Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Emergency Alert System Hacked, Warns Dead Rising From Graves

Posted by Unknown on from the brains-delicious-brains dept.

First time accepted submitter Rawlsian writes "Great Falls, Montana, television station KRTC issued a denial of an Emergency Alert System report that 'dead bodies are rising from their graves.' The denial surmises that 'someone apparently hacked into the Emergency Alert System...This message did not originate from KRTV, and there is no emergency.'"

3 of 235 comments (clear)

  1. Re:Let me guess... by slimjim8094 · · Score: 4, Interesting

    Maybe that's what happened here. It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna and spoof the EAS message from whatever station it listens to for alerts.

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  2. Likely attack vector: NOAA weather radio by Dr.+JJJ · · Score: 5, Interesting

    This hack is clearly an invocation of the Emergency Alert System. The EAS is a hierarchically-organized digital message propagation system that has no authentication scheme for the vast majority of the nodes that participate in the network. Since every moderately-sized licensed broadcast radio and TV station in the United States is required to participate in the network, that is a lot of attackable nodes.

    The hierarchy is easy to exploit if you wish to spoof an alert on a specific station. All you need to know is the specific list of stations that your target listens to for alerts and a mobile radio transmitter that you can position relatively closely to your target's EAS receiving equipment. The list of "source" stations for your target is often public information, or can be deduced very easily. (Search for "<city> eas plan" in your favorite search engine.) The radio transmitter required is nothing more than a VHF two-way radio, which can often be a "modded" Amateur Radio which can transmit outside of the legal Amateur bands.

    • Step 1: Assemble an EAS alert on a computer using a little bit of code to generate the appropriate tones and an audio editor to stitch them together. The exact format is tricky, but the information is publicly available.
    • Step 2: Find your likely target's listening list. These are often listed as the "Local Primary" and "Local Secondary" stations in your target's metropolitan area. These, unfortunately, are hard to spoof because broadcast-band FM and AM transceivers are harder to get a hold of. Instead, look up the NOAA weather radio transmission frequencies in your target's area. These stations are often used as additional EAS sources by almost every broadcast station in the system, and they are easy to spoof with portable equipment.
    • Step 3: Put the spoof transmitter in a car and drive as close as possible to the target's published studio headquarters. Targets often place their receiving equipment in their primary studio locations.
    • Step 4: Put your transmitter into transmit mode and play back your spoofed alert. You need to remain nearby just long enough to complete the injection process. With a short message you only need about 60 seconds.
    • Step 5: Drive away. The automated relay system at your target will do the rest.

    Step 4 (transmission) is extremely easy, even with low-powered equipment (250mW). Because of your proximity and the FM Capture Effect you will have no problem overpowering the real source station without adversely affecting or alerting anyone outside a 1/2 mile radius.

    My guess is the attackers here did precisely this. They probably exploited this TV station by spoofing a local NOAA weather radio channel that the TV station was listening to for alerts.

  3. Re:Let me guess... by vlm · · Score: 3, Interesting

    It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna

    Its a hell of a lot simpler just to get really close and use a "low" power omni. If "they've" got 1e4 times the power but you're 1e6 times closer, you do the math for who wins the FM capture effect battle. Rather like a cheap mp3 transmitter can override a 50 kilowatt broadcast transmitter, well, for 10 feet or so. You can imagine the range a 50 watt mobile has vs a 1000 watt NOAA/NWS transmitter. This is in the news fairly often. Most commonly someone transmits over the NOAA weather radio freqs this way using some old VHF-hiband mobiles (now there's a well thats running dry...) reprogrammed.

    Anybody who's ever written a SAME code decoder for weather radios or a SDR, or ever seriously considered it anyway, would not be very challenged by writing a SAME code encoder, in fact probably had to write one first, to test their decoder.

    I enjoy the comedic stories I read in the newspaper about this. Those are real hacks. Like announcing a blizzard in Florida in the summer, heat warning in the frozen north during the winter. If I were still an impulsive teen I'd probably be doing that kind of thing.

    However, the people who transmit sorta-plausible stuff intended to scare people are just jackasses. There's a fox news "joke" in there somewhere, or maybe not really a joke.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger