Records Are Meant To Be Broken, Right? DDoS Attacks Are a Concern to 911

Computer and cybersecurity nerds across the internet are marveling at last week’s report of a record-breaking distributed denial of service (DDoS) attack aimed at a software development website called GitHub that caused intermittent access outages.

For those unfamiliar with DDoS attacks, they are intended to block public access to an online service by flooding it with junk data or repeated requests from multiple, and often compromising sources, thereby rendering legitimate access impossible. DDoS attacks are increasing in quantity, breadth, and sophistication. Some attacks have gone as far as demanding a ransom to terminate the attack.

Cyber attacks are on the rise, and public safety MUST protect against them

As we talk with our public safety communications clients about implementing a statewide emergency services IP network (ESInet) and / or Next Generation Core Services (NGCS), we cannot stress enough that protecting these Internet Protocol (IP)-based, broadband-enabled networks is paramount. Government DDoS attacks  have already caused many detrimental and unforeseeable effects on emergency response. Recently, the Multi-State Information Sharing and Analysis Center (MS-ISAC) released their 2018 SLTT Government Outlook which, not surprisingly, highlighted its position that the “sophistication of malware, cyber threat actors, and tactics, techniques, and procedures (TTPs) will continue to increase.”

Apple Announces a Promising Step Toward Solving 911's Wireless Location Challenges

Sensational headlines criticizing the 911 industry’s inability to accurately and quickly locate emergency callers abound, like this recent one in the Wall Street Journal: “Why Uber Can Find You but 911 Can’t.” This is one of the industry’s most intractable issues—as TV host John Oliver said in 2016, “There doesn’t appear to be a simple, satisfying answer,” to why smartphone apps provide much better location information than that received by 911 centers.

Those within the industry understand the problem: 80 percent or more of all 911 calls are made using a wireless device, and such calls are routed based on Phase I data, which is the location of the cellular tower. More accurate “Phase II” data can become available (usually) in 25-35 seconds of the call being received by the 911 center, but that depends on multiple factors, including signal strength/distortion, geography and topology, especially when calls are made inside structures.

But, smartphones are supposed to be “smart” and the device knows where the caller is physically located, because of embedded GPS sensors and Wi-Fi positioning systems. Unfortunately, as we know all too well, today’s 911 systems do not have access to that device-generated location information.

Shooting Death Underscores Urgent Need for Action on Swatting Incidents

Swatting, the practice of falsely reporting an emergency to elicit a response from a police department’s special weapons and tactics (SWAT) team, is not a new phenomenon for the 911 community.

What is new is that a death has occurred as a result of a swatting incident.

On December 28, 2017, a dispute between online gamers turned ugly. Media reports say that one group, seeking retribution for some perceived wrongdoing, contacted a known swatter in Los Angeles and convinced him to act on their behalf. The swatter placed a call, spoofing his telephone number, to an administrative line at city hall in Wichita, Kansas, and a security guard transferred the call to 911. The caller told the 911 telecommunicator that he had shot his father in the head, was holding his mother and sister at gunpoint, had doused the house with gasoline, and was contemplating setting the building ablaze.

The telecommunicator dispatched a police response to the address provided by the caller. When police arrived, a 27-year-old man answered the door, and immediately was told to raise his hands and walk toward the officers. Regrettably, he lowered his hands to his waist, and an officer found the action threatening enough to fire a single shot at the man, killing him.

When one stops to mull this for a moment, especially considering the type of response that is dispatched to such incidents, it seems amazing that a swatting death has not happened before.

As if this event wasn’t tragic enough, the man had nothing to do with the online gaming dispute. In fact, he reportedly wasn’t a gamer at all—the swatter had provided a wrong address for the actual swatting target.