If you've ever witnessed an emergency siren test, you know how terrifying these things are: engineered to be bowel-looseningly urgent, to pierce through any sense that it's probably just a misfire, to motivate you to drop everything and rush for the emergency shelters, equally useful for tornadoes and incoming ICBMs.
So when a hacker set off all 156 of these sirens more than a dozen times between 11:30PM on Saturday and 3AM on Sunday, it threw the city into chaos, sparking 4,400 911 calls.
Any bets on how it was done? Is the system built on Windows 2000, running thousands of known, unpatchable vulnerabilities? Was it hooked up to modern unpatchable no-name IoT gadgets? Was the password set to 00000000? Or did a helpful security consultant decree that passwords be changed once a month, thus guaranteeing that they'd be memorable and written down on post-its stuck to every terminal?
Maybe all of the above.
City officials have discovered how the system was compromised and are working to keep it from happening again—as of around noon on Saturday, the system had apparently been reactivated, and the city was working to implement "more safeguards" over the weekend. They aren't disclosing how the system was compromised or who may be responsible, but Dallas Office of Emergency Management directory Rocky Vaz told the Dallas Morning News that it was likely "someone outside our system" but still in the Dallas area.
Hackers set off Dallas’ 156 emergency sirens over a dozen times
[Andrew Cunningham/Ars Technica]
(Image: Ben Franske, CC-BY-SA)
Google has published the results of a study of the efficacy of standard anti-account-hijacking techniques like two-factor authentication (2FA), secret questions, and passwords: the good news is that when these are used, they are incredibly effective at stopping both automated and targeted attacks, including "advanced" attacks of the sort that are often characterized as unstoppable.
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie "The Hateful Eight." The ensuing court-case revealed that the screeners Tarantino's company had released had some forensic "traitor tracing" features to enable them to track down the identities of people who leaked copies.
Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks […]
Raspberry Pi is one of the world’s most versatile open-source computers. Alexa is a home automation hub with limitless potential. Together, they’re a dream team for ambitious makers, opening the door to everything from automatic lights to voice-controlled robots. Learning Raspberry Pi is meant to be relatively easy for newbies, but its applications with Alexa […]
Heads up: The clock is winding down on a free-entry contest to win not only one of the best smartphones on the market but a handy pair of earbuds. A simple sign-up is all you need to be eligible to win a 256 GB iPhone XS Max, along with AirPods. And while “free” is tough […]
Kudos to those of us who have chosen a less wasteful third option to “paper or plastic” at the supermarket or club stores. Tote bags are reusable, but they can be a pain to tote around. Here’s an upgrade to that planet-saving measure. The Club Cart Lotus Trolley Bag is that rare tote you’ll want […]