Local TV

Stations' Emergency Alert System Hacked, Warns of Zombies

KRTV Great Falls (Mont.), WBUP-WBKP Marquette (Mich.) among those hit; matter being investigated by FBI 2/12/2013 05:27:00 PM Eastern

UPDATED: A hacker with an apparent taste for zombie culture
reportedly broke into the Emergency Alert System at multiple TV stations and broadcasted a bogus zombie-related emergency. The message on KRTV Great Falls (Mont.) interrupted programming Feb. 11 and told
viewers, in a garbled voice, that zombies were rising from their graves and
hunting down the living.

"Our Emergency Alert
System was hacked," said news director Heath Heggem. "The matter is
under investigation."

The KRTV website added, "Our engineers are
investigating to determine what happened and if it affected other media
outlets."

"This appears to be a breach of security of a product used by some local
broadcasters," said a spokesman for FEMA. "FEMA's integrated public
alert and warning system was not breached or compromised and this had no
impact on FEMA's ability to activate the Emergency Alert System to
notify the American public.  FEMA will continue to support the FCC and
other federal agencies looking into the matter."

Zombies have emerged as a pop culture phenomenon. AMC
series Walking Dead returned Feb. 10
with 12.3 million viewers
tuning in to the season premiere.

Compared with the massive numbers for AMC's show, the affected markets reach modest audiences. KRTV is a CBS affiliate with the CW on its dot-two. It is
owned by Cordillera. Great Falls is DMA No. 190.

The Bachelorette
and The Carrie Diaries were airing on WBUP-WBKP Marquette (Mich.) when the zombie message broke through the programming. "It appears to be the same content," says Cynthia Thompson, station manager and news director at the duopoly.

Thompson says local police, Michigan state police and the FBI are investigating, as is the FCC. "It involves all of them," she says. "You're dealing with a security issue, a communications issue, a safety issue."

She added that she believes a handful of stations in other states were hit by the zombie message.

Ed Czarnecki, senior director of strategy and regulatory
affairs at Monroe Electronics, which manufactures EAS systems, noted that the
events highlighted the importance of improved IT security at stations.

"There has been a lot of interesting speculation about what
happened but the EAS devices were not themselves hacked," he argues. Rather
someone or some group, hacked through the station's firewall and then was able
to gain access to the EAS devices because the default passwords for the EAS
devices were not changed.

"There is no flaw in the device, this is a matter of not updating the administrative password," Czarnecki said. In some ways, the bogus zombie alerts were a blessing in disguise, he added. "It is a reminder that stations need to inspect all of their devices and make sure they aren't set to factory defaults." In 2011, Monroe issued a white paper on best security practices.

Additional reporting
by George Winslow and John Eggerton.

 

Alert to All Users of the Disqus commenting system:
Because of a recent global security issue, the Disqus website recommends that all users change their Disqus passwords. Here's a URL about the issue:
http://engineering.disqus.com/2014/04/10/heartbleed.html

 

April
May