Even the 911 Address Database Can Get Hacked

People dial 911 when they’re in some sort of trouble or in the event of an emergency. If not for the hotline, who knows how many lives could be lost daily. Sometimes, however, help doesn’t come, even when dispatchers have received the call and responded. This generally isn’t the fault of the dispatchers, but rather the criminals who have undermined the rescue efforts thanks to some unorthodox hacking. WIRED magazine reports that the 911 address database could potentially be susceptible to an online hacking attack. At its time of creation, the 911 system was meant to streamline operations for those who needed immediate emergency assistance, and its security suffered in response. Rather than concentrate on network security, more emphasis was put on training the operators to deal with common problems, like coaching those on the other side of the line how to perform CPR if necessary. So, what happens if someone were to hack the database and mess with its contents? Complete and total chaos. Hackers can potentially alter the addresses that are contained in the database and make it difficult to administer aid when it’s needed most. Depending on which type of phone is used, there are different ways in which the system works:

• Landlines: The operators must determine the location of the caller. If they’re using a landline phone, they use a database of addresses which are tied to particular phone numbers.
• Wireless Phones: A slightly different method is used if the caller is using a cellphone. These phones are equipped with GPS chips which send out coordinates after a cellphone tower processes the call.

In response to these troubling discoveries, ER physician Christian Dameff and pediatric doctor Jeff Tully, both seek to improve the quality of 911’s network. Both were involved in streamlining the system when it was first created. With the help of IT security manager Peter Hefley, the trio hacked into the system itself to look for potential vulnerabilities. In order to create a world where hackers don’t rule the Internet, they presented their findings at the DefCon hackers conference in Las Vegas. A 911 hack is much different from the type of hack which we normally see in the business world. Ordinarily, a hacker might break into a network in order to find some sort of sensitive information or steal personal credentials. Instead of ruining someone’s credit history, stealing their identity, or charging money to their credit cards, hackers make responding to other crimes much more difficult by swapping addresses around in the database. They can also launch irritating denial of service attacks, which can potentially prevent calls from even reaching the center. Furthermore, operators might be trained to ask the callers for their current address, but they often don’t know where they are. If the addresses in the database aren’t accurate, people in need may not receive aid when they need it most. Swatting with Landlines One particular method a hacker tends to use to interfere with emergency deployment is called “swatting.” In essence, it’s basically a fake 911 call. A hacker calls the 911 operator using a fake or stolen phone number or caller ID, then proceeds to report fake home invasions or hostage threats (depending on how creative they’re feeling). What’s worse is that these types of techniques are so simple that even an inexperienced hacker can pull them off. Furthermore, if the swatter calls a local public safety hotline rather than 911 itself, they can completely bypass the system and simply provide the address of their target. The last thing anyone wants is the police knocking on their door due to nothing but a hoax. While the public safety hotline numbers aren’t generally available to the public, a hacker can find the number through a tone extraction technique on recorded 911 calls. Swatting Mobile Phones Thanks to the mobile device using a GPS chip rather than a physical address, you would think that it would be more difficult to pull off a swatting attack. The GPS chip provides both the latitude and longitude rather than the owner’s billing address. This information is stored temporarily in the address database upon making the call, and is then switched over to the public security line. Thanks to another quirk in the system, it’s simple enough for callers to fool the emergency responders. By using a prepaid phone which isn’t connected to an account, hackers can use the phone without being detected. The issue lies in the fact that phones must, by law, be able to contact 911. Swatting with VoIP Voice over Internet Protocol systems can also potentially be tampered with in the event of an emergency. It doesn’t help that the process by which a VoIP user calls 911 is a long process. VoIP users manually place their address in the VoIP system database. They must then configure it to route their calls from 911 to the public safety number. As with any database, if a hacker gets access to it, they can mess with any address on file or steal information from it to use for other tactics. On a more platonic level, poor security and poor communication can have unfortunate consequences. If someone can’t reach your company’s support when they need to most, you’ll either have an angry client ripping your business practices apart, or a former client hanging up the phone on you. This is one reason why PACE Technical Services puts emphasis on security over all else. With our powerful security solutions, you can know your business is equipped to handle both inside and outside threats. Our Unified Threat Management solution can keep your business’s network as secure as can be. At PACE Technical Services, you won’t find your IT emergencies falling on deaf ears. Give us a call at 905.763.7896 to learn more.