentionally hurt? Nope.

      Is the prank harmless? No, not really, there is potential for harm here, but it's exactly the sort of harm that often doesn't occur to pranksters.

      By all means, find them, and give them community service.

    49. Re:Garr by eth1 · · Score: 1

      Not to mention it would have been trivial to bring it to the cities' attention by exploiting it without causing problems.

      Where I live, they test these things every Wed at exactly noon, IF the weather's clear. So just run your exploit 5 minutes before a normal test in clear weather. Most people wouldn't notice, but the city certainly would.

    50. Re:Garr by sjames · · Score: 2

      If the intent was purely demonstration, the best way is to set the sirens off a minute before the weekly test. That way, you let the people running the system know they have a problem without panicking the population.

      Setting them off in the wee hours suggests a really annoying and poorly thought out prank.There should be consequences for that, but not the hang-em-high OMG terrorists! sort of consequences some have suggested here.

    51. Re:Garr by bigpat · · Score: 1

      Terrorist or prankster? Let's see, manifesto? nope. Political demand? nope. People intentionally hurt? Nope.

      Is the prank harmless? No, not really, there is potential for harm here, but it's exactly the sort of harm that often doesn't occur to pranksters.

      By all means, find them, and give them community service.

      If it is pranksters, a night in jail might be sobering rather than merely a slap on the wrist. This is the equivalent of calling in a bomb threat to a school which is generally considered fairly serious.

      I wouldn't discount the idea of a more systematic and nefarious cyber attack if that's what this was. Like when overseas attackers robocalled in multiple bomb threats to schools. Most attackers aren't discriminating their targets but just casting the net wide and seeing where the vulnerabilities are. If this was part of a wider attack then I stand by the call to throw the book at them. They put people's lives in danger and only luckily was nobody hurt.

      And don't blame the victims for not spending more money on technology when they are struggling to make ends meet.

    52. Re: Garr by Anonymous Coward · · Score: 0

      That area is predominately democratic as with the rest of Dallas. You really shouldn't assume all Texans support the cheeto-in-chief, there is a reason Beto barely lost the Senate seat.

    53. Re:Garr by Anonymous Coward · · Score: 0

      You are an imbecile in far over his head who doesn't understand how something as simple as a garage door opener works.

    54. Re:Garr by sjames · · Score: 1

      Name calling, what a rebuttal. So tell us OH exaulted one, what is actually wrong about what I said?

    55. Re:Garr by Anonymous Coward · · Score: 0

      1) Don't have them publicly accessible internet.

      I'm guessing you were commenting on a different article.

    56. Re:Garr by sjames · · Score: 2

      Since the attack requires physical presence and the two places hit aren't that big, this really doesn't look much like an international coordinates cyber attack.

      And I said nothing about blaming the victim, though they might should look into an upgrade.

    57. Re: Garr by Anonymous Coward · · Score: 0

      So basically they need a small computer to do a little crypto so that trigger signal is encrypted and always different?

    58. Re: Garr by Anonymous Coward · · Score: 0

      Yeah my car's rearview mirror can clone those openers too. Just gotta press the button a few times instead of just once.

    59. Re:Garr by Anonymous Coward · · Score: 0

      Old school Slashdot would have dogpiled you for this drivel. If you get what you want, don't be surprised as it eventually expands in scope to more minor offenses that the public has no technical understanding of, and then finally creeps up on your doorstep.

    60. Re: Garr by sjames · · Score: 1

      That would do it.

    61. Re:Garr by Jaime2 · · Score: 1

      Gotta pick your priorities. Either pranksters get off lightly or vendors fix their security problems. I'd happily vote for immunity for playful morons before protection for incompetent hardware vendors. NetFlix hardens their infrastructure by writing software that essentially vandalizes their own systems.

      We recently had a redundant system fail at work because redundancy wasn't considered as the system was added to. I seriously considered fixing the problem and instituting a "reboot a node on Tuesday at 2:00pm" policy. Nothing makes you think about redundancy like knowing the weekly failure is approaching.

    62. Re:Garr by tsqr · · Score: 1

      Can you explain what a radio receiver or universal remote have to do with programming a car's gatage door opener?

    63. Re:Garr by sjames · · Score: 1

      Door openers are RF. Universal as in in it's day it would open any garage door. These days it is restricted to older doors.

      Your car's opener has a receiver that it uses to learn your door's code from your existing remote. Anyone else can put a receiver in range of your garage door and learn the code as well by listening when you open it..

    64. Re:Garr by Anonymous Coward · · Score: 0

      So... if you have the key, you can open the door. Isn't that how it's supposed to work?

    65. Re:Garr by Archangel+Michael · · Score: 1

      Only one of the suggestions (first one, admittedly) has to do with networking.

      But yeah, I didn't read anything. ;)

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  2. Which two? by Anonymous Coward · · Score: 1

    From the second paragraph: "The incident impacted DeSoto and Lancaster, two cities in Dallas County, Texas --both suburbs located south of the main Dallas metropolitan area."

    1. Re: Which two? by Anonymous Coward · · Score: 0

      Ugh more big words. I figured it out though. The big words are accurate. The obscure words the layman wouldn't know are not. Unless someone wants to rewrite the whole story.

    2. Re: Which two? by Anonymous Coward · · Score: 0

      I'm honestly curious, what big and obscure words are there? Were they any of the ones you quoted? Because honestly, the entire story seems to be written to a level requiring only a fairly rudimentary level of understanding of English. I mean, my use of the word "rudimentary" is more obscure than anything in that article.

    3. Re: Which two? by Anonymous Coward · · Score: 0

      Tornado? Siren?
        Frequency? Weather?

  3. Six Months at Least by Anonymous Coward · · Score: 0

    Given the target, it was likely some stupid kid.

    The kids deserves at least six months in jail.

    1. Re:Six Months at Least by Anonymous Coward · · Score: 0

      Not really. Who deserves jail sentence (may be no as much) is the genius who decided to connect such systems to the internet, and therefore make is accessible to the world.

      No matter what happens, and how frequently, convenience always seem to be above security. I guess only a wargames-like situation can enforce any change... but who knows. Convenience is convenience.

    2. Re:Six Months at Least by jjshoe · · Score: 2

      The system isn't connected to the internet.

      --
      -- botsex is {grep;touch;strip;unzip;head;mount} /dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
    3. Re: Six Months at Least by Type44Q · · Score: 0

      I bet it was.

    4. Re: Six Months at Least by Anonymous Coward · · Score: 0

      Most likely not, these aren't IoT systems. These are ancient things that are probably 40+ years old and have no connection to anything except the radio signal they listen for as a trigger and a power source.

    5. Re:Six Months at Least by sycodon · · Score: 1

      Again with the, "if you leave your door unlocked, I'm entitled to take your shit".

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    6. Re: Six Months at Least by Anonymous Coward · · Score: 0

      You're stupid.

    7. Re:Six Months at Least by sjames · · Score: 1

      More like a lot of weekends of community service. Perhaps helping to upgrade the system.

      Said service while wearing a sign reading "I'm the dipshit that thought it was funny to wake you up with the tornado sirens".

  4. Texas is not Tornada Alley by Anonymous Coward · · Score: 0

    Unless you call the panhandle Texas, but since no one lives there, no one does. Oklahoma is thee tornado alley.

    Texas is the largest real state in the nation.

    1. Re:Texas is not Tornada Alley by Anonymous Coward · · Score: 0

      Rhode Island is the largest real state in the nation... that has 2 words... beginning with R... having "Island" in the name... and is the smallest.

      Alaska is the largest state. Adding "real" doesn't change that fact. From your comment, I'd also bet Alaska has a better education system.

    2. Re:Texas is not Tornada Alley by Anonymous Coward · · Score: 0

      Highiest drunkardness par nation your mean?

    3. Re:Texas is not Tornada Alley by Anonymous Coward · · Score: 0

      Unfortunately that distinction goes to Wisconsin and Tennessee.

    4. Re:Texas is not Tornada Alley by Anonymous Coward · · Score: 0

      Texas is the largest real state in the nation.

      Ah, the texas Trolls show up.....

      Q. What is 2 foot 6 inches tall and weighs 10 pounds?

      A. A 6 foot 4 inch 250 pound texan after an enema.

  5. Really? by Drethon · · Score: 2

    I know I'm not adding to the discussion but this just brought my reading to a jarring halt...

    "Thunderstorms are known to produce brief tornadoes"

    Pray tell some other method knowing of producing tornadoes strong enough to risk life and property?

    1. Re:Really? by Anonymous Coward · · Score: 0

      Hurricanes. Probably not in northern Texas, though.

    2. Re: Really? by Type44Q · · Score: 0

      Wind sheer.

    3. Re: Really? by Skip+Talbot · · Score: 1

      By definition you need a storm (a cumiliform cloud) for it to be a tornado. The tornadoes in hurricanes are being produced by individual thunderstorm cells in the hurricane. Decaying tropical cyclones and hurricanes can and do produce tornadoes far inland, including North Texas, as it takes quite a while for the low pressure center and associated windshear to dissipate. Vortices such as gustnadoes that are induced by wind shear alone, are not tornadoes. The article just glazed over a bunch of nuance. They probably meant, despite the lack of a tornado watch or warning, storms in a severe thunderstorm watch or warning occasionally produce tornadoes, as severe thunderstorms were referenced in the paragraph above.

    4. Re:Really? by Scarletdown · · Score: 1

      "Thunderstorms are known to produce brief tornadoes"

      Doesn't that only happen when the storm tears through an underwear factory?

      --
      This space unintentionally left blank.
    5. Re: Really? by dcw3 · · Score: 1

      Well, kinda...https://en.wikipedia.org/wiki/Dust_devil
      They are comparable to tornadoes in that both are a weather phenomenon involving a vertically oriented rotating column of wind. Most tornadoes are associated with a larger parent circulation, the mesocyclone on the back of a supercell thunderstorm. Dust devils form as a swirling updraft under sunny conditions during fair weather, rarely coming close to the intensity of a tornado.

      --
      Just another day in Paradise
  6. Why... by The+Grim+Reefer · · Score: 2

    Why would anyone think it was good idea to set this off in the middle of the night? I suppose if this was an ISIS hacker I can see why they might. It would obviously be a good idea to have better security on emergency systems. But I find it a shame that it's even necessary. I would like think people would have the decency to not bother systems like this. But I guess when we're in an age where swatting is a thing it's not surprising.

    1. Re:Why... by sycodon · · Score: 1

      Hod my Redbull and Watch this!

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    2. Re:Why... by Stan92057 · · Score: 1

      For the same reason assholes call in bomb scares to schools or a thousand different examples of people just being dicks. They don't have reasons they are just assholes.

      --
      Jack of all trades,master of none
    3. Re:Why... by Anonymous Coward · · Score: 1

      Why would anyone think it was good idea to set this off in the middle of the night?

      Why would AT&T decide to set off a test emergency alert notification on my smart phone at 2am? (It's happened twice to me.... those assholes.... It's the reason that I now have my phone automatically shut down at 11pm and wake back up at 6am)

  7. Bad admins, vulnerability or publicity stunt? by Anonymous Coward · · Score: 0

    will like to see where this goes.

    1. Re:Bad admins, vulnerability or publicity stunt? by Anonymous Coward · · Score: 0

      How is this a publicity stunt in any way?

    2. Re: Bad admins, vulnerability or publicity stunt? by Anonymous Coward · · Score: 0

      Probably nowhere or maybe we will have the trifecta - failed hack, no tornado, and no follow up due to miserly locals

    3. Re:Bad admins, vulnerability or publicity stunt? by bill_mcgonigle · · Score: 1

      Everybody now knows that the IT dept has no budget.

      I'm not saying a gray admin who works there proved the point, but one could imagine that scenario.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:Bad admins, vulnerability or publicity stunt? by Anonymous Coward · · Score: 0

      RTFA. This has nothing to do with IT.

  8. Before we take the city to task ... by 140Mandak262Jamuna · · Score: 5, Interesting
    OK, the warning systems were not secured. It is like leaving the door opened. So one could argue the city should have designed a hacker proof system or it should have worked on double speed to restore it. But, is that a reasonable argument?

    For example, if some vandal spray painted the traffic light covers and make them useless, or drops a sackful of nails on a highway, he/she could cause huge damage. We don't immediately take DoT for not creating secure highways where vadals could not mess with traffic lights or strew nails on the road.

    Invariably in almost all these incidents we keep blaming "the officials", "the authorities". And they instinctively develop CMA tactics. They don't do anything unless they can have a paper trail that lets them shift the blame to someone else.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Before we take the city to task ... by peektwice · · Score: 4, Informative

      Balint Seeber has done some excellent analysis and DefCon presentations on this very topic. They had been warned ahead of time, but if a tree falls in the forest...? https://www.bastille.net/blogs...

      --
      Other than this text, there is no discernible information contained in this sig.
    2. Re:Before we take the city to task ... by cascadingstylesheet · · Score: 3, Insightful

      For example, if some vandal spray painted the traffic light covers and make them useless, or drops a sackful of nails on a highway, he/she could cause huge damage. We don't immediately take DoT for not creating secure highways where vadals could not mess with traffic lights or strew nails on the road.

      Precisely.

      Believe it or not, it's legal to leave your door unlocked, and if someone comes in and commits crimes they are still guilty.

    3. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      Emergency systems should be secure. Someone did not do their job.
      The right question is what else have they not done? Next stop the city bank accounts and email servers.

    4. Re:Before we take the city to task ... by sunking2 · · Score: 2

      Because we live in a society where there are enough people that do not respect the common good. They believe if you aren't actively stopping them then it is perfectly ok. People also seemingly believe that there is an endless government budget to continually update these systems. It wouldn't surprise me if many of these things were 20+ years old, even 40+ years old wouldn't really surprise me. While we don't use them around here, there are similar sirens in the northeast that are 50s cold war tuck and duck era that are still functioning.

    5. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      if they actually were 40 years old, it would probably be more difficult (or at least less convenient) to compromise them...

    6. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      Balint Seeber

      ... of Bastille Networks gives a presentation of how the warning system can be hacked. And shows how Bastille Networks can help the city secure their systems.

      I wonder where we should start looking for the perpetrator.

    7. Re:Before we take the city to task ... by AmiMoJo · · Score: 1

      A better question is what is a reasonable level of security for a given situation.

      These sirens could have been better secured relatively easily by using a more complex radio system or a wired system. The cost would have been higher. There is a danger that such a system might fail in the event of an emergency, e.g. the security codes are lost or repairs are harder to effect than with a less secure system that uses more commonly available equipment.

      These days most of those problems can are mitigated by using off-the-shelf systems, but back when it was installed things may have been different.

      The potential costs are interesting too. The cost of fixing the system is easy to calculate, but the cost to the city of having it hacked is hard to even estimate. What monetary cost does lost sleep and subsequent tiredness at work have?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Before we take the city to task ... by Ambassador+Kosh · · Score: 1

      I don't think it is actually reasonable or possible to secure all of these systems and at some point we need to go after the people that abuse them. We don't require that all windows are brick proof. No matter what security is added to these systems in time it will be outdated and keep needing more upgrades to just keep up with newer security standards and the money needed to do all of that has to come from somewhere. Something will have to be cut or taxes will have to go up to cover it.

      We don't live in hardened societies and most people would hate to live in a hardened society where everything had to be designed to protect itself against all kinds of abuse. Cars would be more like tanks since you never know when someone is going to drop something on your car from an overpass or things are spread on the road to destroy tires.

      At some point we need to just go after the people that do this kind of thing and make them stop abusing the system the same way we would if they went through an area and broke all the windows.

      --
      Computer modeling for biotech drug manufacturing is HARD! :)
    9. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      It's is still not the city's fault. The perpetrators could have just as easily set up their own siren and set it off with the same effect. I do agree that the cities should at least switch over to a rolling code when the budget allows. But it really doesn't matter what they do, no system will ever be perfectly secure. Heck it's probably very easy to cut the power to the things and sabotage them that way. There will always be a cost tradeoff and fixing a system that works ends up being low on the agenda.

    10. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      While we don't use them around here, there are similar sirens in the northeast that are 50s cold war tuck and duck era that are still functioning.

      There are probably a few from WWII on both coasts too.

    11. Re:Before we take the city to task ... by Jaime2 · · Score: 1

      I don't think you understand just how negligent most software makers are in the realm of security. This stuff isn't hard, it just has zero priority.

    12. Re:Before we take the city to task ... by drinkypoo · · Score: 1

      For example, if some vandal spray painted the traffic light covers and make them useless, or drops a sackful of nails on a highway, he/she could cause huge damage. We don't immediately take DoT for not creating secure highways where vadals could not mess with traffic lights or strew nails on the road.

      That's an utterly disingenuous comparison, and you know it. The two situations are not even remotely congruent.

      Invariably in almost all these incidents we keep blaming "the officials", "the authorities". And they instinctively develop CMA tactics.

      They don't develop CMA tactics, they were born into it. (Insert Bane parody here.) You can't blame that on us, just because we're blaming them for not doing their jobs.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    13. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0


      For example, if some vandal spray painted the traffic light covers and make them useless, or drops a sackful of nails on a highway, he/she could cause huge damage.

      Neither of those has the potential for one 17 year old to affect everyone in the city, so I don't think it's an apt analogy.

        So one could argue the city should have designed a hacker proof system or it should have worked on double speed to restore it. But, is that a reasonable argument?

      30 years ago you could have done the same thing, but you'd have had to build your own gear to replicate the signal. That takes skill, time, and effort. Generally people with those skills aren't really interested in being A-holes that wake everyone up at 3am. These days with software defined radios, it's a LOT easier, and thus more accessible to a wider audience. Wider audience means more potential for a-holes. So yes, I think in 2019 you need secure emergency alert systems.

      There's been a few other notable RF-attacks over the years. In the 80s there was one with someone breaking into the HBO signal, and some yahoo hijacked a TV station in Chicago and jammed the station with a juvenile Max Headroom broadcast for 10s of minutes. The HBO signal guy was caught, but they never caught the juvenile Max Headroom guy. Neither became widespread problems, likely because of the above.

    14. Re: Before we take the city to task ... by Type44Q · · Score: 1

      The odds that these were "backed" locally over RF seem long... far more likely that the system is controlled by a PC... which was connected to the internet.

    15. Re: Before we take the city to task ... by Type44Q · · Score: 1

      Correction: hacked.

    16. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      OK, the warning systems were not secured. It is like leaving the door opened.

      Or walking down the street with a short skirt after midnight... sure maybe it is a bad idea, but to blame the victim for the crime undermines the responsibility to find and punish the attackers.

    17. Re:Before we take the city to task ... by dcw3 · · Score: 1

      They don't develop CMA tactics, they were born into it. (Insert Bane parody here.) You can't blame that on us, just because we're blaming them for not doing their jobs.

      Tell us, who was responsible for electing qualified officials? Yes, I'm blaming you.

      --
      Just another day in Paradise
    18. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      Public hangings.
      Seriously.
      You hang anyone you catch for doing this, make it a big deal, let EVERYONE know about it, and it will stop. Sure, you might end up hanging a couple of teenagers, but if you do, it WILL stop.

    19. Re: Before we take the city to task ... by jeff4747 · · Score: 1

      The odds that these were "backed" locally over RF seem long

      Based on......? Your preference for telling the story you'd like?

    20. Re:Before we take the city to task ... by jeff4747 · · Score: 2

      There is a danger that such a system might fail in the event of an emergency

      This angle needs to be given far more thought when people talk about "securing" these systems.

      Assuming the current extremely-low false alarm rate, the risk of the sirens not going off due to "whops, the cert expired" or similar is greater than the risk of false alarms.

      If the false alarm-rate goes up enough that people start ignoring the warning, then the calculus changes.

    21. Re:Before we take the city to task ... by Gojira+Shipi-Taro · · Score: 2

      Here's the thing though. YOU don't get to set the priority for replacing a cold war era system that is a public safety system. You damned sure don't get to interfere with it or abuse it, EVEN IF IT IS POORLY SECURED BY TODAYS STANDARDS.

      Jesus fucking christ on a cracker. Did none of you fucking learn "NOT YOURS. DON'T TOUCH" when you were kids?

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    22. Re:Before we take the city to task ... by nasch · · Score: 1

      There are some differences. For example, there is no reasonable way to secure a road against bags of nails without making it useless. The same is not true of computer systems. Second, you have to actually be at the road to sabotage it. Anyone can attack an internet-connected computer from anywhere in the world.

    23. Re:Before we take the city to task ... by jaa101 · · Score: 1

      Believe it or not, it's legal to leave your door unlocked, and if someone comes in and commits crimes they are still guilty.

      Sure, but good luck getting your insurance to pay out.

    24. Re:Before we take the city to task ... by Jaime2 · · Score: 1

      Every old man standing on his porch, waving his cane, and screaming "Get off my lawn!", is technically correct. He's also a douchebag. A little civil disobedience is necessary to call attention to things, and you don't get to say when that happens.

    25. Re:Before we take the city to task ... by Ambassador+Kosh · · Score: 1

      I understand that we make NO effort to stop people from putting nails in the street, throwing bricks through windows etc. The VAST majority of our society has no or very minimal security. Expecting that every system that can be hardened should be hardened is not reasonable. The costs to society to harden everything is extremely high and it makes more sense to go after people that abuse these systems.

      --
      Computer modeling for biotech drug manufacturing is HARD! :)
    26. Re:Before we take the city to task ... by Ambassador+Kosh · · Score: 1

      Does this also apply to throwing bricks through windows to demonstrate that they should all use tougher windows? We have the tech to make brick resistant windows but it would cost a lot for every business to upgrade their windows. Once they do that do you then show that their windows are still able to be broken with a rifle?

      Going around breaking things just to show they can be broken is not civil disobedience. The systems are already known to be vulnerable and we count on people not to be jackasses and breaking them and then punish people when they can't behave.

      --
      Computer modeling for biotech drug manufacturing is HARD! :)
    27. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      Insurance will still pay out. Seriously. This isn't difficult to grasp. An unlocked door doesn't change anything from that perspective either.

    28. Re:Before we take the city to task ... by Anonymous Coward · · Score: 0

      These systems aren't "internet-connected".

      So, what point did you think you were making?

  9. Say what you mean, please by Anonymous Coward · · Score: 0

    "Cracking", or "hacking"? In the latter case, you can basically start killing everyone because the definition is that nebulous.

  10. Why...Fun. by Anonymous Coward · · Score: 0

    Idle hands are the devil's plaything. Just remember that a lot of the misery in the world is caused by people doing stuff like this without any thought given to consequences. Justification for doing it? Selfish reason, because it's fun.

    1. Re:Why...Fun. by Anonymous Coward · · Score: 0

      Precisely. I honestly laughed my ass off when I read the summary. I love it when vulnerabilities are used to scare the shit out of people on a massive scale like this. What a way to embarrass the people in charge of securing these systems!

      I hope someone hijacks the Presidential Alert system next.

    2. Re:Why...Fun. by Anonymous Coward · · Score: 0

      I hope someone hijacks the Presidential Alert system next.

      What do you think the election of Trump was?

  11. and this is how restrictions get into place by onepoint · · Score: 2

    Sadly, a stupid stunt like this from some unknown party makes everyone's life harder.
    Why?

    A) blame games
    B) You should have know games ( Defcon had a topic about this )
    C) local government will raise taxes to cover the repair and security of the system.

    So people will get extremely tough and demand harsher punishments for criminals if ever caught.

    it's getting worse.

    --
    if you see me, smile and say hello.
  12. How ? by fluffythedestroyer · · Score: 1

    I know its not impossible but how in the bloody hell can a system like that be hackable ? Read those papers and I saw no info on that or how the system works.

    1. Re:How ? by campuscodi · · Score: 1

      Via radio signals

    2. Re:How ? by r2kordmaa · · Score: 1

      It's a good bet that all you needed to do was browse to an address and click a button on web interface, tons of stuff like that, doesn't surprise me at all.

    3. Re: How ? by Type44Q · · Score: 1

      Exactly. I find it rather unlikely that these were messed with over RF...

    4. Re:How ? by dcw3 · · Score: 1

      Can you point to one that's not hackable, and actually functions?

      --
      Just another day in Paradise
    5. Re:How ? by jeff4747 · · Score: 2

      Most of these are very old systems that have zero security, triggered by a particular RF signal that pretty much anyone could transmit with some gear.

      And it's not particularly clear that locking them down is all that good a plan. That ancient, simple system will go off when needed whereas a more "secure" system has many, many more failure modes.

    6. Re:How ? by Anonymous Coward · · Score: 0

      Fascinating...

      You don't know anything about the system, so you assume that, despite being built and installed in the 1950s-1960s (or earlier in some places), it is an IoT-device based system, controlled over the internet?

    7. Re: How ? by Anonymous Coward · · Score: 0

      You find it more likely that they were messed with over an internet connection they don't even *have*?

      Hint: These systems were designed, built, and installed in the 1950s & 1960s.

  13. Call Me Paranoid.... by Anonymous Coward · · Score: 0

    ...but this was probably a test by one of the "big 3" cyber threats to the US (China/Russia/N. Korea). Emergency systems and ICS are ideal targets in cyber warfare.

    1. Re:Call Me Paranoid.... by Anonymous Coward · · Score: 0

      You are paranoid. This was a simple hack using radio signals. A child could have done it.

      Take a break from the fake news, it'll lower your blood pressure.

  14. No mercy by jjshoe · · Score: 4, Insightful

    Somewhere someone doesn't know it yet, but they are going to get the book tossed at them. We have a whole host of natural disasters that can hit, and for all of them seconds count. Almost everyone gets a warning they can react to when it comes to tornados.

    Should anyone lose their lives as a result of these systems being turned off, the culprit should get a manslaughter count for each one.

    I'm all for ethical hacking, but this is no where near close.

    --
    -- botsex is {grep;touch;strip;unzip;head;mount} /dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
    1. Re:No mercy by drinkypoo · · Score: 4, Insightful

      Somewhere someone doesn't know it yet, but they are going to get the book tossed at them.
      [...]
      Should anyone lose their lives as a result of these systems being turned off, the culprit should get a manslaughter count for each one.

      Yes, the person who decided not to upgrade them, the person who decided to shut them off and the person who decided not to send someone to activate them manually in an emergency should all be held accountable for such deaths. The prankster, on the other hand, should be prosecuted as permitted by the law for tampering with emergency systems.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:No mercy by dcw3 · · Score: 1

      If someone lost their life because of your "prankster", that criminal should serve serious time in the "fuck me up the ass" Federal Pen. There is no comparison between willful maliciousness and simple incompetence/stupidity.

      --
      Just another day in Paradise
    3. Re:No mercy by Anonymous Coward · · Score: 0

      Yes, the person who decided not to upgrade them, the person who decided to shut them off and the person who decided not to send someone to activate them manually in an emergency should all be held accountable for such deaths. The prankster, on the other hand, should be prosecuted as permitted by the law for tampering with emergency systems.

      Yes. That is obviously correct. Did you have some other point?

    4. Re:No mercy by Anonymous Coward · · Score: 0

      Luckily, law doesn't look at the "what if" scenario, or I'd be in prison with all the speeding tickets I've had. Because I could have run over a bus full or nuns, or hit the space shuttle while it was taking off, or anything you can imagine... because they are the same thing... imagined.

      They will be charged with screwing with emergency systems. Laws already in place. It'll happen. They will find this person or persons.

    5. Re:No mercy by Anonymous Coward · · Score: 0

      If you commit a crime that contributes to someone dying you in fact can be charged with murder.

    6. Re:No mercy by Gojira+Shipi-Taro · · Score: 1

      I'd go with "accidentally shot self in back of head with a carbine. Twice".

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
  15. Not necessarily an easy fix by sjbe · · Score: 5, Insightful

    You'd think the other cities in the area would have learned from this vulnerability and fixed the problem.

    Believe it or not, it's not at all unlikely that word of the problem never got to the right people. And even if they were aware of it it's not axiomatic that they would be able to fix the problem. They might not have the budget or it might require coordination with (possibly uncooperative) other municipalities or it might be technologically impossible to "fix" the problem with existing equipment and budget. Stuff like this usually requires budgeting and possibly even taxpayer approval and doesn't tend to happen overnight.

    Although that would require local governments to be competent.

    Sigh... Just because not everything happens perfectly all the time does not imply local government is incompetent. Did it occur to you that the tech involved might be old and that the taxpayers haven't approved the money to replace the equipment? It's entirely plausible they don't have the resources to deal with the problem even if they are aware of it.

    The meme that government is incompetent is really tired. No institution does everything perfectly, public or private. Just because they have a failure in one task it does not follow that they are generally incompetent. There are lots of things you don't do well either. Should we declare you to be incompetent every time you overlook something or don't handle it perfectly?

    1. Re:Not necessarily an easy fix by Archangel+Michael · · Score: 2

      The more likely scenario is that the story went something like this.

      IT People: "Hey, we have vulnerable systems, we need $$ and $$$ to secure them properly"
      Mayor's People: "Sorry, I have this program here that is pure ego boosting and is quite flashy, you don't get anything for your budget. In fact, I need some of what you used to have back"
      IT People: "Okay, but when this shit goes south, and you try to blame me, I have this Email showing you said "no" to fixing this problem.
      Mayor's People: "Ummmm you gonna vote for me again, right?"

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Not necessarily an easy fix by dcw3 · · Score: 2

      The meme that government is incompetent is really tired

      So what? You can't handle the truth? Clearly, you also can't tell the difference between a job that the government should do well, and a civilian who, knowing that they can't do the job, would have hired someone who is competent.

      I've been dealing with federal government contracts for forty years, and can talk to you all day about incompetence in their contracting system. Why do you think it's nearly impossible to fire an incompetent government worker?

      --
      Just another day in Paradise
    3. Re:Not necessarily an easy fix by GoTeam · · Score: 1

      Just fyi, I'm very involved with the local government and they a quite incompetent. Just a couple weeks ago the former mayor was convicted of taking bribes from a developer who wanted to build a bunch of crappy apartments. She ran (and won) on a platform of not allowing additional zoning for multi-family residential. She left her husband, and quit being mayor shortly after so she could marry the developer and work for his company. No one in the government thought that was odd? It took an unlikely person submitting a complaint for the FBI to investigate it. What the hell was the city manager doing? Clearly he wasn't doing his job. No the difficulty in funding. They have no problem getting certificates of obligation without voter approval to pay for their pet projects. So this idea that it takes a long time and it's a hard fight to get voters to approve additional debt is just not accurate. I personally don't believe they should use COs, but they do. Just a couple years ago, they paid for improvements to the municipal golf course with COs. So please, tell me about the tired meme again.

    4. Re:Not necessarily an easy fix by Anonymous Coward · · Score: 0

      In Texas, even our most competent city officials are hindered by a populace that refuses to raise taxes, so basic services are lagging badly. We repeatedly say that taxes have to be levied for infastructure fixes that are aging, and time and again, those get voted down. There's nothing a city/county/state government can do if the populace says no to the financing.

    5. Re: Not necessarily an easy fix by Anonymous Coward · · Score: 0

      Gotta love the "government contractor" posting to Slashdot at 11 EST, bitching about how "hard" it is to fire a government employee. The only way to make a government service worse than it already is, is to stick another profit seeking layer or three in between the employee and the people.

    6. Re:Not necessarily an easy fix by jeff4747 · · Score: 1

      Clearly, you also can't tell the difference between a job that the government should do well, and a civilian who, knowing that they can't do the job, would have hired someone who is competent.

      It appears that in your world "civilians" have infinite money.

      The vast majority of "look at how incompetent the government was here!!" stories are actually financial problems caused by our many decades of attempting to defund all government.

      Why do you think it's nearly impossible to fire an incompetent government worker?

      Because 99% of the time, they're doing all that can be done within current policy and current funding levels. Your attempts do demonize the workers doesn't alter current policy or raise current funding levels.

    7. Re:Not necessarily an easy fix by jeff4747 · · Score: 1

      Just a couple weeks ago the former mayor....

      I'm not seeing any incompetence by the mayor...stupidity, yes, but there's no incompetence there.

      What the hell was the city manager doing?

      Could you point out where "surveil the mayor's personal life" is in the city manager's job description?

      They have no problem getting certificates of obligation without voter approval

      So, did you forget that different cities have different laws?

    8. Re:Not necessarily an easy fix by dcw3 · · Score: 1

      The vast majority of ...

      Citation required.

      Because 99% of the time...

      You're lying.

      --
      Just another day in Paradise
    9. Re:Not necessarily an easy fix by jeff4747 · · Score: 1

      So odd you did not provide citations for your claims, yet demand them from others. Almost like you've got a belief without any actual backing....

  16. Tornado sirens are useless by Anonymous Coward · · Score: 0

    All they do is cause people to stop whatever theyre doing & go outside to gawk at clouds.

  17. well if some died then they can get manslaughter by Joe_Dragon · · Score: 1

    well if some died then they can get manslaughter change or more and in TX they like to do the death penalty

  18. Natural selection applied to computer security by r2kordmaa · · Score: 1

    Leave a door open and it's only a matter of time until someone waltzes right in and takes a dump in the corner. If you leave unsecured systems out in the open, it's as good as declaring that you don't give a fig about what happens to it, it's no different from leaving physical property abandoned.

    1. Re:Natural selection applied to computer security by Anonymous Coward · · Score: 0

      And that is an incredibly stupid remark.

    2. Re:Natural selection applied to computer security by dcw3 · · Score: 1

      You can legally get away with waltzing right in. You'll do time for the dump in the corner.

      --
      Just another day in Paradise
  19. Re: well if some died then they can get manslaught by Type44Q · · Score: 2

    "Do the Death Penalty" - .you make it sound like a dance move.

  20. Listen for Mother Nature's tornado siren by Anonymous Coward · · Score: 0

    Mother Nature has her own tornado siren.

    It sounds like a freight train.

    Kinda confusing if you are near a rail line but otherwise it's pretty distinctive.

    1. Re:Listen for Mother Nature's tornado siren by omnichad · · Score: 1

      Advance warning systems can give you up to 15 minutes to seek shelter. If you can clearly hear a freight train, it's probably too late.

  21. I CAN'T HEAR YOU! by Thud457 · · Score: 1

    Yeah, but do they have a HEMI in it?

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    1. Re:I CAN'T HEAR YOU! by dcw3 · · Score: 1

      Wow, being old enough to remember "duck and cover", being a Cold War vet, and owning my own Hemi for seven years, one would think I'd have heard of these before.

      --
      Just another day in Paradise
  22. Re: well if some died then they can get manslaugh by Anonymous Coward · · Score: 0

    I understand the movements are similar to the Polio Shuffle, which is also making a comeback in the ballroom of society.

  23. You're Being Reasonable On the Internet by Anonymous Coward · · Score: 0

    Don't blame the hacking / cracking. Blame the insecure implementation.

    The "kill the messenger" mentality is the underlying cause. Someone comes forward with a vulnerability, they are not taken seriously. Or if they are taken seriously, they are treated as a criminal who must be prosecuted. If not taken seriously, then they prove the vulnerability, which makes them a criminal.

    Maybe it should be a crime to not seriously react to a provable vulnerability and get it fixed.

    It's a good thing we can do both - work towards having more secure systems, and also prosecute those who play dangerous games with public safety equipment.

    It doesn't matter how easy the firetruck is to hotwire (or even if the fireman left the keys in it), it's still illegal for me to jump in and take it for a joyride, or steal it. Doesn't matter if I say I was doing it to prove a point about how easy it is to do. I still can't do it.

    I thought reasonable people had all left the internet long ago...

  24. Re: Government competency by diaz · · Score: 4, Insightful

    Everyone complains about government incompetence, but nobody wants to pay to have a competent government.

  25. How most of these systems work.... by RedShoeRider · · Score: 5, Informative
    Because I haven't seen a complete explanation yet.....

    The vast, vast majority of the public alert systems in the USA were installed in the 1950's/60's. It's a dumb-simple system that has been hackable since then, too, using the same tools that are available now. The vast majority of the systems are RF based: It's simple carrier frequency that carries a particular pair or frequencies or a particular DTMF pattern that triggers the siren system. For my town, for instance, it's a carrier on 48.90mhz, and a 4-digit DTMF on the carrier, each one about 0.25 second long that tells the siren box what pattern to signal and how long signal it for. There's also a two-tone pair (about 1.4khz and 1.9khz) that signals the siren to stay on until it's signaled to turn off again.

    The beauty of the system is its simplicity: it just works. No IoT bullshit, no computers being cranky, no downed wires matter. So long as the police station can broadcast the signal and the sirens have power, the system works. We've even tested it using a hand-held radio and two tuning forks, so in the unlikely event the police station was out of power or otherwise unuseable, we can still set the whole system off. Having a IoT, 256-bit AES 2xROT system would be useless if we're standing in the middle of a shitstorm and need to get the public's attention.

    Disclaimer: am a volunteer firefighter and help keep this system running in our town

    --

    Chris Knight is my hero.

    1. Re:How most of these systems work.... by Anonymous Coward · · Score: 0

      Are you sure that isn't 0.941 and 1.477 kHz? E.g. "touch tone #"? Most of these things use the same cheap touch tone decoder and are limited to decoding keypad tones. https://en.wikipedia.org/wiki/Dual-tone_multi-frequency_signaling

  26. What A Moron! by Anonymous Coward · · Score: 0

    "Don't blame the hacking..."

    "Don't blame the thief, blame the store owner for not installing titanium shutters and an auto-targeting laser defense system..."
    "Don't blame the murderer, blame the victim for being a juicy target!"
    "Don't blame the terrorist, blame the city for allowing people to just roam around, like some free country!"

    Your final sentence has essentially no connection to your first sentence. And you have utterly failed to establish that these civil defense systems were in any way whatsoever, targeted by White Hats. Either before or during this attack. Or if they were, that White Hats were subjected to a "kill the messenger" mentality.

  27. Wow .... by Anonymous Coward · · Score: 0

    What a crap article ... 3 links ... one to zdnet which I block because they can't operate without a slew of external crap I don't trust ... one to Facebook, and one to Twitter.

    I see we've given up on useful sources of information and are just linking shit to Facebook and Twitter.

    The Slashdot editors really are fucking morons these days.

  28. Idiot posters here without a clue, read and learn by pgmrdlm · · Score: 2

    The majority of siren systems intentionally use wireless radio technology instead of internet connectivity to communicate as a security precaution, says Aaron Wolking, the national sales manager of Sentry Siren. To interfere with that set-up, a hacker would need the radio frequencies, code formats, and specific five to eight-digit codes to be able to access a particular siren system. The industry also offers widely used additional security protections, like the "continuous tone-coded squelch system," that keeps radios from from receiving and executing commands sent without additional access codes.
    .
    .
    .
    To pull off this weekend's siren episode, hackers would have needed extensive knowledge of the frequencies and codes used in the Dallas siren system to make them all go off at once. This could be particularly challenging, depending on the setup, because each siren might communicate with the control center independently, so officials have the choice of turning only one or a few of them on, or activating all of them depending on the situation. Dallas officials confirmed over the weekend that the breach came from within Dallas, because hackers would have needed to be physically close to the radio signals sent to each siren. They added that the commands to the sirens didn't come from their central control systems, something officials would naturally check first to see if the sirens had been activated by accident.

    https://www.wired.com/2017/04/dallas-siren-hack-wasnt-novel-just-really-loud/

    --
    Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
  29. Re: well if some died then they can get manslaught by Anonymous Coward · · Score: 0

    If they're still using the electric chair, I'd imagine all they'd need to do is suspend the person and it could look like one too.

  30. Re: Government competency by Anonymous Coward · · Score: 0

    Everyone complains about government incompetence, but nobody wants to pay to have a competent government.

    What evidence can you give to suggest that paying more (taxes/salaries) would improve competence?

  31. Its not white hat by Anonymous Coward · · Score: 0

    It is not white hat activity if people end up getting hurt or killed "in the process of demonstrating your point".

    That just makes you a dirt bag.

    Please do not try again.

  32. Ya, connect everything to the damn internet by nikkipolya · · Score: 1

    Who ever thought that it's a great idea to connect our Dams, Power grids, Nuclear reactors, ballot machines, weather warning systems, water supply system and shit like that to the internet, must be a god damn genius.

    1. Re:Ya, connect everything to the damn internet by Anonymous Coward · · Score: 0

      I'm pretty sure you read a different article. TFA has nothing to do with the internet.

    2. Re:Ya, connect everything to the damn internet by Anonymous Coward · · Score: 0

      Read the damn summary! It wasn't connected to the internet. It was a radio signal.

      Clearly you are the "god damn genius"...

  33. Also #nevertrump is Republicans by raymorris · · Score: 0

    Aside from Democrats, Trump is in no way a traditional Republican candidate. Not exactly a "family values" guy, not someone who respects lessoned learned and is cautious about major changes. You could go down a little of what different Republicans tend to value and at least half of them, Trump is the opposite.

    A LOT of Republicans don't care for Trump. Many disliked what Hillary would do to the country slightly more than they disliked Trump, so they held their nose and voted against Hillary, which meant marking "Trump".

    1. Re:Also #nevertrump is Republicans by Enigma2175 · · Score: 0

      A LOT of Republicans don't care for Trump. Many disliked what Hillary would do to the country slightly more than they disliked Trump, so they held their nose and voted against Hillary, which meant marking "Trump".

      If that's the case then why is his approval rating as high as it is? Yeah, 40% isn't great compared to other presidents but it's still 40% of the country saying "yeah, he's doing a good job". I can't fathom how that is even possible but that's what the polls say and I don't have any real reason to disbelieve them. If so many Republicans don't care for him then why do so many say they approve of his actions?

      --

      Enigma

    2. Re:Also #nevertrump is Republicans by Mike+Van+Pelt · · Score: 0

      Why?

      Perhaps this might help you understand.

      http://lite.cnn.io/en/article/...

      (No, I didn't vote for the SOB either, but I can see why, given the alternative, decent people would. If you can't, then you are part of the damn problem.)

  34. Example: Fox News right now by raymorris · · Score: 0

    As just one example, one of the top stories on Foxnews.com right now is:

    DOUG SCHOEN: The world needs American leadership -- it's not getting it from President Trump

  35. Enjoy your #freedumbs & #guns by Anonymous Coward · · Score: 0

    Im sure those brave Texans have all the guns they need to shoot the storm and their colors dont run so whats the problem??

  36. Not hard to do by McFortner · · Score: 1

    When I worked as a 911 dispatcher from 2000 to 2008, we were responsible for activating the system. Unfortunately, it was by a simple, unencrypted radio system. It would sometimes go off because of stray signals, or even signals from far off transmitters that were coming in through tropospheric ducting. Way too many systems like this rely on obscurity for their security instead of encryption or hard wiring. Getting the right codes would require simple listening to the frequencies with a SDR during prior storm events, or, even easier, social engineering.

    --
    Beware of Sales Reps bearing gifts.
  37. Not "great". Bush Jr had 85% at this point by raymorris · · Score: 0

    40% gives his job performance a thumbs up as opposed to a thumbs down.
    So most think poorly, 40% think more positive than negative of his job performance.

    Personally, my rating for "liking" the guy is a lot lower than my rating for his performance on the job.
    CNN reports that 70% of Americans say (see) that the economy is doing well, and that probably factors very much into Trump's job approval rating. You can, as I do, dislike the man and also be literate in economics, seeing that things are going well.

    For comparison, at the same point in his term, Bush Jr. had an 85% approval rating. So half as many people approve of Trump's performance Trump compared to Bush Jr.

    So they aren't saying "he's great!" 40% say that what he is doing as president is slightly more positive than negative.

  38. Re:Idiot posters here without a clue, read and lea by Anonymous Coward · · Score: 0

    The radio frequencies are public, or can be identified using a basic scanner during a test. Many of these systems simply use DTMF "1 touch pad tone" for on and DTMF "2 touch pad tone" for off. If the control system is more complicated, the command sequence can be captured by GNU Radio during any pre-announced test. Sentry Siren is trying to convince cities that their cheap configuration is more secure that the even cheaper config they currently have ... when in reality it is brings very little additional security. Cities will always pre-announce their tests and it is unlikely that they will immediately change their codes after a test since that effectively invalidates the test.

    "continuous tone-coded squelch system" may be offered, but does anyone use it? And it won't help much if someone decides to take their transmitter closer or use a high gain antenna since the hacker can transmit the continuous tone just as easily as the city can.

  39. pass the hash by eaglesrule · · Score: 1

    A replay attack would not require extensive knowledge of the frequencies and codes of the control systems.

      The attacker even had advanced notice of when the control signals would be broadcasted. Nothing in that article suggests that an exact replay of the test signals weren't used, or couldn't be used.

    I suspect that the same 90 second pattern that occurred during the hack was the same used for the announced test.