EAS Hacked at TV station Zombie Alert

[oldiesstation]

http://www.huffingtonpost.com/2013/02/11/krtv-fake-zombie-alert_n_2665469.html

[Trent]

I would be very curious as to whether this was a true hack or if it was more of a social engineering and/or inside job.  Has anyone seen any more details on this?

[kenglish]

They got in to KSL-Radio in Utah. It was not forwarded by the live staff on the mains, but was auto-forwarded on the HD2 channels.
It looks like it came through proxy servers. IP addresses were QWEST, but showed satellite as the "location". There were two different IP addresses...one logged on, the other logged out ten minutes later.
Both IP addresses are known spam-bots.

This may have been a commercial for a new zombie movie that is coming out this week.

NBC "Today Show" just played the whole thing this morning, including two-tone attention signals, duck-fart data, and part of the "message". Duh!

[JohnnyElectron]

I fail to understand why the engineers don't 'clock somebody' at these stations when they run the actual EAS tones - obviously they either need to alter their frequency to prevent further EAS trickle-down, delete them and their 'duck farts' or mutes the tones completely.  This isn't the 1st, nor the last time.  They did the same stupid thing with the 11/9/11 EAN test - run the tones over the air to show how it got stuck.
This is why everybody used to have to take the 3rd Class Radiotelephone license test - so they could prove that they had one ounce of thought before putting something over the air.

[grich]

...NBC "Today Show" just played the whole thing this morning, including two-tone attention signals, duck-fart data, and part of the "message". Duh!

Idiots at NBC...first they serve up lousy low-rated programming, then open their affiliates up to possible fines...again!

[Bill981]

C'mon.  How many broadcast reporters:
1.  Actually know there are FCC Rules & Regulations.
2.  Know the content that applies to them.
3.  Actually care what happens to their affiliates?

The Commission should investigate that incident and cite every NBC affiliate that aired that portion of the Today show.  Since they can't do anything to the network because they're not a licensee, let's take it out on the little guys who didn't even see it coming!

[dumber than a box of hair]

I would be very curious as to whether this was a true hack or if it was more of a social engineering and/or inside job.  Has anyone seen any more details on this?

Yes.  It was not a hack, or an exploit of a security defect in the box.  It was a textbook example of what happens when you don't change the default password for the EAS box.  Network Security 101.

[Lazy J]

...and to add insult to injury. The EAS obviously wasn't installed correctly because it should have cutoff the show audio while the EAS message is being aired.

Personally, I think it was either a hoax or an inside job. Too many variables that couldn't be controlled by a hacker through a web interface. A hacked weekly test, sure. But a hacked civil emergency WITH AUDIO perfectly coordinated, nope... not buying it.

[dumber than a box of hair]

The FCC issued the following statement this evening:

As you may be aware, there was an unauthorized use of EAS equipment in several states alerting to a “zombie attack”. 
 
The FCC is concerned that another unauthorized use may occur during tonight’s State of the Union.
 
Please have your stations’ master control personnel standing by.
 
Below is the FCC’s JUST RELEASED ADVISORY containing instructions on how to take immediate action.
 
 
Urgent Advisory:  Immediate actions to be taken regarding CAP EAS device security.
 
All EAS Participants are required to take immediate action to secure their CAP EAS equipment, including resetting passwords, and ensuring CAP EAS equipment is secured behind properly configured firewalls and other defensive measures.  All CAP EAS equipment manufacturer models are included in this advisory.
 
All Broadcast and Cable EAS Participants are urged to take the following actions immediately
 
1.            EAS Participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts. 
2.            EAS Participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.
3.            EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.
4.            If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device’s Ethernet connection until those settings have been updated.
5.            EAS Participants that have questions about securing their equipment should consult their equipment manufacturer.

[grich]

C'mon.  How many broadcast reporters:
1.  Actually know there are FCC Rules & Regulations.
2.  Know the content that applies to them.
3.  Actually care what happens to their affiliates?

The Commission should investigate that incident and cite every NBC affiliate that aired that portion of the Today show.  Since they can't do anything to the network because they're not a licensee, let's take it out on the little guys who didn't even see it coming!

At least some of my newsroom knows...'cause I told 'em!

We expressed our displeasure to our NBC rep...not that it would do any good.