By Mark Greenblatt
WASHINGTON, D.C. — When 6-month-old Brandon Alex began to have trouble breathing in his Dallas bedroom in March, his babysitter called 911 three times and could not get through.
Brandon’s mother, Bridget Alex, remembers the frantic call she received from the sitter. “She was like, ‘I’ve called 911 like, I keep calling them and they keep hanging up on me.” Alex said that when the babysitter finally got through, she was placed on hold for more than 30 minutes.
Alex hurried home to find her baby barely breathing and her sitter still on hold with 911. She rushed Brandon to the emergency room and he later died.
“This is a pain that will never go away,” she said.
What Bridget Alex didn’t know at the time was that her babysitter’s 911 call was one of hundreds put on hold in Dallas that night. A month earlier, Dallas police announced the city had experienced “issues” with “multiple 911 hang-up calls” made from mobile devices “without the users’ knowledge.”
It’s unclear whether a faster response would have saved Brandon’s life. What is clear is that Dallas is not the only city in the nation with a system that can’t distinguish between a live caller and a hang-up or a glitch in the system.
Experts and government officials say 911 systems across the country are dangerously outdated and putting lives at risk, while 911 fees consumers pay on monthly phone bills to maintain and upgrade the systems are often diverted by states for other uses. In fact, Scripps found that two dozen states were named “diverters” by the FCC at least once from 2008-2015, and some were repeat offenders. Experts warn that the nation’s antiquated patchwork of 911 systems is an easy target for hackers who want to wreak havoc and criminals who want to hijack 911 and demand a ransom.What happened last October in Arizona is an example of the vulnerabilities to the 911 system. Meetkumar Desai, 19, is not old enough to order a beer in his home state of Arizona, but police said he discovered and released malicious code that affected 911 systems as far away as California and Texas.
Records released to Scripps News by the Maricopa County Sheriff’s Office show Desai included a link in a tweet that drove followers to an “app” he created with the code. Once clicked, investigators noted, the app “appeared to corrupt the user’s (phone)…causing the device to call 911 more than a dozen times in just a few seconds.” Within a few hours, emergency officials were flooded with phantom or “ghost calls.”
The Maricopa records show the teenager told investigators he had created “three versions of the same bug” and initially had intended to send his discoveries to Apple, which pays a “bug bounty” to security researchers who reveal threats to Apple’s iOS operating system. The bounty program is a common way technology companies encourage “white hat” hackers to report security problems that more nefarious actors might want to exploit.
Desai is currently awaiting trial on felony charges in Arizona.
Just how serious is the risk?
“I would say 99 percent of the U.S. population is vulnerable to these sorts of attacks,” said Trey Forgety, government affairs director for the National Emergency Number Association. NENA is the trade association representing government agencies and private firms involved in the emergency call system. Forgety said the majority of 911 systems in America still route emergency calls through hardware so old it is no longer supported by manufacturers. Fixes are costly and have been long delayed because, unlike installing a software update on your cell phone, the solution is to replace the hardware and upgrade the entire system, he said.
An estimated 70 percent of emergency calls are now made via cell phone, but most states and localities don’t have sufficient technology to defend against abuse or software glitches that can cause cell phones to call 911 repeatedly and clog the entire system.
One reason: Each 911 call moves through the switch and towards the 911 call center on something called a “trunk,” which is similar to a phone line. But the older 911 switches that remain commonplace can only support one call for every available trunk. When calls flood a system, they can use up all available lines, meaning a call to 911 from someone experiencing a real emergency might never get through.
Researchers from Ben Gurion University in Israel found an entire state’s system could be easily taken offline when a relatively small group of cell phones, infected with malicious code, place repeated calls until the system clogs.
“What the researchers found was that a trivial number of 911 calls from a small number of compromised devices … would be able to take down not just one 911 center, but actually many 911 centers across a region,” Forgety said.
A system under siege
Ransomware attacks that have paralyzed businesses, governments and even hospitals have not spared 911 systems.
Ransomware is malicious software created by criminals to penetrate a network, encrypt crucial data and block access until a ransom is paid.
The 911 system in Tarrant County, Texas, got hit with ransomware but did not pay a ransom. The county had backup files it used to restore service promptly. Many 911 systems, however, are not as prepared, and some “have paid ransoms to get their data back,” Forgety said.
Forgety declined to name 911 systems that have paid ransoms for fear they would continue to be targets. There have been reports of some places paying a ransom to unlock their systems. “In some cases the amount of ransom has been relatively small, $3,000, $5,000. In others it’s been as large as $10,000 to $12,000,” Forgety said.
A cheated system
Members of Congress and emergency call officials have long sought to upgrade the nation’s 911 systems to something called Next Gen 911. No system, however modern, can be guaranteed to block all attacks. However, Next Gen 911 would allow callers to send video and texts to operators and help differentiate their communications from phantom calls.
A nationwide transition is expected to cost billions. Customers are charged a special fee on their phone bill to help pay for maintaining and upgrading 911 emergency systems. Depending on the state and the type of line, according to the latest FCC report, the fee can range from 20 cents to $5. The problem is, however, states have routinely diverted money intended for 911.
FCC Commissioner Michael O’Rielly said state governments have been getting away with the “unconscionable” act of collecting surcharges on phone bills to support 911 systems, and then “diverting” the money for other uses.
“In reality states are downright lying to consumers,” O’Rielly said.
A Scripps analysis of FCC reports shows that between 2008 – 2015, 24 states and two U.S. territories have been named by the FCC as being diverters, with more than one billion dollars collected from consumers in 911 fees being redirected to pay for something the FCC considers unrelated to 911.
As far back as 2002 an audit by then New York Comptroller H. Carl McCall criticized the state police for spending 911 funds on dry cleaning, conferences, pens, decals and garbage removal. Getting called out publicly did not stop the diversion. In the FCC’s eight most recent annual reports to Congress on 911 fees, the commission has named New York a diverter, with records showing $272 million in 911 fees diverted between 2008-2015.
Kristen Devoe, director of public information for the New York Division of Homeland Security and Emergency Services, defends the state and says “since 2010 alone, the division has distributed more than $48 million in grants to counties specifically to support operations and improvements for 9-1-1 operations.”
The FCC’s O’Rielly says diversion of 911 fees, by any state, has become a threat to homeland security. “The 911 system is part and parcel of the homeland security network,” he said. “That may be the first place you get a call regarding a terrorist incident.”
He says states that divert funds should not receive future federal homeland security grants. “That’s something that I would have a deep problem with. I don’t see how you would not address that issue,” O’Rielly said – noting that Congress would have to step in to help solve the problem.
The FCC investigates outages in 911 systems nationwide and has issued fines in the past to carriers such as T-Mobile, which Bridget Alex is now suing after the breakdowns in Dallas. T-Mobile blames the City of Dallas for understaffing and antiquated technology that couldn’t recognize false calls. Dallas officials would not respond to repeated requests for comment, but did provide a link to an alert sent in February.
The FCC has limited jurisdiction over how local and state governments collect and spend 911 fees. O’Rielly told Scripps that if regulated businesses acted in the same manner some diverting states have, “we absolutely would throw the book at them.”
This story is the result of a three-month Scripps News investigation led by Mark Greenblatt, senior national investigative correspondent. You can email Greenblatt and follow him on Twitter @greenblattmark. Producer Mark Fahey created the interactives.