Tornado sirens in two Texas cities taken offline in advance of a major storm

Hacked tornado

City authorities have taken offline tornado sirens hacked in front of the major storm. Fortunately, they haven’t been needed. In the middle of the night of last week, a hacker set off the tornado emergency sirens across two towns in North Texas. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system one day before the area was struck by major storms and potential tornados.

The incident affected DeSoto and Lancaster, two cities in Dallas County, Texas, both south of the main metropolitan area of Dallas.

On the night of 12 March from 02:30 to 04:00 am (local time), a hacker launched the tornado sirens of two cities waking locals in the middle of the night.

More than 30 sirens went on and off, 10 from DeSoto and 20 from Lancaster.

Some residents also reported alarms in the vicinity of Red Oak, Cedar Hill and Glenn Heights, but the incidents did not affect cities as a whole and the sirens did not shine for hours. The false alarm caused panic in both cities because local residents were already at their seats on incoming storms.

The city had tornado alarm sirens tested a week earlier, but the tests were completed in the middle of the day. According to CBS Dallas, officials at DeSoto and Lancaster who had investigated the incident have confirmed that the two emergency alarm systems were hacked and started “intentionally” except for the possibility of a freak technical accident simultaneously in the two cities.

“Due to the extensive impact on outdoor sirens in two separate cities including Lancaster, it has become apparent that a hostile person or people deliberately targeted our outdoor siren alert network,” Lancaster officials said in a statement. “Sabotage of a public alert system is more than just vandalism. It is a criminal act and the perpetrators have been arrested and prosecuted,” officials said. The following morning, the two hacked systems were taken offline and have since remained offline.


Bad weather, including storms and potential tornados, was announced. The next night, 13 March, a severe thunderstorm struck the two cities. Thunderstorms are known to have produced short tornadoes, but luck had it that there was no tornado that day and hit the cities.

The tornadoes are common in Texas because of the state of Tornado Alley and the tornado season has started officially from March to May, when most tornadoes occur. Nevertheless, on March 13, a tornado did not form and fortunately, the sirens were not needed. The powerful storm struck both towns hard, and the whole Dallas area, knocked down trees, destroyed homes, and left many neighborhoods without power.


This is not the first time such events occurred in Dallas County. In April 2017, a hacker exploited a’ radio issue’ to release 156 tornado sirens for hours in the middle of the night through the city of Dallas.

Dallas city officials responded by adding encryption to the sirens controlled by the radio signal to prevent any amateur radio fan from capturing the control signal. DeSoto and Lancaster tornado sirens are not part of the emergency Dallas tornado system.

According to the map, therefore, they did not have the same protection.

In April 2018, Bastille security researchers reported the vulnerability of SirenJack to a popular emergency alert system. SirenJack might enable hackers to hide sirens and trigger alarms.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.