In aftermath of 911 cyberattack, officials ask public to prepare if it happens again

Matthew Rink, Erie Times-News
·6 min read

The calls were coming from inside the county.

They came in, one after another after another.

And each time they were answered, no one was on the other end.

What happened Sunday in Erie County wasn't the stuff of horror films, but it did create a nightmare scenario for those who were the target of the attack.

Every 7 seconds for five hours a deactivated wireless device called and then hung up on dispatchers at Erie County's 911 Center on Oliver Road in Summit Township.

The calls congested the phone lines, preventing anyone in Erie County from using a cell phone to dial 911 from 8:55 to 10:40 p.m. Sunday, when a temporary fix resolved the matter. Even then, the calls kept coming until 2 a.m. Monday. Officials declined to say why or how the calls stopped.

The suspected attack came just two weeks after the websites of major U.S. airports, including Atlanta’s Hartsfield-Jackson International Airport and the Los Angeles International Airport, fell victim to a similar breach by the pro-Russian hacker group Killnet, according to The Associated Press.

More:Update: Cyberattack suspected in Erie County 911's nearly 2-hour service malfunction

More:Corry School District says ransomware attack may have exposed data on staff, students

How they work

Known as "distributed denial-of-service attacks," such attacks are meant to disrupt and disable the operations of their intended target by flooding them with junk data or — in Erie County's case — hundreds of repeated phone calls from a deactivated wireless device, which connected to 911 through a cellular tower in the city of Erie.

Cloudfare, a San Francisco-based content delivery network that specializes in mitigating distributed denial-of-service attacks, released a report this week that showed an increase in these types of attacks in the third quarter over the same period last year. It also reported that such attacks are growing in volume — larger amounts of data moving more quickly — and are more complex.

They target servers, services or networks by overwhelming them with this "flood of Internet traffic," according to the report.

"To be effective, these attacks require threat actors to take control of online computers, routers, (Internet of Things) devices or other endpoints to leverage as sources of attack traffic," the Cloudfare report says. "These machines are infected with malware and then weaponized in a 'botnet' that is activated by remote control.

"When the IP address of a targeted server or network is established, each bot sends simultaneous requests to thattarget with the intention of pushing it to overflow capacity, resulting in a denial-of-service to normal traffic," the report says. "Since each bot is a legitimate device, separating attack traffic from legitimate traffic can be extremely difficult."

In 2021, the FBI warned against the use of telephony denial-of-service attacks, which specifically target phone lines.

These types of attacks, the FBI noted, have evolved. Initially, they involved individuals who used social networks to encourage other bad actors to manually flood phone systems with calls, but now the attacks are most often automated. They use malicious software to make hundreds of calls either simultaneously or in rapid succession, the FBI reported.

"Numbers and call attributes can be easily spoofed," the FBI said in a Feb. 17, 2021, public service announcement, "making it difficult to differentiate legitimate calls from malicious ones."

Effect on Erie County services

Erie County Public Safety Director John Grappy and 911 Coordinator John Durlin on Monday detailed how the county's infrastructure helped them, as well as officials from the Pennsylvania Emergency Management Agency and the vendor of 911 call-answering technology, Comtech Telecommunications Corp., resolve the matter.

First, even though cell phone and other wireless device users couldn't reach 911 dispatchers by dialing the emergency number, they could still text message for help. Landline phones also worked.

As the 911 system was overwhelmed, dispatchers fielded 18 calls from landlines or to the 911 Center's 10-digit number. Durlin said there did not appear to be any delay or other adverse impact on safety service agencies' ability to respond to those calls.

Second, the cyberattack did not disrupt police officers, firefighters, paramedics and other first responders' ability to communicate with each other over Erie County's new $26.5 million Next Generation Public Radio System.

And third, the county's changeover on Sept. 27 to the similarly named Next Generation 911 system was not a part of the problem, but rather the solution. PEMA has been working on the new system for several years. In November 2020, PEMA awarded the $175.1 million contract to Comtech for the design, installation and operation of the system. Erie County was among the first four counties in the state to transition to it.

Durlin said the county could have suffered a similar cyberattack under its old legacy system for call-answering, but it would not have been able to isolate the robocalls or expand the available number of lines capable of receiving emergency calls.

"If you said you need 50 more phone lines, you could never have someone come out and give you 50 more phone lines in the middle of the night," he said of the former system. "With Next Generation 911, the capability does exist."

Dispatcher Dan Fitzpatrick is shown, on Oct. 24, 2022, at the Erie County Department of Public Safety's 911 Center on Oliver Road in Summit Township.
Dispatcher Dan Fitzpatrick is shown, on Oct. 24, 2022, at the Erie County Department of Public Safety's 911 Center on Oliver Road in Summit Township.

The public should be prepared

Though officials are taking steps to mitigate the risk of a repeat, there's no way to ensure that such an attack won't happen again, especially as technology evolves and bad actors improve their craft.

"The possibility is there," Durlin said Monday. "This isn't the first place in the nation to have this type of attack."

Durlin said the public should be prepared — rather than concerned — for the potential of a future attack.

Save in your phone contacts:

  • The local, non-emergency numbers of your nearest police departments and fire stations.

  • The administrative phone line for the Erie County 911 Center, 814-868-7911.

  • If you don't have a landline phone, go to their local police or fire department in an emergency.

On Sunday, the county sent out notices to the news media about the outage and PEMA later activated the Integrated Public Alert & Warning System and the Wireless Emergency Alert System to notify the public. Officials asked volunteer firefighters to man their stations in case anyone showed up in need of help.

"It's unfortunate," Grappy said. "Ultimately, someone who truly needs that service that's having some type of an emergency ... is unable to call us. That's a concern for all of us."

Matthew Rink can be reached at mrink@timesnews.com or on Twitter at @ETNRink.

This article originally appeared on Erie Times-News: Erie Co. 911 cyberattack: What happened, how to prepare for next time