When people are in trouble or if there is an emergency they dial 911. If we did not have the 911 hotline, who knows how many lives would be lost on a daily basis. Sometimes, unfortunately, help doesn’t come, even when dispatchers have received the call and responded. This generally isn’t the fault of the dispatchers, but rather the work of criminals who have undermined the rescue efforts by using some unorthodox hacking methods.

WIRED magazine reports that the 911 address database is potentially susceptible to an online hacking attack. When it was created, the 911 system was meant to streamline operations for those who needed immediate emergency assistance, and as a result its security was compromised. Rather than focus on network security, emphasis was put on training the operators to deal with common problems, like coaching those on the other side of the line how to perform CPR. So, what happens if someone were to hack the database and mess with its contents?

Complete and total chaos. Hackers can potentially alter the addresses that are contained in the database and make it difficult to administer aid when it’s needed most. Depending on the type of phone being used, there are different ways in which the system works:

  • Landlines: The operators must determine the location of the caller. If they’re using a landline phone, they use a database of addresses which are tied to particular phone numbers.
  • Wireless Phones: A slightly different method is used if the caller is using a cellphone. These phones are equipped with GPS chips which send out coordinates after a cellphone tower processes the call.

In response to these troubling discoveries, ER physician Christian Dameff and pediatric doctor Jeff Tully, are seeking ways to improve the quality of 911’s network. Both were involved in streamlining the system when it was first created. With the help of IT security manager Peter Hefley, the trio hacked into the system to look for potential vulnerabilities. Their ultimate goal is to create a world where hackers don’t rule the Internet.

A 911 hack is very different from the type of hack which we normally see in the business world. Ordinarily, a hacker might break into a network in order to find some sort of sensitive information or steal personal credentials. Instead of ruining someone’s credit history, stealing their identity, or charging money to their credit cards, hackers make responding to crimes more difficult by swapping addresses around in the database. They can also launch dangerous denial of service attacks, which can potentially prevent calls from even reaching the center. Operators are trained to ask the callers for their current address, but often callers don’t know where they are. If the addresses in the database aren’t accurate, people in need will not receive aid when they need it most.

Swatting with Landlines
One particular method a hacker uses to interfere with emergency deployment is called “swatting.” In essence, it’s basically a fake 911 call. A hacker calls the 911 operator using a fake or stolen phone number or caller ID, then proceeds to report fake home invasions or hostage threats (depending on how creative they’re feeling). What’s worse is that these types of techniques are so simple to employ that even an inexperienced hacker can pull them off.

To make this situation even worse, if the swatter calls a local public safety hotline rather than 911, they can completely bypass the system and simply provide the address of their target. The last thing anyone wants is the police knocking on their door as a result of a hoax. While the public safety hotline numbers aren’t generally available to the public, a hacker can find these numbers through a tone extraction technique on recorded 911 calls.

Swatting Mobile Phones.
Because a mobile device uses a GPS chip rather than a physical address, you would think that it would be more difficult to pull off a swatting attack. The GPS chip provides both the latitude and longitude rather than the owner’s billing address. This information is stored temporarily in the address database upon making the call, and is then switched over to the public security line.

Due to another quirk in the system, it’s simple enough for callers to fool the emergency responders. By using a prepaid phone which isn’t connected to an account, hackers can use the phone without being detected. The vulnerability lies in the fact that phones must, by law, be able to contact 911.

Swatting with VoIP
Voice over Internet Protocol systems can also potentially be tampered with in the event of an emergency. It doesn’t help that the process by which a VoIP user calls 911 is a long one. VoIP users manually place their address in the VoIP system database. They must then configure it to route their calls from 911 to the public safety number. As with any database, if a hacker gets access to it, they can mess with any address on file or steal information from it to use for other tactics.

On a more basic level, poor security and poor communication can have unfortunate consequences. If someone can’t reach your company’s support when they need to, you’ll either have an angry client ripping your business practices apart, or a former client hanging up the phone on you. This is one reason why Quikteks emphasizes security over all other practices. With our powerful security solutions, you know your business will be equipped to handle both inside and outside threats. Our Unified Threat Management solution will keep your business’s network safe and secure.

At Quikteks, you won’t find your IT emergencies falling on deaf ears. Give us a call at (973) 882-4644 to learn more.