-
Get involved.
We want your input!
Apply for Membership and join the conversations about everything related to broadcasting.
After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
If you use a disposable or false email address, your registration will be rejected.
After your membership is approved, please take a minute to tell us a little bit about yourself.
https://www.radiodiscussions.com/forums/introduce-yourself.1088/
Thanks in advance and have fun!
RadioDiscussions Administrators
EAS Hacked at TV station Zombie Alert
- Thread starter oldiesstation
- Start date
K
kenglish
Guest
They got in to KSL-Radio in Utah. It was not forwarded by the live staff on the mains, but was auto-forwarded on the HD2 channels.
It looks like it came through proxy servers. IP addresses were QWEST, but showed satellite as the "location". There were two different IP addresses...one logged on, the other logged out ten minutes later.
Both IP addresses are known spam-bots.
This may have been a commercial for a new zombie movie that is coming out this week.
NBC "Today Show" just played the whole thing this morning, including two-tone attention signals, duck-fart data, and part of the "message". Duh!
It looks like it came through proxy servers. IP addresses were QWEST, but showed satellite as the "location". There were two different IP addresses...one logged on, the other logged out ten minutes later.
Both IP addresses are known spam-bots.
This may have been a commercial for a new zombie movie that is coming out this week.
NBC "Today Show" just played the whole thing this morning, including two-tone attention signals, duck-fart data, and part of the "message". Duh!
I fail to understand why the engineers don't 'clock somebody' at these stations when they run the actual EAS tones - obviously they either need to alter their frequency to prevent further EAS trickle-down, delete them and their 'duck farts' or mutes the tones completely. This isn't the 1st, nor the last time. They did the same stupid thing with the 11/9/11 EAN test - run the tones over the air to show how it got stuck.
This is why everybody used to have to take the 3rd Class Radiotelephone license test - so they could prove that they had one ounce of thought before putting something over the air.
This is why everybody used to have to take the 3rd Class Radiotelephone license test - so they could prove that they had one ounce of thought before putting something over the air.
C'mon. How many broadcast reporters:
1. Actually know there are FCC Rules & Regulations.
2. Know the content that applies to them.
3. Actually care what happens to their affiliates?
The Commission should investigate that incident and cite every NBC affiliate that aired that portion of the Today show. Since they can't do anything to the network because they're not a licensee, let's take it out on the little guys who didn't even see it coming!
1. Actually know there are FCC Rules & Regulations.
2. Know the content that applies to them.
3. Actually care what happens to their affiliates?
The Commission should investigate that incident and cite every NBC affiliate that aired that portion of the Today show. Since they can't do anything to the network because they're not a licensee, let's take it out on the little guys who didn't even see it coming!
Trent said:
Yes. It was not a hack, or an exploit of a security defect in the box. It was a textbook example of what happens when you don't change the default password for the EAS box. Network Security 101.
...and to add insult to injury. The EAS obviously wasn't installed correctly because it should have cutoff the show audio while the EAS message is being aired.
Personally, I think it was either a hoax or an inside job. Too many variables that couldn't be controlled by a hacker through a web interface. A hacked weekly test, sure. But a hacked civil emergency WITH AUDIO perfectly coordinated, nope... not buying it.
Personally, I think it was either a hoax or an inside job. Too many variables that couldn't be controlled by a hacker through a web interface. A hacked weekly test, sure. But a hacked civil emergency WITH AUDIO perfectly coordinated, nope... not buying it.
The FCC issued the following statement this evening:
As you may be aware, there was an unauthorized use of EAS equipment in several states alerting to a “zombie attack”.
The FCC is concerned that another unauthorized use may occur during tonight’s State of the Union.
Please have your stations’ master control personnel standing by.
Below is the FCC’s JUST RELEASED ADVISORY containing instructions on how to take immediate action.
Urgent Advisory: Immediate actions to be taken regarding CAP EAS device security.
All EAS Participants are required to take immediate action to secure their CAP EAS equipment, including resetting passwords, and ensuring CAP EAS equipment is secured behind properly configured firewalls and other defensive measures. All CAP EAS equipment manufacturer models are included in this advisory.
All Broadcast and Cable EAS Participants are urged to take the following actions immediately
1. EAS Participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts.
2. EAS Participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.
3. EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.
4. If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device’s Ethernet connection until those settings have been updated.
5. EAS Participants that have questions about securing their equipment should consult their equipment manufacturer.
As you may be aware, there was an unauthorized use of EAS equipment in several states alerting to a “zombie attack”.
The FCC is concerned that another unauthorized use may occur during tonight’s State of the Union.
Please have your stations’ master control personnel standing by.
Below is the FCC’s JUST RELEASED ADVISORY containing instructions on how to take immediate action.
Urgent Advisory: Immediate actions to be taken regarding CAP EAS device security.
All EAS Participants are required to take immediate action to secure their CAP EAS equipment, including resetting passwords, and ensuring CAP EAS equipment is secured behind properly configured firewalls and other defensive measures. All CAP EAS equipment manufacturer models are included in this advisory.
All Broadcast and Cable EAS Participants are urged to take the following actions immediately
1. EAS Participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts.
2. EAS Participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.
3. EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.
4. If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device’s Ethernet connection until those settings have been updated.
5. EAS Participants that have questions about securing their equipment should consult their equipment manufacturer.
Lazy J said:
Certain Evertz logo inserters can make EAS crawls and perform the audio insertion. The menu allows you to set the amount of main audio ducking. That station appears to have chosen something other than totally muting main audio during EAS, which is stupid.
Lazy J said:
Whoever did it must have had SOME prior knowledge of the process.
Can the manuals for EAS equipment be accessed on the internet? That might be where the Hacker(s) figured it out. The internet is becoming (and really always been) useless for sensitive information or critical operations.
IMHO: all Radio,TV, cable OTA operations (including EAS), electric, natural gas, and water / sewer utilities, and their distribution networks should be normally working with out any internet connection. Someday (fill in terrorist or country) could really mess up the internet. If you are using a tunneling protocol device for your STL it would not work during a successful cyber attack. As a matter of national security, only microwave or dedicated phone circuits should be used for remote control the critical operations of broadcasters and utilities. STL circuits rates should have never been allowed to raise more than the inflation rate. Once installed unless damaged, these circuits cost the phone companies almost nothing to operate. The traditional land line phone systems have plenty of capacity now that a lot of folks are going "all cell" or are using the cable companies for phone and data service and this should not have a negative effect on their overall profitability.
IMHO: all Radio,TV, cable OTA operations (including EAS), electric, natural gas, and water / sewer utilities, and their distribution networks should be normally working with out any internet connection. Someday (fill in terrorist or country) could really mess up the internet. If you are using a tunneling protocol device for your STL it would not work during a successful cyber attack. As a matter of national security, only microwave or dedicated phone circuits should be used for remote control the critical operations of broadcasters and utilities. STL circuits rates should have never been allowed to raise more than the inflation rate. Once installed unless damaged, these circuits cost the phone companies almost nothing to operate. The traditional land line phone systems have plenty of capacity now that a lot of folks are going "all cell" or are using the cable companies for phone and data service and this should not have a negative effect on their overall profitability.
K
kenglish
Guest
The internet is where we get updates on the equipment, including the DASDEC EAS gear.
Also, most State EAS Plans are available on the internet, although they are often "hidden". A Google search will often find them, though.
Also, most State EAS Plans are available on the internet, although they are often "hidden". A Google search will often find them, though.
Between this buffoonery and the fact discussed elsewhere that there are hundreds (maybe in the 1,000s) of smaller-market stations that still have their EAS boxes just feeding a pot on the board, the state of emergency notification in the US is a giant freaking mess. Oh, and let's not forget the multiple IPAWS server failures. over the past six months.
-- Doc
-- Doc
secondchoice said:
EAS *cannot* be divorced from the Internet, because the new CAP system delivers alerts that way. (they're pulled from a FEMA server -- and, if your state has one, a state CAP server)
Now, one could argue whether internet-based CAP was a good idea...
...but it's not difficult to come up with a scenario where the radio-based EAS could be hacked too.
w9wi said:
I will argue no. The some original users of the internet the DOD, high power College Research Universities and defense contractors have their own "private" network with no connection to the internet we use. I guess someone could hack an internet connected computer that has a server that has a connection to one of these computers. Then try to hack one of these "non public" computers. If this ever happened would that be a double hack?
I am not alone in my fear of an Internet attack:
http://www.cnbc.com/id/100460459
I guess it will take a major incident for the those in charge to do something, then over reaction. It seem to be the US way of doing things. It is easier politically to do nothing.
http://www.cnbc.com/id/100460459
I guess it will take a major incident for the those in charge to do something, then over reaction. It seem to be the US way of doing things. It is easier politically to do nothing.
So true. It's all about the blame-game and not really about the fact the gov't is too cheap and lazy to provide decent infrastructure to do it right. It is true that the stations that put their EAS unit exposed to the internet AND left the password to the default made a huge blunder, but who would think, with thousands of stations out there, that this wouldn't happen? Ddduuuhh... The EAS system is a joke. A terribly expensive bad joke on the American public AND broadcasters.
The feds investment is very little. Ours are 3,000 a box. And, still, we have a turd. Why can't they contract with a satellite-based internet provider (like Clear Channel's data system they use for emergencies to STL to towers after disasters) to PROPERLY distribute a private, secure message to us via CAP? The feds WASTE thousands of dollars a minute. Why are we burdened with a broken system we must try to maintain in spite of them if they cannot even give us a secure method of delivery?
OKCRadioGuy said:
Actually, it isn't that hard to jam a satellite transmission. I suspect that most Ham radio operators could imagine how to do it, so you can rest assured the terrorists know how too. Further, with a satellite delivery system, in bad weather (when you might really need the system to work) you stand a good chance of experiencing "rain fade." That's not good.
The simple solution is to use the existing NWS VHF weather alert system. Right now, it blankets most of the country. The transmitting equipment used to set it up is relatively cheap, and VHF FM is quite robust. Anyone can purchase a perfectly adequate receiver for as little a $20. It is already controlled by the government, which is where most EAS alerts come from. Of course it would take some investment to give complete coverage in every remote location, but given the way Washington likes to spend, it would just be a drop in the bucket.
Asking a bunch of volunteers to operate and administer the current EAS system is lunacy. Although the people who currently do this are well intended and quite dedicated, we are asking a lot from these folks. Like the rest of us, they usually have many other responsibilities. Until somebody is actually paid to do this, and are held accountable for their actions, you are asking for trouble.
- Status