A hacker set off the tornado emergency sirens in the middle of the night last week across two North Texas towns. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system a day before major storms and potential tornados were set to hit the area.
The incident impacted DeSoto and Lancaster, two cities in Dallas County, Texas --both suburbs located south of the main Dallas metropolitan area.
On the night of March 12, between 02:30 and 04:00 AM (local time), a hacker set off the two cities' tornado sirens, waking locals in the middle of the night.
Over 30 sirens went on and off, with 10 in DeSoto and 20 in Lancaster.
Some residents also reported alarms going off in the nearby suburbs of Red Oak, Cedar Hill, and Glenn Heights, but the incidents didn't affect the entire cities, and sirens didn't blare for hours.
The false alarm caused quite the panic in the two towns, as locals were already on the edge of their seats regarding incoming storms. The city had run tests of the tornado alarm sirens a week before, but the tests were set during the middle of the day and had long concluded.
It was a hack
According to CBS Dallas, DeSoto and Lancaster officials who investigated the incident confirmed the two emergency alarm systems had been hacked and set off "intentionally," excluding the possibility of a freak technical accident in the two cities at the same time.
"Based on the widespread impact to the outdoor sirens located in two separate cities, including Lancaster, it has become evident that a person or persons with hostile intent deliberately targeted our combined outdoor warning siren network," Lancaster officials said in a statement.
"Sabotage against a public warning system is more than vandalism. It is a criminal act and those responsible are subject to arrest and prosecution," officials said said.
The two hacked systems were taken offline the next morning, and remained offline ever since.
Major thunderstorm hit the towns a day later
Bad weather, including storms and potential tornadoes, was announced for all last week in the North Texas area. A severe thunderstorm hit the two cities the following night, on March 13.
Thunderstorms are known to produce brief tornadoes, but luck had it that no tornado formed and hit the towns that day.
Tornadoes are frequent in Texas, as the state is located in Tornado Alley, and tornado season, a period of the year between March and May when most tornadoes happen, had officially begun.
Nevertheless, a tornado didn't form on March 13, and, luckily, the sirens weren't needed.
A repeat of the 2017 Dallas incident
This is not the first time that something like this happened in Dallas County.
In April 2017, a hacker exploited a "radio issue" to set off 156 tornado sirens for hours across the city of Dallas in the middle of the night. Dallas city officials answered that hacking event by adding encryption to the radio signal that controlled the city's sirens, preventing any amateur radio enthusiasts to hijack their control signal.
In April 2018, security researchers from Bastille published a report about the SirenJack vulnerability affecting a popular emergency alert system. SirenJack could allow hackers to hijack sirens and trigger alarms.
Related cyber-security coverage:
- Microsoft releases Application Guard extension for Chrome and Firefox
- Dutch hacker who DDoSed the BBC and Yahoo News gets no jail time
- Two-thirds of all Android antivirus apps are frauds
- Android Q to get a ton of new privacy features
- Chinese hacking group backdoors products from three Asian gaming companies
- Is it still a good idea to publish proof-of-concept code for zero-days?
- Android 'API breaking' vulnerability leaks device data, allows user tracking TechRepublic
- Android security program has helped fix over 1M apps in Google Play CNET