The 911 dispatch system of Baltimore became the target of hack attack over the weekend. As per Pugh spokesperson James Bentley, the hack led to the temporary shutdown of the automatic dispatching system while the perpetrators of the crime are yet unknown.
Bentley confirmed that the hack occurred on Sunday morning at around 8:30 am and the messaging functions within the computer-aided dispatch system called the CAD were affected. On Tuesday, Mayor Catherine Pugh’s office announced to launch “a full investigation of all network systems.”
The mayor’s office affirmed that it was a “limited breach,” considering that it did not affect or disrupted critical services. Due to the hacking of dispatch system, details of incoming callers, who required emergency aid, couldn’t be relayed electronically and the task was performed manually.
Baltimore CIO Frank Johnson stated that after discovering the breach, the 911 and 311 dispatchers started receiving information manually while the services continued undisrupted. Johnson explained:
“This effectively means that instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually.”
IT experts and technicians at the department isolated the affected server and fully restored the systems by 2 a.m. It is currently not revealed if hackers managed to steal data or how the system was compromised. An FBI spokesperson Dave Fitz claimed that the agency was already aware of the attack and also offered technical support to Baltimore city for dealing with the situation after the hacking.
The purpose of CAD systems is to accelerate the call accepting procedure. It supports the 911 and 311 services of the city. In Baltimore, this system is used to automatically populate incoming 911 callers’ locations on mapping system and connects with the closest emergency responders. This system is extremely helpful when calls are made from mobile phones and callers are confused about their location.
Through CAD, the incident form is automatically filled with necessary information such as the caller’s location and contact details. When operating manually, everything changes and functions are performed differently, said the Division of Emergency Management in Frederick County, Maryland, director Jack Markey.
Markey further added that if a single sub-system is disrupted it only affects the level of automation to some extent. However, if the entire city has to work manually, this means referencing the reported address to an information card to identify the resources required to address an emergency. Basically, manual operation of dispatch system makes the entire process less efficient but it is definitely useful in situations when the system has been compromised.
Lately, security experts have expressed concerns over the reliability of 911 services since jurisdictions have transitioned the public safety answering points to IP-oriented systems. These systems are highly vulnerable to hacking given that there are multiple entry points for malicious cybercriminals.
Darryl De Sousa, Baltimore City Police Commissioners, stated that he got informed about the hack “almost at the onset,” and many of the department systems were deliberately shut down by police commanders to prevent high level compromising of the systems.
The hack attack has occurred at a time when incidents involving hacking of key municipal systems across the US have peaked. In February 2018, Trump administration accused Russia of launching a well-planned campaign to hack national power grid and other US utilities.