“9-1-1 what’s your emergency?”
“I’ve been hacked! And so have you!”
Sounds silly, but this was reality for Baltimore Maryland’s emergency dispatch service, which was hacked last week. It lasted 17 hours, and during that time, all calls and dispatches had to be operated manually, and it delayed emergency services.
The details? An unidentified hacker broke into the CAD (Computer Automated Dispatch) system, disrupting the messaging functions and locking out some users. The attack appeared to be unrelated to any other criminal activity of the night, but it still caused some mayhem within the city offices.
So what actually happened? A hacker forced people to 911 operators to collect information about location details manually, instead of receiving a location ping. “This effectively means that instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually,” Baltimore’s CIO Frank Johnson told the Baltimore Sun, a local news media company.
“Once all systems were properly vetted, CAD was brought back online. No personal data of any citizen was compromised in this attack. The City continues to work with its federal partners to determine the source of the intrusion,” Johnson said in the statement.
The FBI assisted in shutting down the hackers, working in tandem with Baltimore city technicians. Initially, it was thought to be the same hacker group who hacked the city of Atlanta’s bill payment system. This was a ransomware attack, with $51,000 demanded in exchange for the city’s files. After further investigation, the attacks were confirmed to unrelated.
How did this happen, you might ask? “I don’t know what else to call it but a self-inflicted wound,” Johnson said. “The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”
Baltimore did, however, question the makers of the software, TriTech Software Systems. The city has a $2.5 million contract with the software company to maintain its CAD software and provide “technical support services to ensure the functional integrity” according to the Baltimore Sun.
Scott MacDonald, TriTech’s vice president of public safety strategy, said the company worked with city IT personnel to shut down the CAD software after the attack. The breach was not related to the company’s software, MacDonald said. “When we were alerted of it, it was reported that the server had some sort of compromise,” he said. “Our techs connected and worked with the IT staff there, and the CAD system was taken down manually, in combination between our staff and theirs, while the servers could be troubleshooted by the city.”
This isn’t the first attack on a big U.S. city this year, and definitely won’t be the last. In fact, predictions for this year all point to a large-scale attack on a big cyber attack on a major city power grid. Hopefully it doesn’t happen, but this is a precursor to bigger attacks. Which city will be next? Stay updated on cyber security news right here on Fibernet’s The Daily Security Brief.