It’s a growing problem. The nation’s emergency communication system is highly vulnerable to attacks. 911 communications can be disrupted or spoofed with ease.
Without financial reward, the volume of attacks against emergency communication is surprising. Motivations vary -- some do it for mischief, but it’s also used to disrupt businesses, and could conceivably be used to divert police away from a crime in progress. And there’s also been a huge rise in swatting.
Swatting
Swatting is the practice of calling the emergency services and reporting a serious crime involving firearms in the hope of getting a heavily armed SWAT (special weapons and tactics) team to a target’s house. Some just want to see a SWAT team in action; others carry out the deception as an intentionally harmful action against a victim. The deception has tremendous potential to result in an accidental fatality.
Swatting has been successfully carried on against journalists and celebrities. A 12-year-old boy successfully got SWAT teams dispatched to the houses of actor and tech investor Ashton Kutcher and pop star Justin Bieber.
Hiding From The System
In some cases, the limitations of communication systems allow malicious persons to go unnoticed. When calls are made to the emergency services the telecommunications provider routs them to the local 911 team, along with as much information as possible about where the call is located. With wired systems that’s limited to what subscriber information they have on file, but some mobile calls can also include GPS and all include data on which cell tower the caller is using.
Malicious callers can find ingenious ways to hide their location from authorities. In the case of the preteen swatter, the child used a text telephone (TTY) used by the disabled, to call in the false report. These terminals are transferred to an operator, who will forward the call to the emergency services and relay the information, thus circumventing much of the location and user information usually included in calls.
The emergency call centers themselves can contribute to the problem. These used to be airgapped from a hospital’s administrative systems but increasingly they are merged to save on money and network maintenance and are therefore much more susceptible to a denial of service attack against the telephone or computer systems.
Hard To Fix
Increased ability to indentify caller location could help law enforcement track down and apprehend malicious callers. Evolving a common security testing structure for phones and networks would help protect against attacks, as would producing another step into the call process – asking callers to press a number for language preference. While it would help safeguard emergency communication it would also slow it down. When seconds can make the difference between life and death, this lag becomes an impediment to public safety.
The best fix is also the hardest to make. The more advanced a system is, the harder it is to disrupt or attack. With tight budgets, most local authorities are not in a position to make the upgrades, especially in the relatively remote chance their systems would be targeted.