WASHINGTON:
Federal authorities are looking into
several incidents in which an unauthorized person or persons interfaced with
Emergency
Alert System equipment connected to the Internet, knew or figured out default
passwords, broke into the devices and inserted a false message that was
transmitted by several stations.
A FEMA
spokesperson told
Radio World that
the incidents appeared to be a security breach of a product used by some local
broadcasters.
“FEMA’s
Integrated Public Alert and Warning System was not breached or compromised, and
this had no impact on FEMA’s ability to activate the Emergency Alert
System to
notify the American public.” FEMA will continue to support
the FCC and
other federal agencies looking into the matter, according to the spokesperson.
When
reached last night, the FCC had no comment on the investigation.
Broadcast
engineer and long-time EAS expert Richard Rudman agrees what happened is not an
issue with CAP and has nothing to do with IPAWS OPEN, FEMA’s Web
interface for
alerts.
“It’s because
[EAS] boxes are connected to the Internet. Mentioning CAP as part of the
problem is inaccurate,” Rudman emphasized, speaking for the Broadcast
Warning
Working Group. “Anybody that has a Part 11 box that’s
compliant is now tied to
the Internet.”
If a station’s Internet-connected
EAS gear is behind a router with a firewall, and protected with a strong
password, that will most likely thwart would-be hackers, he said.
“Even a $50
router will have firewall. There’s some evidence this was tried
elsewhere, and
the EAS gear of stations that had a strong firewall were not hacked,”
he said.
While most of
the hacking incidents involved television stations, one incident involved a
radio group in Utah. Bonneville Director of Engineering John Dehnel was able to
head off the fake alert on the main signals for KSL-AM/FM, but the fake alert
did get transmitted automatically on the station’s HD2 channels.
The hackers, he
said on the SBE EAS list serve, knew what they were doing, stating that the
unauthorized person was familiar with how EAS works and even the type of device
his stations have. The person “hacked in and programmed a header they
would
assume would be something that would auto-forward. It takes some training and
instruction to do all of that. A casual hacker, even if he got into the box,
would not have known how to do it.”
The station has
taken its encoder/decoder offline to preserve any data it may contain that
would be useful to the investigation.
Rudman agrees it
appeared the hacker knew what he was doing. He said that for the affected
stations, it looked like an MP3 file was uploaded to the EAS encoder/decoder
and activated as a message.
“The
box was probably set to send an alert automatically,” he said.
He shared
suggestions he also passed along to the California Broadcasters Association,
namely that stations verify they have strong passwords for their Internet
interfaces
and all their EAS gear is connected through a firewalled router.
“One engineer
thought changing the front panel password is enough,” said Rudman,
who adds
that’s not enough and recommends a
Gibson
Research site for checking password
strength. It’s also recommended by Leo LaPorte and other IT experts.
It’s important to change all of the Web interface
passwords
for every single EAS encoder/decoder, Rudman said. He recommended contacting
the
vendor for specific product documentation.
“Only then will the new, strong passwords you set have an
effect,” he said.