Cyberattack disrupted Baltimore emergency responders

An attack which lasted 17 hours forced responders to switch to manual methods.
Written by Charlie Osborne, Contributing Writer

There appears to be no honor among thieves.

Threat actors have been cashing in on hacking and cyberattacks for years. Pillaging bank accounts, stealing identities, selling access to botnets to disrupt websites -- the possibilities are endless.

Hospitals, core infrastructure, and critical services are not protected from compromise, either -- even if the purpose of disrupting these areas may not always be apparent.

There have been multiple reports of hospitals, for example, being targeted by ransomware operators. Unfortunately, threat actors know that hospital officials will often pay up rather than face continual disruption, system lockout, and risk patient safety.

However, it seems that dispatch systems are now also a target.

Back in January, New Zealand police were forced to listen to NWA's "F*** the Police" on loop after someone broadcast the song on repeat in the same frequency as law enforcement radios; and now, operators of the Baltimore 911 dispatch system are also facing serious issues of public safety.

Mayor Catherine Pugh's office confirmed to local publication The Baltimore Sun on Tuesday that dispatchers faced 17 hours of disruption following a security breach.

Over the weekend, unknown threat actors temporarily caused a shutdown of Baltimore's automated dispatch system.

According to the office, the cyberattack was launched on Saturday morning at 8.30 am, impacting the messaging functions within the Computer Aided Dispatch (CAD) system uses by both of the city's 911 and 311 services.

CAD is used to automatically divert calls to the closest emergency responders, in order to make assistance in emergencies as efficient and quick as possible. Manually taking phone calls and details is far slower.

The "limited breach" forced responders to abandon automatic systems and "transition to manual mode" in order to keep operating.

"This effectively means that instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually," Frank Johnson, chief information officer in the Mayor's Office of Information Technology told the publication.

No information relating to the threat actors behind the attack, the kind of compromise, or whether or not data was exposed has been made public. However, staff were able to "isolate and take offline the affected server, thus mitigating the threat," according to Johnson.

See also: AVCrypt ransomware attempts to eradicate your antivirus

The CAD system was restored by 2 am on Sunday morning and normal operations resumed.

An investigation is underway with assistance from the FBI.

Android, iOS mobile apps to download before disaster strikes

Previous and related coverage

Editorial standards