Every Dallas Weather Siren Hacked on Friday To Go Off At Once - Sensationalist Headlines

[media]https://twitter.com/deadlyblonde/status/850576467234869248[/media] [quote]On Friday night, 18 minutes before midnight, every single one of Dallas’s 156 emergency weather sirens started doing this. The sirens, whose purpose is to be heard by anyone caught outdoors in a tornado or dangerous storm, screamed from the southern reaches of Oak Cliff to newspaper columnist Robert Wilonsky’s house in the north. They blared for an hour and a half, to the annoyance, terror or amusement of 1.3 million residents. The sirens are something of a spring feature in that part of Texas, which occasionally sees twisters roam past office towers, and where three tornadoes touched down just days earlier, as the Dallas Morning News reported. But not so much in clear weather, at midnight. So awoken Dallasites could only guess what was happening until city workers tried to figure out the same.[/quote] [url=https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/]Washington Post[/url]

that's pretty horrifying, especially since at night you can't see shit i would've evacuated just to be safe and out of paranoia

"hacked" Unfortunately most outdoor warning sirens use a standard radio receiver that listens for either a string of dtmf codes or an FSK data burst. All you have to do is listen on the frequency during the monthly test, grab a recording of the data, and with any cheap chinese radio you're now a certified "hacker". The only reason more people don't do this kind of thing is because there are huge legal penalties if you're caught, and it's relatively easy to track down the source of the radio signal. IIRC there was a case in Michigan a while ago where the guy ended up getting a massive amount of jailtime.

[QUOTE=papkee;52085882]"hacked" Unfortunately most outdoor warning sirens use a standard radio receiver that listens for either a string of dtmf codes or an FSK data burst. All you have to do is listen on the frequency during the monthly test, grab a recording of the data, and with any cheap chinese radio you're now a certified "hacker". The only reason more people don't do this kind of thing is because there are huge legal penalties if you're caught, and it's relatively easy to track down the source of the radio signal. IIRC there was a case in Michigan a while ago where the guy ended up getting a massive amount of jailtime.[/QUOTE] Causing a city-wide mass panic is something I think should rightfully be very illegal. It's like yelling fire in a theater on a city scale.

[QUOTE=OvB;52085899]Causing a city-wide mass panic is something I think should rightfully be very illegal. It's like yelling fire in a theater on a city scale.[/QUOTE] I can't agree more. Sadly an RF link is the most reliable way to activate these things in the event of a real emergency, and the only way to make that any more secure would be to add encryption which would mean $$$ for the county emergency management agencies which are already normally strapped for money.

[QUOTE=OvB;52085899][B]Causing a city-wide mass panic[/B] is something I think should rightfully be very illegal. It's like yelling fire in a theater on a city scale.[/QUOTE] no they don't

[QUOTE=meppers;52085918]no they don't[/QUOTE] depends on the location, but regardless a false activation leads to a diminishing of the perceived importance of the system in a real emergency, and brings with it the chance for a much larger disaster

[QUOTE=meppers;52085918]no they don't[/QUOTE] If it's severe weather conditions and suddenly the alarm goes off, I'm pretty sure most people would be fleeing. If an alarm went off at 4:00 AM you're likely not going to be tuning into the TV -- you'll be grabbing your stuff, kids, and getting the hell out. The fact that it's enough to disrupt working conditions, both public and private, is enough of a problem.

[QUOTE=aznz888;52085942]If it's severe weather conditions and suddenly the alarm goes off, I'm pretty sure most people would be fleeing. If an alarm went off at 4:00 AM you're likely not going to be tuning into the TV -- you'll be grabbing your stuff, kids, and getting the hell out. The fact that it's enough to disrupt working conditions, both public and private, is enough of a problem.[/QUOTE] I live in dallas. the weather was clear on friday. if you hear an alarm you check the weather on your phone. then you go back to bed when you see no green blobs on the radar

[QUOTE=papkee;52085909]I can't agree more. Sadly an RF link is the most reliable way to activate these things in the event of a real emergency, and the only way to make that any more secure would be to add encryption which would mean $$$ for the county emergency management agencies which are already normally strapped for money.[/QUOTE] Most of the hardware is already there, all that is really needed is to just update each receiver's firmware with some AES-256 or other encryption. Set the private key internally in each receiver and then setup AES-256 encryption on the main transmitter. Change the keys out every few weeks or so and you should be good. (If my computer security knowledge is correct). It'd really just boil down to some man hours instead of brand new hardware.

[QUOTE=meppers;52085954]I live in dallas. the weather was clear on friday. if you hear an alarm you check the weather on your phone. then you go back to bed when you see no green blobs on the radar[/QUOTE] Weather being clear or not, if every siren goes off the same time you're bound to have some people panicking to some extent, which may lead to riots and massive property damage

[QUOTE=meppers;52085954]I live in dallas. the weather was clear on friday. if you hear an alarm you check the weather on your phone. then you go back to bed when you see no green blobs on the radar[/QUOTE] Sirens shouldn't be going off willy-nilly unless it's a monthly test, regardless. I should've said potential mass panic. I didn't think I needed to be explicitly specific.

[QUOTE=papkee;52085882]"hacked" Unfortunately most outdoor warning sirens use a standard radio receiver that listens for either a string of dtmf codes or an FSK data burst. All you have to do is listen on the frequency during the monthly test, grab a recording of the data, and with any cheap chinese radio you're now a certified "hacker". The only reason more people don't do this kind of thing is because there are huge legal penalties if you're caught, and it's relatively easy to track down the source of the radio signal. IIRC there was a case in Michigan a while ago where the guy ended up getting a massive amount of jailtime.[/QUOTE] so I just have to intercept and decode transmission signals to rebroadcast on radio equipment powerful enough to reach across an entire city? boy is my face red for thinking the culprit had to qualify as some sorta hacker

We have monthly tests here in Dallas the first Wednesday of every month, which I've only heard once when I first moved here. Someone asked me if I heard all the alarms but I definitely did not, too immersed in games or something likely. I haven't really heard anybody talk about it either, the only person who mentioned it is one of my friends who lives in a different city. Weird.

[QUOTE=meppers;52085954]I live in dallas. the weather was clear on friday. if you hear an alarm you check the weather on your phone. then you go back to bed when you see no green blobs on the radar[/QUOTE] We should give every Dallas resident free unhampered control of the weather sirens with no repercussions

[QUOTE=LoneWolf_Recon;52085980]Most of the hardware is already there, all that is really needed is to just update each receiver's firmware with some AES-256 or other encryption. Set the private key internally in each receiver and then setup AES-256 encryption on the main transmitter. Change the keys out every few weeks or so and you should be good. (If my computer security knowledge is correct). It'd really just boil down to some man hours instead of brand new hardware.[/QUOTE] First off, you assume that at the city level, much less the state level, people are willing to pay for critical infrastructure upgrades on a whim. As grim as it sounds you need people to be killed or it becomes a regular probelm before they'll redirect funds. Second, this is the United States. Even if "Most of the hardware is already there" it would still take at least a year to roll out and several million dollars to upgrade.

[QUOTE=dai;52086109]so I just have to intercept and decode transmission signals to rebroadcast on radio equipment powerful enough to reach across an entire city? boy is my face red for thinking the culprit had to qualify as some sorta hacker[/QUOTE] people tend to associate hacking with bypassing security. You can't be a lockpicker if you break into a house with no door on it, you can't be a hacker if there's no security at all.

I hope somebody got high quality audio recordings of this.

this shit was annoying me especially since there is a siren right next to where I live.

[QUOTE=Mattk50;52086203]people tend to associate hacking with bypassing security. You can't be a lockpicker if you break into a house with no door on it, you can't be a hacker if there's no security at all.[/QUOTE] the earliest cases of system hacking was blowing toy whistles into telephones, not everything is coding bypasses on computers the analogy earlier on this page is shit too, you don't have to pick locks to be a burglar, only a burglar that picks locks

So, basically, OKC every Saturday at noon. You folks who only have monthly tests are lucky. Here, it's weekly tests where all the sirens scream for five minutes.

[QUOTE=pentium;52086202]First off, you assume that at the city level, much less the state level, people are willing to pay for critical infrastructure upgrades on a whim. As grim as it sounds you need people to be killed or it becomes a regular probelm before they'll redirect funds. Second, this is the United States. Even if "Most of the hardware is already there" it would still take at least a year to roll out and several million dollars to upgrade.[/QUOTE] I mean yeah, all of that is bureaucratic red tape bullshit than anything else. From a pure engineering standpoint it could be done within a week or two with maybe a dozen techs or so going all over the city.

[QUOTE=papkee;52085882]"hacked" Unfortunately most outdoor warning sirens use a standard radio receiver that listens for either a string of dtmf codes or an FSK data burst. All you have to do is listen on the frequency during the monthly test, grab a recording of the data, and with any cheap chinese radio you're now a certified "hacker". The only reason more people don't do this kind of thing is because there are huge legal penalties if you're caught, and it's relatively easy to track down the source of the radio signal. IIRC there was a case in Michigan a while ago where the guy ended up getting a massive amount of jailtime.[/QUOTE] pretty sure that still fits hacked

Now imagine if somebody did this during an actual severe weather alert, but instead stopped the sirens from going off at all resulting in a lot of people potentially dying. Because if a hacker can make them go off, a hacker can also stop them from going off. [QUOTE=SadisticGecko;52086309]So, basically, OKC every Saturday at noon. You folks who only have monthly tests are lucky. Here, it's weekly tests where all the sirens scream for five minutes.[/QUOTE] Well OKC has gotten hit by more tornadoes in recent history than Dallas has, which is likely why you have more frequent tests as do we here in Missouri as we've had a lot of near misses.

[QUOTE=aznz888;52085942]If it's severe weather conditions and suddenly the alarm goes off, I'm pretty sure most people would be fleeing. If an alarm went off at 4:00 AM you're likely not going to be tuning into the TV -- you'll be grabbing your stuff, kids, and getting the hell out. The fact that it's enough to disrupt working conditions, both public and private, is enough of a problem.[/QUOTE] Depends on the location. If alarms started going on here at 4 AM I'd at most go pull my car into the garage and angrily try to go back to sleep because I've got shit to do in the morning.

[QUOTE=dai;52086109]so I just have to intercept and decode transmission signals to rebroadcast on radio equipment powerful enough to reach across an entire city? boy is my face red for thinking the culprit had to qualify as some sorta hacker[/QUOTE] "Decode" is a stretch when you can literally just record it and broadcast the same DTMF tones over a radio. Someone would just need to have a good enough antenna and a strong enough transmitter, something any amateur radio guy could figure out. In the old days they ran on leased phone lines but now it's almost all radio, usually just VHF, and almost never digital or encrypted. Bet you dollars to donuts they just changed the frequencies or something. It'd take more than 3 days for them to get new equipment and digitize the whole system.

It kept me up until like 2. The scariest part was the skies were clear and there was no wind. The only two possible options were WW3 starting or a technical glitch. Glad it was the latter.

[QUOTE=aznz888;52085942]If it's severe weather conditions and suddenly the alarm goes off, I'm pretty sure most people would be fleeing. If an alarm went off at 4:00 AM you're likely not going to be tuning into the TV -- you'll be grabbing your stuff, kids, and getting the hell out. The fact that it's enough to disrupt working conditions, both public and private, is enough of a problem.[/QUOTE] When you hear sirens, you're supposed to turn on a TV/radio to figure out what's going on, you don't automatically leave the house.

They are suppose to be installing sirens like that in Melbourne after the recent attack and incident with a car driver, although it makes me wonder why they wouldn't just use the air raid system if it's still in intact?

[QUOTE=Sims_doc;52087484]They are suppose to be installing sirens like that in Melbourne after the recent attack and incident with a car driver, although it makes me wonder why they wouldn't just use the air raid system if it's still in intact?[/QUOTE] The electric ones can play voices and different tones and shit like that which would be more helpful. The old sirens are most likely in extreme disrepair as well.