Dallas's 156 tornado sirens hacked and repeatedly set off in the middle of Saturday night

If you've ever witnessed an emergency siren test, you know how terrifying these things are: engineered to be bowel-looseningly urgent, to pierce through any sense that it's probably just a misfire, to motivate you to drop everything and rush for the emergency shelters, equally useful for tornadoes and incoming ICBMs.

So when a hacker set off all 156 of these sirens more than a dozen times between 11:30PM on Saturday and 3AM on Sunday, it threw the city into chaos, sparking 4,400 911 calls.

Any bets on how it was done? Is the system built on Windows 2000, running thousands of known, unpatchable vulnerabilities? Was it hooked up to modern unpatchable no-name IoT gadgets? Was the password set to 00000000? Or did a helpful security consultant decree that passwords be changed once a month, thus guaranteeing that they'd be memorable and written down on post-its stuck to every terminal?

Maybe all of the above.

City officials have discovered how the system was compromised and are working to keep it from happening again—as of around noon on Saturday, the system had apparently been reactivated, and the city was working to implement "more safeguards" over the weekend. They aren't disclosing how the system was compromised or who may be responsible, but Dallas Office of Emergency Management directory Rocky Vaz told the Dallas Morning News that it was likely "someone outside our system" but still in the Dallas area.

Hackers set off Dallas' 156 emergency sirens over a dozen times
[Andrew Cunningham/Ars Technica]

(Image: Ben Franske, CC-BY-SA)