now browsing by tag
When news broke last week of a hacking attack on Baltimore’s 911 system, Chad Howard felt a rush of nightmarish memories.
Howard, the information technology manager for Henry County, Tennessee, faced a similar intrusion in June 2016, in one of the country’s first so-called ransomware attacks on a 911 call center. The hackers shut down the center’s computerized dispatch system and demanded more than $2,000 in bitcoin to turn it back on. Refusing payment, Howard’s staff tracked emergency calls with pencil and paper for three days as the system was rebuilt.
“It basically brought us to our knees,” Howard recalled.
Nearly two years later, the March 25 ransomware attack on Baltimore served as another reminder that America’s emergency-response networks remain dangerously vulnerable to criminals bent on crippling the country’s critical infrastructure ─ either for money, or something more nefarious.
There have been 184 cyberattacks on public safety agencies and local governments in the past 24 months, according to a compilation of publicly reported incidents by the cybersecurity firm SecuLore Solutions. That includes Atlanta, which fell victim to a ransomware attack a couple days before the one on Baltimore, scrambling the operations of many agencies, but not the 911 system.
911 centers have been directly or indirectly attacked in 42 of the 184 cases on SecuLore’s list, the company says. Two dozen involved ransomware attacks, in which hackers use a virus to remotely seize control of a computer system and hold it hostage for payment.
Most of the other attacks involve “denial of service,” in which centers are immobilized by a flood of automated bogus calls. One of the first occurred in October 2016, when Meetkumar Desai, then 18, of Arizona, distributed a computer bug on Twitter that overwhelmed 911 centers in 12 states. The motivations for such attacks are often less about the money than doing damage — sometimes as a form of protest, as when the “hacktivist” group Anonymous took down Baltimore’s city website after the death of Freddie Gray while in police custody, experts say. Desai reportedly told authorities he meant his attack more as a prank.
“911 is the perfect [target] because it can’t afford to be down,” said Tim Lorello, SecuLore’s president and CEO.
This is how 911 works: When someone dials for help ─ typically from a mobile phone ─ the call gets routed from a cell tower to a 911 center, where a “telecommunicator” answers the phone and gathers basic information. The telecommunicator enters that information into a computer-aided dispatch system, where a dispatcher picks it up and coordinates a response from firefighters, police officers or ambulances.
This 911 system relies on redundancy, meaning that call centers that are taken out of service by a hacking attack can work around the disruption by shutting down the computer-aided dispatch system and sharing information person-to-person, or by sending calls to a nearby center. But depending on the type of attack and a 911 center’s resources, those disruptions can make it more difficult for people to reach someone in case of an emergency. A July 2017 investigation by Scripps News on the vulnerabilities of 911 systems noted the case of a 6-month-old Dallas boy who died after his babysitter’s 911 calls were delayed during an apparent denial-of-service attack.
J.J. Guy, chief technology officer at the cybersecurity firm Jask, said that the spread of ransomware attacks on public safety agencies and other key government operations shows the potential for cyberterrorists to target the country’s critical infrastructure.
Last month, the Department of Homeland Security outlined in a report how Russian hackers have gained access to American power plants. The hackers did not cause service interruptions, but the fact that they could gain access at all is troubling to security experts.
“To date, if you don’t have credit cards or lots of personal information, attackers had little motivation and thus you were mostly safe,” Guy said in an email. “This will change those dynamics. Manufacturing, logistics, etc — any field with an operations mindset that loses money when ‘the line is down’ will be targeted.”
The attack on Baltimore was discovered March 25, after a morning breach of its computer-aided dispatch system, officials said. The city’s cybersecurity unit took the system down, forcing support staff to pass 911 calls to dispatchers using paper rather than electronically. Call-center operations returned to normal early the next day, officials said. Investigators later determined that the intrusion was an attempted ransomware attack, but “no ransom was demanded or paid,” a city spokesman James Bentley said. He declined to explain further, saying that “could compromise the investigation.”
Most ransomware cases end similarly, with governments refusing to pay hackers, choosing instead to switch to a more primitive version of 911 services while they rebuild their systems. Governments have caved at times, however, although officials decline to say much about those incidents, out of concern that it will encourage more attacks.
Another problem with the current 911 system is that it doesn’t accommodate the ways people communicate in the modern world ─ through texts, photos, videos, etc. That is why the 911 industry is pushing telecommunication companies and state and local governments to adopt what it calls Next Generation 911, which allows callers to send data through approved telecommunications carriers and internet service providers (while still taking calls from landlines).
Adoption of Next Generation 911 has been slow and costly, said Brian Fontes, CEO of the National Emergency Number Association, or NENA. A tiny fraction of America is on Next Generation 911; the short list includes Maine and Vermont, with Indiana, Washington state’s King County and part of Texas getting close, Fontes said.
The Next Generation 911 systems will have advanced security baked into their foundations, including the ability to instantly identify suspicious activity, immediately shut down in response to intrusions, and simultaneously move incoming calls to other centers in a way that is undetectable to someone dialing for help, officials say.
But the increased connectivity also opens the modern systems to new potential modes of attack, experts say. No matter how sophisticated a defense, all it takes is one overlooked vulnerability to let hackers in, experts say.
That makes it essential to develop sophisticated defense systems run by in-house cybersecurity teams, they say.
In Baltimore’s case, the ransomware attack was discovered and repelled by Baltimore City Information Technology, which maintains defenses across the local government. It determined that the hackers had found access after a technician troubleshooting the computer-aided dispatch system made a change to a firewall and mistakenly left an opening, the city’s chief information officer, Frank Johnson, said in a statement. The FBI is now helping the city investigate.
Howard, in Tennessee, knows how his attacker obtained access to the 911 center — by finding a weak password left by a deceased former system administrator. The FBI told him it looked as if the attack came from Russia. But he still isn’t sure.
Howard cleaned and rebuilt his system, but struggles to maintain patches for his outdated CAD system. “It’s been a nightmare,” he said.
No one has been caught or prosecuted in the Tennessee or Baltimore attack.
The post Hackers have #taken down #dozens of #911 #centers. Why is it so #hard to stop #them? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ I dated dozens of young men, had fun with all, made commitments to none. Gene Tierney The post I dated dozens of young men, had……. appeared first on Dating Scams 101. View full post on…
View full post on Become007.com
A school teacher who indecently recorded dozens of children has pleaded guilty to more than 60 offences.
The male teacher, who was sacked upon being charged, faced the WA District Court on Thursday and entered guilty pleas to 62 charges, including 57 counts of indecently recording a child.
He also pleaded guilty to two counts of possessing child exploitation material, two counts of producing child exploitation material and one count of visually recording a private activity.
The man, whose name remains suppressed by the courts, was arrested in August 2015 after a mobile phone found at the school he was teaching at was handed into police.
The post Teacher who indecently filmed dozens of children pleads guilty appeared first on Parent Security Online.
View full post on Parent Security Online
Strange laws see hacker jailed only for one year for doxxing and swatting while hacking a website to expose a high school rapist gets a longer sentence Strange are the laws of the United States of America. Its judicial system sentenced a former journalist and Anonymous member, Mathew Keys to two years in jail for […]
The post Hacker who doxxed dozens and swatted nineteen times gets ONLY one year in Jail appeared first on National Cyber Security.
View full post on National Cyber Security
51, to be exact. The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage,” according to Fed records. The central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role in global […]
The post Federal Reserve Records Show Dozens of Cybersecurity Breaches appeared first on National Cyber Security.
View full post on National Cyber Security
n total, 25 separate operations were carried out across England, Scotland and Wales. Those arrested are suspected of being involved in a wide variety of cybercrimes including data theft, fraud and virus writing. One raid the BBC witnessed targeted a man suspected of involvement in a 2012 hack attack on web giant Yahoo. Stolen data The week-long series of operations was co-ordinated by the NCA’s National Cyber Crime Unit (NCCU) as well as specialist officers from regional organised crime squads and the Metropolitan Police. West Midlands police arrested a 23-year-old man in Sutton Coldfield who is believed to have been involved in breaking into the network of the US defence department in June 2014. The biggest operation saw the arrest of 25 people in London and Essex suspected of using the net to steal money, launder cash and carry out other frauds.The hackers behind that attack stole contact information for about 800 people and data on the network’s internal architecture was also pilfered.Eyewitness: Rory Cellan-Jones, Technology correspondent I was with one of the teams from the National Crime Agency as they carried out an arrest this week at a flat in north London. One group had tracked the suspect, a […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security