https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

The setup

The setup

  • Written by Urgent Communications Administrator
  • 19th September 2018

Computer systems are attacked for two general reasons: they are specifically targeted by attackers, or they are a target of opportunity. The first type of attack has nothing to do with the system itself, but rather what the attacker is specifically after, e.g., details that are useful in the planning of a heist. The second type of attack primarily focuses on system vulnerabilities, with little regard for the organization.

For example, an attacker may comb the Internet for companies that use Zen Cart 1.3.0.2, a popular online shopping cart, and exploit those using SQL injections, a type of attack that identifies vulnerabilities in an application’s software and then inserts malicious code into the program. Retailers are particularly prone to such attacks. The attackers don’t care that the site is a non-for-profit helping hungry children, for instance, only that it is vulnerable and that sensitive data such as credit card information can be stolen from it.

On that note, the press conference was informative in more ways than the mayor anticipated. The topics covered were encouraging not only to the community at large that would benefit from the expanded emergency services, but also to the cybercriminals that now had an open door into the once-closed 911 networks. During the press conference, the mayor personally thanked, by name, the different private companies whose tireless efforts made the initiative a reality. Unwittingly, she disclosed enough information for the cybercriminals to start their research.

The Computing Technology Industry Association (CompTIA) describes the four stages of a cyber attack as reconnaissance, scanning, researching vulnerability, and performing the attack. Each of the stages can cycle back to another stage as the attack penetrates an organization. In this scenario, the attackers were very deliberate, targeting the NG-911 internetworks and the vulnerabilities their implementation could create. CompTIA describes reconnaissance as the information-gathering stage for attackers to gather any data that can prove useful. They comb through websites, news groups, and domain registrations—pretty much anything that will show them where the doors are, and provide clues as to what might be on the other side.

The mayor unknowingly—and erroneously—provided information during the press conference that gave the attackers several opportunities, by mentioning that NG-911 services could be accessed via e-mail. Of course, e-mail delivery currently isn’t an option because there is no location capability and they can be delayed by hours, minutes or days—or not delivered at all—which would significantly hinder emergency response.

Nevertheless, the mayor’s proclamation resulted in a flood of e-mails from the public, which wanted to test the system. Unfortunately, it also resulted in an advanced persistent threat (APT)—specifically, spear-phishing attacks aimed at the Sheriff’s Office.

Spear-phishing attacks, which are specially crafted e-mails sent to specific individuals from a target organization, account for 91% of targeted attacks, according to TrendLabs, the research-and-development arm of cybersecurity solutions vendor Trend Micro. These e-mails are designed to look like legitimate e-mails, but contain links and/or attachments that are infected with malware. The good news was that those attacks were blocked because the Sheriff’s Office had the appropriate cybersecurity measures in place.

The mayor also had mentioned during the press conference that surrounding agencies would have direct access to each other’s networks—she even provided approximations as to when they would be online and participating with NG-911 services. The bad news is that these smaller agencies generally lack the IT resources of the Sheriff’s Office.

All of the surrounding agencies received e-mails with a PDF attachment entitled “Compliance Requirements for Next-Generation 911 Services,” which appeared to originate from the Sheriff’s Office. The document served as a decoy while the malware was installed; once in place, the malware awaited instructions from a malicious command-and-control server controlled by the attackers. (See Figure 1 for a description of a spear-phishing attack.)

Figure 1–Spear-phishing infection chain

Source: Trend Micro

These attacks were particularly troublesome because the attackers were able to install a rootkit, which helped to hide the remote access Trojans (RATs) from detection. Adding a second layer of obfuscation, the attackers used a family of RATs referred to as “FAKEM” for their ability to disguise themselves as other protocols.

Further, because the attackers knew which vendors were involved in the NG-911 rollout—they simply looked up the government contracts, which routinely are posted online—they were able to research the vendors’ software to identify vulnerabilities or design flaws that could be exploited.

For example, PSAPs across the U.S. have used Geographic Information System (GIS) services in order to improve emergency response for decades. NG-911 further enhances theses services by layering multiple datasets from external sources, such as traffic analysis, to further reduce emergency response times. The attackers were able to use the standard features of GIS to their advantage. For testing purposes, the vendor had identified a default agency, and had configured the system so that any test calls assigned to this agency would close automatically. This agency was assigned all of the calls generated from the Diamond Exchange during testing.

Another standard feature of any 911 system is to route inbound calls to the operator covering a specific geographic area. The attackers were able to use the system application programming interface (API), which was documented on the vendor’s website, to simulate the coverage area of the aforementioned default agency.

As a test, the attackers created a GIS boundary around an abandoned field and assigned its jurisdiction to the default agency. They then simulated a burglar alarm from the field’s address, which automatically was routed to the default agency and closed in the database. The attackers’ final preparations included the creation of a small “zombie army.” This army can be any number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam and viruses) to other computers connected to the Internet. The compromised systems of those agencies participating in the NG-911 deployment are an example of a zombie army.

Tags:

Related Content

  • Analysts warm to Anterix
  • Preinstalled firmware updater puts 128 Dell models at risk
  • Ericsson report finds 5G investment increasing
  • Storms & Silver Linings: Avoiding the dangers of cloud migration

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

How AT&T won DFW Airport’s $10 million private 5G business dlvr.it/Spj4Pt

27th May 2023
UrgentComm

Russia’s war in Ukraine shows cyberattacks can be war crimes dlvr.it/Spj3c2

27th May 2023
UrgentComm

FCC grants 700 MHz Band 14 license renewal to FirstNet Authority dlvr.it/Spj2Ny

27th May 2023
UrgentComm

Broadband for Critical Communications Everywhere Providing Connectivity When Seconds Count dlvr.it/Sph602

26th May 2023
UrgentComm

How vehicle insurance and autonomy intertwined dlvr.it/SpglBb

26th May 2023
UrgentComm

World’s least-expensive self-driving vehicle revealed dlvr.it/Spgc88

26th May 2023
UrgentComm

Voice calling is finally making its way onto 5G dlvr.it/SpdtYW

26th May 2023
UrgentComm

With many cities facing a fiscal cliff as ARPA funding ends, debt ceiling debate continues on Capitol Hill dlvr.it/Spdsnq

26th May 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.