FW: Montana EAS hacked

From: "Tom Ray" <tomray@PROTECTED>

Date: February 12th 2013

From Radio World......

EAS experts are cautioning broadcasters to change the password of their Emergency Alert System because of three known hacking incidents.

The first occurred in Montana; today, we learn of two others in Michigan.

The SBE National EAS committee urges station personnel to make sure the password of their Web interface for their Common Alerting Protocol EAS encoders/decoders is different from the factory default to thwart more potential hacking incidents.

Several broadcasting Listservs are reporting attempts to hack into EAS encoders/decoders with the apparent intent of transmitting bogus alerts.

The first station says a bogus alert aired yesterday. KRTV(TV), Great Falls, Mont., says hackers breached their EAS and announced that there was an emergency in several Montana counties. “This message did not originate from KRTV and there is no emergency,” said the station on its website, which added that its engineers were looking into what happened and if other stations were affected as well.

The fake alert warned about “dead bodies rising from the grave, and attacking the living,” according to the Great Falls Tribune, which added that the fake alert was also on the station’s website and Facebook page before being removed.

One engineer in Salt Lake City said on the SBE EAS Listserv he headed off such an attack: “There was no record of anything received on the box (CAP or legacy) but there was a transmission about bodies rising from the grave under a CEM header. I headed it off before any of our main channel stations aired it but it did auto-forward to our HD2 channels, as such an ‘emergency’ should have.”

The Mining Journal in Marquette, Mich. reports the “zombie” bogus alerts aired on two television stations in the Upper Peninsula as well: WNMU(TV) and WBUP(TV).

WNMU GM Eric Smith told the Journal this morning authorities found the source of the hacking overseas and the loophole in his station’s system has been closed.

The FCC and FBI were reportedly involved in investigating the incidents, along with local and state authorities, according to the account. RW is trying to confirm that information.

Engineers stress that stations should ensure their IP network for any piece of gear is firewall-protected and has a strong password.

On Tue, Feb 12, 2013 at 3:01 PM, Marshall, George <GeorgeMarshall@PROTECTED> wrote:

Many have already seen this, but forwarding in case some haven’t… plus some sound advice from Richard Rudman (California LECC vice-chair) to our LA County EAS participants.

http://www.youtube.com/watch?v=nc60XPCXrh8&feature=youtu.be

Montana station’s EAS hacked — alert warns of zombie attack. In a disturbing breach of security, the details of which aren’t entirely known, a Montana television station says hackers broke into their Emergency Alert System yesterday. Viewers of Cordillera Communications’ KRTV-TV, Great Falls were warned that “dead bodies are rising from their graves” and that they were “attacking the living.” It went on to tell people not to “approach or apprehend these bodies as they are extremely dangerous.” At least four calls to police were logged. In a statement KRTV-TV says the message didn’t come from inside the station and it blames “hackers” for getting the bogus message on the air. “Our engineers our looking into the origin of the alert to make sure a similar occurrence does not happen again,” the station says. It’s not clear if any other stations were hacked or also aired the fake EAS message.

----
Lark Hadley
LA County EAS LECC

From: la_lecc@PROTECTED [mailto:la_lecc@PROTECTED] On Behalf Of Richard Rudman
Sent: Tuesday, February 12, 2013 11:35 AM
To: la_lecc@PROTECTED
Subject: Re: Montana EAS hacked

This and other accounts have been all over the lists today.

Here are some simple things everyone should do now to make sure they will not be hit by this kind of attack, or get themselves in trouble.

1. Make sure that the default factory passwords for the web interfaces for their EAS boxes have been changed to strong passwords.

There is a great password strength checker at: [ https://www.grc.com/haystack.htm ] Highly recommended by Leo LaPorte and other IT experts.

2. Also, no EAS devices should be connected directly to the Internet. Just like any internet device, it should be behind a NAT router with a firewall. Low end ones that provide adequate protection are available starting around $50.

3. Also, remind news departments not to relay stories about this that include actual EAS header codes and attention signals. Some stations have done this already. That's illegal.

My best advice is, "Always practice safe Internet!"

Richard

Subscription Reminder: You're Subscribed to: sbe15 using the address: tomray@PROTECTED

From: info@PROTECTED
SBE 15
New York,NY 10013

Manage Your Subscription » or, Unsubscribe Automatically »

--
Thomas R. Ray, III CPBE, AMD, DRB

AM Chief Engineer

WOR Radio

New York City

212-642-4462 fax: 212-921-4751

Ham Call: W2TRR

‹ FW: Montana EAS hacked

Index

FW: Montana EAS hacked ›

This mailing list is a public mailing list - anyone may join or leave, at any time.
This mailing list is a group discussion list (unmoderated)
Start a new thread, email: members@sbe15.com

The entire membership of SBE 15...or at least the email addresses we have :)

Privacy Policy:

By subscribing to the sbe15 mailing list you agree to allow SBE 15 to use your email for internal emailings only.Your email address will not be shared with any 3rd party.