Distributed denial-of-service (DDoS) attacks have nearly become a household word in recent years following several large-scale, headline-grabbing incidents. For those who don't know, a DDoS attack floods a site or service with numerous fraudulent requests until it crashes, thereby preventing legitimate users from accessing the site or service. This technique has been a favorite of low-level cybercriminals and hacktivists for years, but it seems that DDoS is continuing to evolve in strange and scary ways.
New research shows that emergency call centers are vulnerable to DDoS cyberattacks, meaning that 911 callers might not get the emergency assistance they need in a crisis.
If you are facing a crisis moment of your own due to hackers or data breach, cyber insurance providers like CyberPolicy can mitigate the financial damages.
Who You Gonna Call?
Researchers at U.S. News & World Report created a detailed simulation of North Carolina's 911 infrastructure, along with a general simulation of the entire nation's emergency call system. What they found was that a mere 6,000 infected mobile phones dialing 911 could significantly impede the system. On the national level, just 200,000 hijacked phones could have a similar effect.
Trey Forgety, the director of government affairs for the National Emergency Number Association, responded to the findings saying, "We actually believe that the vulnerability is in fact worse than [the researchers] have calculated."
But this isn't just some far-fetched nightmare scenario, it's already happening. In October 2016, an 18-year-old was arrested for allegedly carrying out a DDoS attack on the Surprise Police Department in Arizona. The attacker posted a bugged link to Twitter which, when clicked, would continually dial 911 and would not let the caller disconnect, resulting in hundreds of disruptive calls within the Phoenix area (and possibly elsewhere). The young hacker hoped to find acclaim for his discovery.
So, what's the solution? Well, frighteningly enough, there's no answer yet. 911's infrastructure is unlike most websites which can mitigate DDoS attacks by blocking bad IP addresses and redirecting phony traffic; but blocking a hacked phone number could prevent aid to someone who really needs it.
Not to mention that all mobile phone companies are required by law to forward all 911 calls directly to emergency dispatchers, even without an active account for obvious reasons. You shouldn't be denied crisis assistance just because you can't pay your phone bill or lack an active account.
While experts will need to tackle this issue before it becomes a bigger problem, it is probably valuable to consider the consequences of a 911 DDoS scenario. What if hackers cripple emergency phone lines during a terror attack? What if a crafty criminal enterprise crashes 911 while simultaneously carrying out a felony that cannot be reported? Or maybe it's simpler than that. What if a young prankster ties up 911, resulting in missed calls and loss of life? We cannot wait to address these concerns.
If our emergency services can be tied up by a DDoS attack, what chance does your business have? Investigate robust cyber insurance policies from reputable providers to reduce the financial damages of an attack.
Compare cyber insurance providers by visiting CyberPolicy today!