Zombie Apocalypse EAS hijackings
DateFebruary 11, 2013 (2013-02-11)
VenueKRTV
WKBT-DT
WNMU
KENW
LocationGreat Falls, Montana, Marquette, Michigan, La Crosse, Wisconsin, Portales, New Mexico, United States
TypeBroadcast signal intrusion
CauseEAS equipment security vulnerabilities.
PerpetratorHacker

On February 11, 2013, the Emergency Alert System of five different television stations across the U.S. states of Montana, Michigan, Wisconsin, and New Mexico were hijacked, interrupting each television broadcast with a Local area emergency message warning viewers of a zombie apocalypse. The message was subsequently declared as a hoax by local authorities and was reported to be a result of hackers gaining access to the Emergency Alert System equipment of various television stations.[1][2][3][4][5]

The first incident took place in Great Falls, Montana, during an afternoon airing of The Steve Wilkos Show on CBS affiliate television station KRTV. The television signal was abruptly interrupted by an audible Local area emergency alert reading "Local authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living". Later the same day the stations of CBS affiliate WKBT-DT, ABC affiliate WBUP, and PBS member station WNMU in Marquette, Michigan, and La Crosse, Wisconsin, had their Emergency Alert System hijacked, transmitting a similar "Zombie Apocalypse" alert during their primetime programming hours. Not long afterwards, the television broadcasts of PBS affiliate KENW in Portales, New Mexico were also interrupted by the false alert. The hijackers were later apprehended by authorities shortly after the incident.[6][7]

Just two days after the initial hijackings on February 13, 2013, a morning show on WIZM-FM in La Crosse aired an audio recording from the hoax alert, which triggered WKBT-DT's Emergency Alert System once more, relaying the message over the television station's broadcast signals. On February 28, 2017, radio station WZZY in Winchester, Indiana, had their emergency alert equipment hijacked in an almost identical manner using the same "zombie apocalypse" hoax audio message as the one used in the incidents in 2013.[8][9][10]

CBS, ABC, and PBS hardware engineers who investigated the initial incidents reported that the hijackers likely gained access to the Emergency Alert Systems through a variety of weaknesses in the various station's emergency alert equipment, including a vulnerability in the machine's authentication bypass security and the usage of default passwords that were listed on online user manuals.[11][1]

Hijackings

All five emergency alert hijackings took place on February 11, 2013, in Great Falls, Montana, Marquette, Michigan, La Crosse, Wisconsin, and Portales, New Mexico. The hijackings primarily compromised the television stations of KRTV, WKBT-DT, WBUP, WNMU, and KENW, however, the incident also led to stations ABC10 and its sister station CW 5 to disconnected their networks from the EAS system to prevent further intrusions. WKBT-DT was also struck again with the same hoax alert only two days after the initial incidents after a morning show on WIZM-FM triggered WKBT's Emergency Alert System. In February 2017, television station WZZY in Randolph County, Indiana, was also hijacked with an identical "zombie apocalypse" EAS alert as the ones in 2013.[1][6][7][12][13]

KRTV

On the afternoon of February 11, 2013, at approximately 2:30 to 2:33 pm MST, an airing of The Steve Wilkos Show on KRTV's channels 1 and 2 was suddenly interrupted by a false Local area emergency alert transmitted by KRTV's Emergency Alert System, after the system was hijacked via access to the television stations emergency alert equipment. Following the signal interruption, viewers were met with an audible message that read:[14][15][16][17]

"Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages on-screen that will be updated as information becomes available. Do not attempt to approach or apprehend these bodies, as they are considered extremely dangerous. I repeat: civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages on-screen that will be updated as information becomes available. Do not attempt to approach or apprehend these bodies, as they are considered extremely dangerous. This warning applies to all areas receiving this broadcast. Tune into 920 AM to get updated information in the event that you are separated from your television or that the electrical service is interrupted. "

The Emergency Area Alert warned viewers of "bodies from the dead" in the areas surrounding Powell, Broadwater, Jefferson, and Lewis & Clark counties. Not long after the broadcast was transmitted, local authorities declared the alert as a hoax.[18] The audio was later discovered to have been taken directly from a 2008 YouTube video named "Zombie Emergency Alert System Warning (EAS)".[19]

WKBT-DT, WBUP, WNMU

The second hijacking took place in Marquette, Michigan, and La Crosse, Wisconsin, when the Emergency Alert System for the television stations of WKBT-DT in La Crosse, and WBUP and WNMU in Maquette at approximately 3:55 pm MST, were hacked, interrupting the television broadcasts with the same "zombie apocalypse" alert as before. The signal interruption occurred during WNMU's and WBUP's primetime afternoon broadcasting of Barney & Friends and The Bachelor, which may have led to a larger public awareness of the alert.[5][20][21]

KENW

The final hijacking took place in Portales, New Mexico, at 8:35 pm EDT, when television station KENW's Emergency Alert System was also hijacked, interrupting its television broadcasts with the same false emergency alert as the previous two incidents. The hackers were reportedly found by authorities shortly after the hijacking, however, further information on the perpetrators of the hijackings was never released.[22]

Later incidents

A similar incident involving the "zombie apocalypse" EAS hijacking took place during a morning talk show broadcast by WIZM-FM in La Crosse, when the hosts of the show, who were reacting with laughter to the hoax, played the audio recording from the alert. However, producers of the show failed to edit out the Specific Area Message Encoding (SAME) tones used in the alert, which led to the triggering WKBT-DT's Emergency Alert System. As a result, WKBT-DT's emergency alert equipment relayed the message from the hoax over the stations regular programming. The relaying failure likely took place as a result of the standard operating protocol of the EAS FCC-certified decoders used in the Emergency Alert System's equipment at their control points. The decoders used at EAS cable television headends are continuously monitoring broadcast signals from nearby television stations. If a decoder detects a signal using an EAS message, the EAS system operators are required by United States Federal Law to relay the message to other broadcasters.

The FCC has since strongly prohibited the usage of actual or simulated EAS/WEA and SAME tones outside of genuine emergency alerts to protect the integrity of the system and to prevent signal relay incidents like the one in 2013. Any broadcasters that use the tones outside of a real emergency may be heavily fined or sanctioned.

On February 28, 2017, radio station WZZY, 98.3, in Randolph County, Indiana aired the same "bodies rising from the dead" false alert message from 2013 after their SAGE ENDEC EAS equipment was hijacked. The incident prompted the Randolph County Sheriff's Department to make a public announcement clarifying that WZZY's emergency alert equipment had been hacked and that no emergency was present.

Methods

There are numerous methods hackers will use to hijack the Emergency Alert System, however, the likely method used by the hijackers of the "zombie apocalypse" hoax, as reported by authorities and the television station engineers, was that the hackers were able to gain access to the emergency alert equipment via default system passwords that were listed in public user manuals. This would have came as a result of television station broadcasters neglecting to change the factory default logins and passwords on their equipment.[11][23][24]

Government response

A failure to prevent access into emergency alert equipment by broadcasters has been the subject to most of cybersecurity breaches of the Emergency Alert System. As a result, the federal government has made numerous statements to television broadcasters that a neglection to investigate unpatched software vulnerabilities and failure to implement secure passwords for EAS machines will lead to a massive failure in equipment security and a major cybersecurity breach such as the one in 2013.

The Federal Emergency Management Agency (FEMA) has also stated to television broadcasters of certain vulnerabilities in EAS encoders/decoders that, if not updated, could allow outside sources to gain access to various television station's EAS equipment and broadcast emergency messages over regular programming. The Federal Communications Commission (FCC) has also stated publicly that what may seem as a harmless "prank" to viewers who are quick to identify such false alerts as a hoax, can actually cause massive national security threats. Furthermore, federal agencies have stated that such hoaxes "underscore the vulnerability of a national alert system that's mandatory for all wireless, cable, and satellite TV systems" and also threaten the safety of viewers who perceives such false alerts as real.[11][25]

EAS equipment vulnerabilities

Image of DASDAC device used by many of the hijacked television stations in 2013

Computer engineers have especially reported various vulnerabilities within Monroe Electronic's R189 One-Net DASDEC EAS, also known as DASDAC, an encoder/decoder device used by a number of television station's Emergency Alert Systems (including the stations involved in the "zombie apocalypse" hijackings in 2013). One major flaw within these various vulnerabilities is the fact that the device uses a web interface that contains several default credentials that are listed on online manuals. These credentials, which can be obtained fairly easily, contain the factory default log-in information. Thus, any station using DASDAC equipment with its factory default log-in credentials is more vulnerable to hijackings than one that has been implemented with secure passwords. The DASDEC is used by many local television stations and some AM/FM radio stations, as well as many cable companies, including Comcast and Xfinity.[26][27][28][29]

Investigations into possible vulnerabilities with the SAGE ENDEC EAS equipment occurred after the devices used at WZZY were hijacked in 2017. However, the hijackings likely had more to due with the broadcasters negligence to employ more secure login credentials on the machines then it did with internal hardware vulnerabilities within the SAGE equipment.[30][31]

Aftermath and investigation

Following the hijacking incidents, both the FCC and the FEMA urged the broadcasters involved in the incidents to reset their passwords and recheck security measures. Trade groups, including the Michigan Association of Broadcasters, also requested that its partnered television stations, including WBUP and WNMU in Michigan, to update any unpatched security vulnerabilities of their emergency alert devices.

Investigations into the hijackings occurred via both local and federal authorities, with possible investigations partaken by the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC), who initially detected that the hijackings came from an overseas source. The hackers involved in hijackings were reportedly caught and arrested, however, any further information on the perpetrators identities or charge remain unknown.

Shortly after the hijackings occurred, the Great Falls Police Department announced to the Great Falls Tribune that the alert was a hoax and there was no danger in the areas surrounding Great Falls. Similarly, almost immediately after the false emergency message aired, KRTV announced on air: "This message did not originate from KRTV, and there is no emergency".[32]

Following the hijacking incident in February 2017, the Randolph County Sheriffs Department made a public statement announcing that the emergency alert was a false alarm and a hoax, after its local radio station, WZZY, was hacked with the same false emergency message.

See also

References

  1. 1 2 3 Goodin, Dan (2013-02-14). "Bogus zombie apocalypse warnings undermine US emergency alert system". Ars Technica. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  2. Schwartz, Mathew J. (2013-02-12). "Zombie Alert Hoax: Emergency Broadcast System Hacked". Dark Reading. Archived from the original on 2021-08-02. Retrieved 2023-10-29.
  3. Anders, Melissa (2013-02-13). "Zombie apocalypse now? Michigan TV stations' Emergency Alert Systems hacked with notice of walking dead". mlive. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  4. "Hackers hijack Montana TV station, broadcast zombie apocalypse warning". Wired UK. ISSN 1357-0978. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  5. 1 2 "Zombie apocalypse newsflash interrupts US TV schedule". The Guardian. Associated Press. 2013-02-12. ISSN 0261-3077. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  6. 1 2 Storm, Darlene (2013-02-12). "Hacker broadcasts emergency zombie apocalypse warning on TV station in Montana". Computerworld. Archived from the original on 2023-11-05. Retrieved 2023-10-29.
  7. 1 2 "That Time Someone Hacked an Emergency Broadcast System and Warned of the Zombie Apocalypse". Cheezburger. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  8. Hubbuch, Chris (2013-02-13). "TV zombie-attack warning a false alarm". La Crosse Tribune. Archived from the original on 2019-08-08. Retrieved 2023-10-31.
  9. "Hacked radio station reports Ind. zombie attack". WCPO 9 Cincinnati. 2017-03-01. Archived from the original on 2023-10-31. Retrieved 2023-10-31.
  10. "Hackers take over Randolph County radio station's alert system, send out messages about fake zombie attack". Fox 59. 2017-03-01. Archived from the original on 2023-10-31. Retrieved 2023-10-31.
  11. 1 2 3 Goodin, Dan (2022-08-05). ""Huge flaw" threatens US emergency alert system, DHS researcher warns". Ars Technica. Archived from the original on 2022-08-06. Retrieved 2023-10-29.
  12. Committee on the Future of Emergency Alert and Warning Systems: Research Directions (April 19, 2018). Emergency Alert and Warning Systems. National Academies Press. pp. 70–72. ISBN 9780309467407. Archived from the original on October 31, 2023. Retrieved October 30, 2023.
  13. Wheeler, Tom; Clyburn, Mignon; Rosenworcel, Jessica; Pai, Ajit V.; O'Rielly, Micheal (2016). FCC Record: a comprehensive compilation of decisions, reports, public notices and other documents of the Federal Communications Commission of the United States. Boulder, Colorado: Federal Communications Commission. p. 638.
  14. Kumar, Mohit (February 13, 2013). "Hacker broadcasts zombie warning on TV". The Hacker News. p. 1. Archived from the original on October 29, 2023. Retrieved October 29, 2023.
  15. Moye, David (February 11, 2013). "KRTV's Emergency Alert System Hacked To Warn Of Fake Zombie Apocalypse". HuffPost. pp. 1–2. Archived from the original on October 29, 2023. Retrieved October 29, 2023.
  16. Booth, Charlotte (March 15, 2021). A History of the Undead: Mummies, Vampires and Zombies. Pen & Sword. pp. 86–90. ISBN 9781526769077.
  17. Goodman, Marc (February 24, 2015). Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It. Knopf Doubleday Publishing Group.
  18. Albanesius, Chloe (February 12, 2013). "Hack of Montana TV Station Warns Viewers of Zombie Attack". PC Magazine. pp. 1–2. Archived from the original on October 29, 2023. Retrieved October 29, 2023.
  19. Zombie Emergency Alert System Warning (EAS), retrieved 2024-01-07
  20. Hubbuch, Chris (2013-02-13). "TV zombie-attack warning a false alarm". La Crosse Tribune. Archived from the original on 2019-08-08. Retrieved 2023-10-29.
  21. United States. Congress. House. Committee on Homeland Security (November 13, 2018). DHS Cybersecurity: Roles and Responsibilities to Protect the Nation's Critical Infrastructure : Hearing Before the Committee on Homeland Security, House of Representatives, One Hundred Thirteenth Congress, First Session, March 13, 2013. Minnesota: U.S. Government Printing Office. p. 72.
  22. "Archived copy". Archived from the original on 2019-11-28. Retrieved 2023-11-11.{{cite web}}: CS1 maint: archived copy as title (link)
  23. "Zombie hack blamed on easy passwords". Chicago Tribune. Reuters. February 14, 2013. pp. 1–2. Archived from the original on 2019-08-08. Retrieved 2023-10-29.
  24. Lyngaas, Sean (August 3, 2022). "FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated". CNN Politics. pp. 1–2. Archived from the original on October 7, 2023. Retrieved October 29, 2023.
  25. Loh-Hagen, Virginia (2015). Ethical Hacker. Cherry Lake Publishing. p. 7. ISBN 9781634700788.
  26. CVE.report; CVE. "r189_one-net_eas". CVE.report. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  27. "Monroe Electronics R189 One-net Eas : Security vulnerabilities, CVEs". cvedetails.com. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  28. "DHS warns of critical flaws in Emergency Alert System devices". techcesscyber.com. 2022-08-08. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  29. Burt, Jeff. "Warning! Critical flaws found in US Emergency Alert System". The Register. Archived from the original on 2023-10-29. Retrieved 2023-10-29.
  30. "SAGE ALERTING SYSTEMS". sagealertingsystems.com. Archived from the original on 2023-10-31. Retrieved 2023-10-31.
  31. "Methods for using SAGE ENDEC EAS equipment in the Livewire Environment". TelosHelp. 2021-06-28. Archived from the original on 2023-10-31. Retrieved 2023-10-31.
  32. Montagne, Renee (February 12, 2013). "Montana TV Stations Warns of Attacking Zombies". WLRN. p. 1. Archived from the original on October 30, 2023. Retrieved October 30, 2023.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.