DHS: Teenager’s malware disrupted 911 call centers in 12 states
Emergency 911 call centers located in at least 12 different U.S. states, including Arizona, Washington and California, were recently the target of a widespread distributed denial of service attack that disrupted normal services, Department of Homeland Security officials tell CyberScoop.
While local media outlets in some cities reported the occurrence of separate emergency call center outages, CyberScoop has learned that multiple incidents are linked to a single actor.
DDoS attacks launched in late October were aimed at public service answering points, or PSAPs, in multiple geographic areas. PSAPs are call centers responsible for police, firefighting, and ambulance services.
Several U.S. 911 emergency call centers said they were flooded with fake phone calls late last month. The immense volume of connection requests nearly put authorities in Arizona “in immediate danger of losing service to their switches,” according to an official statement. Operators could not distinguish fake, incoming requests from genuine calls for help.
Each DDoS attack relied upon a network of infected iPhones. Once compromised, the smartphone would automatically and repetitively send calls to the nearest emergency call center.
A teenage hacker arrested in Arizona’s Maricopa County is supposedly responsible for originally creating and then sharing the malware used to infect the devices. This virus — which when downloaded would gain total access of a device — was spread through people sharing it on social media and several other websites, investigators said. One of the websites that hosted the computer virus had reached nearly 150,000 page views before being shut down.
The 18-year-old arrested in Arizona is named Meetkumar Hiteshbhai Desai, according to charging documents. He claimed that his intentions were “to make a non-harmful, but annoying bug.” He was booked on three counts of computer tampering.
An FBI spokesperson and The Maricopa County Sheriff’s Office declined to comment.
A release from the Maricopa County Sheriff’s Office reads: “[Desai] told investigators he had an online friend that provided him with a bug that they thought they should look into and tweak. Meet looked at the bug and discovered that he could manipulate the function and add annoying pop ups, commands to open email, and activate the telephone dialing feature on iOS cell phones by utilizing a java script [sic] code that he created.”
The teenager’s computer virus spread like wildfire because it was shared multiple times over by social media users on Twitter and YouTube, among other platforms. As a result, in a short period of time, the malware-laden link was quickly clicked numerous times by different people across the internet in different U.S. states.
On Oct. 26, Olympia, Wa.-based media outlet The Olympian reported that a Thurston County man had been arrested for sharing a link containing Desai’s malware. Charges against the unnamed man have yet to be made public. He reportedly told investigators that he was unaware of the damages caused.
“We believe the cyberattack in Thurston County was connected to other similar occurrences throughout the nation,” said Keith Flewelling, executive director of Thurston 911 Communications. “We are taking all reasonable and available precautions to mitigate cyberthreats. Cybersecurity is a high priority for the State of Washington’s E911 Coordination Office.”
DHS first began investigating the string of emergency call center outages shortly after original reports came from a local agency. Since then, DHS has been disseminating relevant information through multiple partners including the FCC, the Association of Public Safety Communications Officials, the National Emergency Number Association, the National Association of State 911 Administrators, and the National Fusion Center Association, along with all major telecom companies.
“The Department of Homeland Security continues to work with federal, state and private sector partners to mitigate the effects of recent Telephone Denial of Services attacks affecting Public Service Answering Points in various states,” said DHS spokesperson Scott McConnell.