TVTechnology: EAS Hack has Engineers on Alert

Deborah D. McAdams / 02.13.2013 05:08PM

EAS Hack has Engineers on Alert

Bots reported knocking on non-networked boxes

MULTIPLE CITIES – A hack into the nation’s Emergency Alert System this week that coincided with a threat by Anonymous to disrupt the State of the Union Address on Tuesday has broadcast engineers buzzing.

“They aren’t just trying to get in through the Web interface!” one engineer wrote on an online EAS forum. “As we speak - all of our ‘exposed’ boxes have a bot knocking on them, trying to access the root or NOUSER passwords to the shell/terminal—not just the Web interface! So far on our boxes—they have been unsuccessful, as we’ve changed our root passwords, and they aren’t based on a dictionary word.”

He said the bot knocks were coming through a Tor network, which disguises the physical location of actual IP addresses.

“It seems from their fingerprints that they are not from a single person [or] source,” he said.

KRTV-TV in Great Falls, Mont., WBKP-TV, WBUP-TV and WNMU-TV in Marquette, Mich.; and KNME/KNDM in Albuquerque, N.M. were reported to have carried a bogus EAS message about zombies rising from graves on Monday. Stations in Utah and California may also have received the alert. Greg MacDonald, president and CEO of the Montana Broadcasters Association, said preliminary reports indicated the attacks were initiated overseas, according to KRTV.

Broadcast engineer Barry Mishkind is reporting that at least six stations were affected, and that none had changed default passwords on EAS equipment, or had firewalls between the equipment and the Internet. He noted that the attacks followed an 11-hour outage of the Integrated Public Alert and Warning System server managed by the Federal Emergence Management Agency.

IPAWS is the relatively new, IP-based emergency warning network that broadcasters now monitor for alerts from a variety of sources, including the Emergency Alert System. FEMA administers the system. Outages were reported in mid-December, due to complications from an upgrade.

A FEMA spokesman told Radio World’s Leslie Stimson that the zombie attack did not breach or compromised the IPAWS, and that it had “no impact on FEMA’s ability to activate the Emergency Alert System.”

The EAS typically is used for severe weather warnings, AMBER Alerts and other public-safety messages. It also can be activated by the President of the United States to issue a nationwide warning carried simultaneously by all cable TV systems, radio stations and broadcast television stations. The zombie attack came a day before President Obama delivered a State of the Union Address issuing an executive order to increase cybersecurity. Hacker group Anonymous had threatened to disrupt streaming coverage of the speech, but failed to do so, CNET reported. No president has ever activated the EAS to issue a message.

EAS expert Richard Rudman added that no EAS hack attacks were reported during the Tuesday evening address from Washington, D.C.

The zombie thread on the EAS Forum indicates that engineers are busy identifying and closing security holes. Remote monitoring of EAS equipment should be done only through a secure network, one writes. Another said IP addresses attempting brute-force logins could be blacklisted. Encoders/decoders may need to be updated to newer versions of operating software, for example. All seem to agree that changing passwords and setting up firewalls are imperative to start.

The Federal Communications Commission said as much Tuesday in an urgent advisory that was passed on to the membership of the National Association of Broadcasters. Other than the advisory, the FCC has not commented on the hack. FEMA has said only that it is supporting the FCC and other federal agencies—which many assume to be the FBI—in investigating the incident.

In the meantime, the source of the hack remains unknown. Mishkind cited a 2009 video from YouTube (below) as the possible source for the zombie warning. The type of tones in the video can trigger EAS gear and are illegal to record or reproduce, but they occasionally make it into a news broadcast. EAS tones appeared in a piece on NBC’s “Today Show” in 2011 when broadcasters were preparing for a nationwide test of the new system.

On Tuesday, a radio station in La Crosse, Wis., replayed the zombie alert and triggered another downstream station’s EAS receiver, according to the La Crosse Tribune. The station, WKBT-TV, wound up issuing the zombie alert.

Comments

Post New Comment
If you are already a member, or would like to receive email alerts as new comments are
made, please login or register.

Enter the code shown above:

(Note: If you cannot read the numbers in the above
image, reload the page to generate a new one.)

Posted by: Anonymous

Wed, 02-13-2013 - 8:50PM Report Comment

Anonymous' threats was against the SOTU feed over the internet since they are pissed about CISPA and other cyber security bills, not OTA television. I don't think Anonymous is behind the EAS zombie incidents for the sole reason that Anonymous always announces what they are going to do beforehand as well as taking credit in the aftermath. No one so far has stepped forward. That and zombies is not Anonymous' modus operandi either.

Related
Popular

Columnists Quotes

Friday 2:09PM
Audio Mixers Raise Issues Plaguing 5.1 for TV

“The first time Janet Jackson was on our show, I was stupefied—no one from her camp ever came back to the room to talk to us about the mix." SNL associate mixer, Josiah Gluck

Lauren De Bellis / Monday 10:57AM

RTW Welcomes Arjen Hofland as International Sales Manager

Vanessa Sanchez / Wednesday 10:32AM

SSL Showcases V5 Software for C100 HDS Digital Broadcast Console at IBC 2012

Zazil Media Group / Thursday 11:31AM

Tiffen Begins Shipping Listec PW-10 Tablet-Enabled Teleprompter Product Line

Updates