Hackers targeted EAS nationwide.
The FCC, FBI and several state and local law enforcement agencies are investigating what now appears to have been a widespread hack attack on the Emergency Alert System. The full extent of the attack isn’t yet clear, but several HD2 stations aired a bogus message about zombies. Engineers say the hackers apparently had a solid working knowledge of EAS.
Bonneville director of engineering John Dehnel says the company’s Salt Lake City stations were one target. While it never made it to news-talk KSL (1160) — the LP1 station for the area — or its sister KSL-TV, the bizarre message was broadcast on the cluster’s three HD2 stations. Dehnel believes the culprit was EAS boxes that were left set to factory-installed default passwords to accommodate tech support crews. “We left the default password in and frankly I forgot about it — my guess is you’ll find everyone still had the default password on it,” he says.
The Bonneville HD2 stations fired the bogus EAS messages about one hour before a Great Falls, MT television station that made headlines yesterday. Several other stations also aired a fake EAS message, including TV stations in Albuquerque and Marquette, MI. A radio station in Los Angeles apparently thwarted its attack. It’s possible other stations also broadcast the alert.
Following Monday’s breach of the Emergency Alert System, tech manufacturers are scrambling to make sure there are no open security windows in their equipment. Monroe Electronics said its customers should change passwords and step up EAS’ security by putting the system behind a firewall.
Hours before their fake EAS activation, Dehnel says Bonneville has been able to piece together that someone outside the U.S. was “probing around” in the middle of the night on its Dasdec boxes. Because of how the fake alert was created, such as using live codes, a duration time, and knowing how to send an audio cut, Dehnel is convinced the hackers know a lot about the inner-workings of EAS. “A normal hacker hitting that thing would not know how to do that,” he says.
Rudman agrees. “It would require a little bit more expertise than the average hacker would have to do what appears to have happened,” he says.
Besides blatantly bogus messages about a “zombie attack,” the message also told listeners to tune to 920 AM which Dehnel believes shows it was written for a market other than Salt Lake City. Bonneville has taken its box offline to preserve any data it may contain — data which could be used as evidence. Besides violating FCC rules, the hacker could face federal criminal charges.