Hack of Baltimore’s 911 dispatch system was ransomware attack, city says
The hack that forced Baltimore’s 911 dispatch system to be temporarily shut down over the weekend was a ransomware attack, city officials said Wednesday.
Such attacks — another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then demand payment, or ransom, for their release.
Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said he was not aware of any specific ransom request made by the hackers of Baltimore’s network, but federal authorities are investigating.
“The systems and the software and the files are all being investigated by the FBI right now,” Johnson said.
No personal data of city residents was compromised, he added.
Dave Fitz, an FBI spokesman, could not be reached Wednesday. On Tuesday, Fitz said the agency was aware of the breach and providing assistance to the city, but otherwise declined to comment.
The attack infiltrated a server that runs the city’s computer-aided dispatch, or CAD, system for 911 and 311 calls. The system automatically populates 911 callers’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching. It also relays information to first responders in some cases and logs information for data retention and re- cords.
The breach shut down the CAD system from Sunday morning until Monday morning, forcing the city to revert to manual dispatching during that time. While the city’s 911 calls are normally recorded online on Open Baltimore, the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn’t resume recording them again until 7:42 a.m. Monday.
Johnson said the attack was made possible after a city i nformation technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port, or a channel to the internet, open for about 24 hours, and hackers who were likely running automated scans of networks looking for such vulnerabilities found it and gained access.
“I don’t know what else to call it but a self-inflicted wound,” Johnson said. “The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”
Once the “limited breach” was identified, city information technology crews “were able to successfully isolate the threat and ensure that no harm was done to other servers or systems” on the city’s network, Johnson said. And once “all systems were properly vetted, CAD was brought back online.”
Johnson said the city “continues to work with its federal partners to determine the source of the intrusion.”