Zombie EAS Hack Attack Hits TV Stations

Hackers broke into the Emergency Alert Systems of KRTV Great Falls, Mont. (see video below); WBKP and WNMU Marquette, Mich., airing a warning that dead bodies were "attacking the living" and warned people not to "approach or apprehend these bodies as they are extremely dangerous." Local and state authorities and the FCC are investigating to determine how the hackers got access.
TVNewsCheck,

At least four TV stations across the country Monday were the victims of a hoax after a hacker broke into their Emergency Alert Systems.

KRTV Great Falls, Mon., initially made headlines Tuesday after a video of the alert, claiming “dead bodies were rising from their graves,” went viral on the Web. But the CBS affiliate wasn’t alone. WBKP and WNMU Marquette, Mich., also had the same alert played on their airwaves.

Story continues after the ad

The hack likely happened because station operators didn’t change the default password on their Common Alert Protocol Emergency Alert System, says Ed Czarnecki, senior director of strategy and regulatory affairs for Monroe Electronics, the main manufacturer of EAS systems across the country.

“Quite simply, someone made an unauthorized access to the stations’ firewall and somebody logged into the system using a default username and password,” says Czarnecki. “This is a simple matter of operational security best practices. You have to change your default password on any new device.”

Now local and state authorities and the FCC are investigating to determine how that unauthorized access was granted. Calls into the Michigan State Police and FCC weren’t immediately returned, although the FCC Tuesday evening ordered stations to take immediate action to secure their EAS systems.

A spokesperson for the Federal Emergency Management Agency acknowledged that there may have been "a breach of security" of the product used by some broadcasers.

Brand Connections

However, he added, "FEMA's integrated public alert and warning system was not breached or compromised and this had no impact on FEMA’s ability to activate the Emergency Alert System to notify the American public.FEMA will continue to support the FCC and other federal agencies looking into the matter."

After reviewing his station’s EAS security log Monday night, Kenn Baynard, WBKP operations manager in Marquette, said it was clear that someone made multiple attempts to break into the system. “They went in from the back door of this system and tried numerous passwords and have been doing so for days leading up to the hack,” Baynard says.

Before any real alert goes out, such as one from the National Weather Service, station executives are notified via email about it. That didn’t happen at the ABC affiliate on Monday afternoon, Baynard says. “It just went out by itself. There was no log about it, nothing. It just went out.”

Baynard is now blaming Monroe Electronics, claiming the software has a security flaw. “I spoke with an engineer in Montana using the same system, and it was hit the same exact way.”

Czarnecki stands by his argument, saying the company clearly states in its manual to change all default passwords, including the administrator password. He’s now telling all station operators to double-check their passwords and even choose a new password to avoid anything similar from happening.

“We’re not treating this lightly,” he says, adding the company is examining multiple options to fix any possible security flaws.

Ernest Sanchez, counsel for KENW Portales, N.M., said, in general, any business that has a responsibility to take reasonable action to protect against any kind of foreseeable cyber attack. “This should be a wakeup call to stations around the country to be very conscious about their EAS security,” he says.

As for who did the hacking is still being investigated.

Eric Smith, WNMU general manager, said Northern Michigan University’s forensics information technology staff traced the hack to an overseas IP address Tuesday morning.

“We have a good forensics IT staff that are very good at tracking where problems develop,” says Smith. “As protocol, we’ve turned the investigation over to the university’s public safety and police department.”

Karole White, president-CEO of the Michigan Broadcaster’s Association, said the group has been contacting other Michigan stations to ensure a similar attach has happened. She says this is the first time she’s ever heard of experienced this type of attack.

“Before a year or two ago, the EAS systems were hooked up through phone lines, now they’re hooked up to the Internet,” she says. “On the bright side, this minor attack, while it may have confused or frightened people, uncovered some weaknesses that we can look at, fix and adjust to, to ensure this doesn’t happen again.”

Tags

Comments (4) -

TVMN Nickname posted a year ago
The last line says it all: We have become a gullible breed.
Thomas Scanlan posted a year ago
I'm proud to know both Kenn and Eric, and whoever the hackers are, they should know they're messing with some of the best and most technically proficient GM's in the business. Way to go, guys!!
Pierow Nickname posted a year ago
Thanks Tom!
John Russo posted a year ago
> Baynard is now blaming Monroe Electronics, > claiming the software has a security flaw. Yeah, it's what's known in tech support nomenclature as an ID-10-T error. It's not the lock company's fault if he leaves his keys under the welcome mat, I'm exhausted to say. “I spent my money on the Clapgo D. 29; it's the most impenetrable lock on the market today. It has only one design flaw: the door... [closing door] must be closed!” – (Seinfeld: Season 1; Episode 3: “The Robbery”)

Classifieds

Marketshare Blog Playout Blog

Twitter

TVNewsCheck

Ratings

Overnights, adults 18-49 for January 25, 2015
  • 1.
    1.8/5
  • 2.
    1.3/4
  • 3.
    1.2/3
  • 4.
    1.1/3
  • 5.
    0.9/3
  • 6.
    0.4/1
Source: Nielsen

Reviews

  • David Hinckley

    History's Sons of Liberty rips the powdered wigs off America’s founding fathers. In a good way. The three-night series follows the seeds of the American Revolution from around 1765 to the dawn of the formal military conflict. It's infotainment in a sense, dramatizing the lives of the revolutionaries in ways that can feel a bit soapish. They’re also true to the way it really happened. Through a fast-moving combination of live action and CGI, Sons of Liberty shows how the point of no return became America’s starting point.

  • Mark Dawidziak

    Spouting politically incorrect comments between puffs on his cigar, Portland, Ore., police detective Everett Backstrom is a rude, crude, self-destructive package of bad habits. He's a mess. The wildly uneven series that bears his name also is a mess, a murky mixed bag of dreary and delightful moments. Fox's Backstrom is based on the series of novels by Swedish author and criminologist Leif G.W. Persson. More than a little something got lost in the translation. All of the actors, led by Office alum Rainn Wilson, deliver when the writing catches fire, showing us compelling visions of what Backstrom could be. Like the title character, though, this series needs help. It needs work. And, absolutely, it needs time.

  • David Wiegand

    Time travel and the end of humanity are the subjects of the Syfy Channel’s knockoff of the 1995 Terry Gilliam film 12 Monkeys, and you may need a chronometer to figure out what time period it is. If you’re really smart, though, you’ll get an alarm clock. Most of the performances are pretty laughable and it's bad Syfy didn’t invest more in a better script and direction. The channel is great at mock films like Sharknado but often takes its sci-fi-loving audience for granted with some of its serious content. In this case, Syfy had the 1995 film as a playbook. They may not have been able to cast Willis or Pitt, but the series could have been better instead of being pretty much a waste of time.

  • Hank Stuever

    Had they drawn it as one of those adult-themed, lonely-loser, late-night cartoon series, FXX’s Man Seeking Woman might have been as easy to swipe away as a run-of-the-mill dating profile. Instead, it is a live-action comedy that often moves and thinks like a cartoon, to great effect, in a hallucinatory world of socializing where a blind date who seems like a troll is, in fact, a gross little troll, and where a trio of alien sex robots show up to your apartment on the night your neat new girlfriend sleeps over.

  • Joanne Ostrow

    My Husband’s Not Gay, the latest despicable piece of so-called reality TV coming to carny freak-show channel TLC, is wrong in so many ways. It’s difficult to say whether it’s more offensive or dangerous. The show follows four Utah Mormon men who are apparently repressing their sexual orientation in order to conform to the requirements of their faith community. Either the couples onscreen are kidding themselves, the producers are knowingly exploiting false or naive narratives, or together they’ve decided to ignore all scientific evidence and endorse a plan to “pray the gay away.” Really, in 2015?

  • Teresa Jue

    Hindsight, VH1’s foray into the scripted programming game, is a departure from the network’s more traditional offerings — in a good way. The network that built its brand on celebrating pop culture by the decades has produced a solid original series that takes a nostalgic walk back into the ’90s. Hindsight’s pilot produced a plot full of promising loose-ends, and a premise that would unearth the memories of ’90s past. Some little nitpicky things shouldn’t detract from the fact that VH1 is doing something different in terms of its scripted offerings, while staying true to its flair for nostalgia.

This advertisement will close automatically in  second(s). You will see this ad no more than once a day. Skip ad