Cyber Week in Review: Dallas Emergency Sirens, ATMs & National Foreign Trade Council

Media Division | April 21, 2017

Since the dawn of civilization human beings have searched for meaning: Why do the planets wander among the stars? Why does the sun rise in the east and set in the west? Why do hackers hack? Why make Darth Vader scream, “No” as he tosses the Emperor off the balcony?

Where science cannot answer, mankind can only speculate.  Some hackers seek to spy, others to profit, others to expose perceived injustices in the world, others out of sheer devilish fun.  The world is not black and white, with so many shades of gray.  (Some directors mess with our childhoods by editing films years after release).

This week we take a look at three hacking stories that may fit all of these reasons for hacking, but leave the speculating up to you.

Siren Song

Dallas, Texas is known for longhorns, the Cowboys and being a major business hub in the largest state in the contiguous 48 states.  On the first Friday of April, the city got hacked in a way that was likely a local punk making a name for himself, someone who doesn’t have young children at home trying to sleep.

Or at least, that’s what the city’s nearly 1.3 million residents heard during the night: from about 11:40 PM to 1:20 AM the city’s 156-strong siren emergency notification system sounded, every 15 minutes for about 90 seconds each.

Each time local officials felt they had stopped the attack, whoever was hacking it would hack again, continuously hacking until personnel shut down the entire notification system.

The Emergency notification system in Dallas, like many other cities across the country, is used in the case of a major catastrophic event, such as a hurricane.  The sound alerts residents to tune in via emergency radio or television to get more specifics.  It’s the fastest communication system in most cities that utilize such devices so that in the event of something requiring evacuation, or other emergencies of magnitude, all residents would be notified at the same time.

It’s loud and virtually impossible to sleep through, possibly even a little unnerving.  So hearing it throughout the night was unavoidable for residents.

As city infrastructures become more digitized and connected, they risk such attacks.  In most cities, water and light, traffic control, and other critical functions work through computerized systems.  Security measures aim to protect against interference.

In the case of the Dallas emergency sirens hack, city officials believe they pinpointed the nearby point of origin of the attack.   They plan to work with federal officials to prosecute.

In the meantime, the emergency system remains offline so that residents can sleep again.

Money Makers

In what is clearly just hacking for profit, ATMs have been hit with a new slew of attacks.

There’s more than one way to take money from a bank, and while most methods are so difficult as to be virtually impossible, that doesn’t stop people from trying these methods:

  • Armed robbery: Most live bank robberies end with just a few thousand dollars and the robber getting caught.
  • Remote hacking: While occasionally successful, this method takes a level of skill few individuals on the planet have.
  • Kidnapping a bank employee: While generally only a movie plot, this method also dangerously occasionally happens in real life. Such criminals are then guilty of enough crimes to spend the rest of their lives in prison.
  • Hacking an ATM: This method then becomes the weakest link in the money chain, a criminal’s irresistible chance to take thousands of dollars without the violence or the same skill level.

ATMs have been “smashed and grabbed,” wired into directly, after removing the faceplate and had fake skimmers attached to steal customer information.  Each of those methods has required rather sophisticated equipment.

Now, a series of hacks of ATMs in Russia have revealed new malware techniques employable with only a laptop and about $15 worth of equipment.  Either remotely, or by drilling a golf-ball sized hole in the machine, a hacker can infect the system with fileless malware and walk away within a few minutes.

Russian security firm Kaspersky Labs have been investigating the attacks and have detailed the techniques.

In the United States, CCTV, security systems, and sometimes live security personnel are all employed to help prevent such attacks.

Click Bait

The potential data access to such major corporations as Microsoft, Amazon, Wal-Mart, and Ford Motor Co, among thousands of others, was just too great a temptation for a hacking team to resist, or so we can assume based on a recent attempt through the National Foreign Trade Council’s (NFTC) website.

The NFTC is a nonprofit international trade policy advocacy organization, with giant corporation members like those listed, and their meetings website had apparently been hacked: a malicious link on their website would have deployed a spying software tool called Scanbox onto any computer originating a click.

Fortunately, the link was discovered and removed.  Officials say no one fell for the bait.

So who would want to set up such a trap?  Experts say that Scanbox is the tool of choice of the Chinese government.  It may have been an attempt at international or corporate espionage.

Security breaches on the scale of these attacks, while mitigable after the fact, represent the tip of the hacking iceberg.  Data breaches cost corporations millions of dollars.

So learn from the experiences of others, and enjoy the headlines, but stay out of them.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.