In-brief: The April 7th hijacking of more than 100 civil defense sirens in Dallas was dismissed as an “old school” hack that relied copycat radio tones to set off a cacophony that lasted for nearly two hours. But was it? Security researcher Mark Loveless (aka “Simple Nomad”) has his doubts about the official explanation. In this latest Security Ledger podcast, he talks to Editor in Chief Paul Roberts about what might have really gone down in Dallas.
Late in the evening of April 7th, unknown assailants took control of more than 100 civil defense sirens in the City of Dallas, Texas, and treated the residents to more than an hour-long horn-fest. The attack wasn’t damaging, in the traditional sense of the word, but it sure was loud -and unsettling. Dallas 911 received more than 4,000 calls during the attack, overwhelming operators. Rumors spread online that the sirens weren’t going off by accident, but that some actual attack was underway and being covered up by authorities. Emergency response officials struggled to get word out to authorities, elected leaders and the public that all was well. In short; chaos.
In the days that followed, City of Dallas officials said that the sirens were not the result of a computer hack, but ‘old school’ radio-frequency based tampering. Emergency response officials said they updated the city’s siren installation to use encrypted signals. The city council allocated an extra $100,000 for the company that manages its siren infrastructure.
But was the Dallas Siren incident a throwback to the days of radio based tampering and phone phreaking, or was there more to the commandeering of civil defense infrastructure in a major American city than meets the eye? In our latest Security Ledger podcast, we speak with Mark Loveless, a senior security researcher at the firm DUO Security and a Dallas- Fort Worth area resident. Loveless, who also uses the handle “Simple Nomad,” has his doubts. In a blog post last week, Loveless raised questions about the official account of the event, in which officials reported being locked out of systems used to manage the sirens. That is one possible explanation for the duration of the attack, which lasted for close to two hours.
“If the computers were not working at that exact moment, that’s an awfully interesting coincidence,” Loveless told The Security Ledger. The truth of the incident may be that it was a hybrid: part traditional RF spoofing, part computer based intrusion. “I interpret that as someone did something to the computer system and then triggered via traditional radio system,” Loveless said.
Loveless said that some element of computer intrusion may have played a part. Software based systems are not part and parcel of civil defense and emergency response apparatus. These systems, frequently, are poorly secured and vulnerable to remote, software based tampering.
Check out our full conversation below via Soundcloud. You can also listen to it on iTunes. As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.