Baltimore 911 dispatch system hacked, investigation underway, officials confirm

Baltimore’s 911 dispatch system was hacked by an unknown actor or actors over the weekend, prompting a temporary shutdown of automated dispatching and an investigation into the breach, Mayor Catherine Pugh’s office confirmed Tuesday.

James Bentley, a spokesman for Pugh, confirmed that the Sunday morning hack affected messaging functions within the computer-aided dispatch, or CAD, system, but said the mayor would not otherwise comment on the matter Tuesday.


Dave Fitz, an FBI spokesman, said his agency was aware of the breach and provided some technical assistance to the city.

City personnel “identified a limited breach” of the CAD system, which supports the city’s 911 and 311 services, about 8:30 a.m. Sunday, Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said in a statement.


Johnson said 911 and 311 “were temporarily transitioned to manual mode” and continued to operate without disruption.

“This effectively means that instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually,” Johnson said.

City personnel were able to “isolate and take offline the affected server, thus mitigating the threat” of the hack, Johnson said.

The CAD system was fully restored by 2 a.m. Monday after “a thorough investigation of all network systems,” Johnson said.

Baltimore Police Commissioner Darryl De Sousa said he was made aware of the hack “almost at the onset,” and police commanders deliberately “shut down a lot of our systems so we weren’t compromised to a higher level,” he said.

De Sousa said there was “no slowdown” in terms of police response to crimes due to the hack. He referred all other questions to the mayor’s office.

The mayor’s office did not respond Tuesday to questions about what information might have been compromised, the specific nature of the hack, whether there are any suspects, or if there have been any other attacks on the city’s emergency response systems in recent years.

“This is an active investigation,” Bentley said. “Getting into further details could compromise the investigation.”


The Baltimore hack comes against a backdrop of increasing hacking of municipal and other systems across the United States. Employees of the city of Atlanta turned their computers on the first time Tuesday since a cyberattack Thursday paralyzed that city’s online bill payment system, with hackers demanding a $51,000 payment in bitcoin to unlock it. Last month, the Trump administration accused the Russian government of a concerted effort to hack U.S. utilities and the nation’s power grid.

In Baltimore, the CAD system automatically populates 911 callers’ locations on mapping systems and makes connecting them with the closest emergency responders more efficient — especially when callers from mobile phones don’t know where they are or are confused about their exact location.

Such systems also send information being taken by dispatchers directly to first responders in some cases, and log information for data retention and records.

When a CAD system isn’t working, as Baltimore’s wasn’t on Sunday, dispatchers must revert to taking a caller’s information verbally, with nothing to reference it against to make sure it’s accurate, said Brian Fontes, the CEO of NENA, an association that represents 911 professionals across the country.

“It’s much less efficient,” Fontes said.

While such systems do not store much personal or financial data like that targeted in other high-profile hacks, they can contain some medical information and provide back-door access to important mapping systems used by cities like Baltimore.


They are also critical to a city’s ability to respond to other disasters.

“If I’m a bad actor out there and I wanted to do some real harm beyond the 911 center, one of the main things I would want to do is bring down the 911 center,” Fontes said. “If there were a concerted attack of some sort, you want to make sure that your 911 centers are up and running because they are your dispatch centers for emergency responses.”

Breaking News Alerts

Breaking News Alerts

As it happens

Be informed of breaking news as it happens and notified about other don't-miss content with our free news alerts.

Operators of 911 centers around the country have been coming to terms with their systems’ vulnerabilities to cyberattacks as more attacks have been reported, Fontes said.

The U.S. Department of Homeland Security warned of the problem in 2015, noting that the move by 911 centers and other “public safety answering points,” or PSAPs, to internet-based systems meant “an increase in their vulnerability to cyber attack.”

“News reports of successful government website hacks appeared frequently over the past year, with several hacktivist groups openly targeting cities and local government for political reasons,” read the alert from the Emergency Management and Response Information Sharing and Analysis Center, which falls under the U.S. Fire Administration and the Federal Emergency Management Agency.

“While PSAPs don’t hold valued information like credit card numbers or Social Security numbers, they do often house names and addresses and sometimes medical records,” the alert read. “This information can be combined and can be used to help a hacker get the more damaging information.”


Some attacks on 911 systems use compromised mobile devices to send a deluge of calls to 911 centers, overwhelming them. Others take control of a system and demand a ransom for its release as happened with Atlanta’s payment system.

It’s not clear what the Baltimore hack entailed.

Fontes said his organization stresses “redundancy and resiliency,” and many centers are moving to “next generation” technologies that allow them to operate on back-up systems, or virtually, in cases of attack.