Slashdot Mirror
Local Emergency Alert System Hacked, Warns Dead Rising From Graves
First time accepted submitter Rawlsian writes "Great Falls, Montana, television station KRTC issued a denial of an Emergency Alert System report that 'dead bodies are rising from their graves.' The denial surmises that 'someone apparently hacked into the Emergency Alert System...This message did not originate from KRTV, and there is no emergency.'"
Gotta get to the shopping mall. Stop at the sporting goods store and pick up some weapons and ammo. The zombies will feast on the easier targets for 30 days or so.
Those systems that were never meant to go on the internet were somehow available on the internet? It's too bad some broadcast stations don't know when to air-gap
If computers were people, I'd be a misanthrope.
Supposedly this is the capture of the hacked broadcast: http://www.youtube.com/watch?v=nc60XPCXrh8
The preceding line was intentionally left blank.
Nah, he did a community service by demonstrating the failure without starting a panic over a real possible event. No one should have believed it.. At least not anyone with half a BRAAAAAAAAAAIINSS!!!!
Do not look into laser with remaining eye.
On the contrary.
This is an obvious prank, and is unlikely to cause any harm, except to embarrass those who ought to be embarrassed. It would have been much more harmful to send an alert about a more believable disaster. Can you imagine the panic if the hoax had been about rising floodwater, or an incoming storm or hurricane?
This hack has the benefit of exposing a weakness before it could be maliciously exploited, in probably the only way that guarantees action will be taken. As we've seen, being a good white-hat and reporting the potential security is likely to result in you being prosecuted, and the fault being swept under the carpet.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
It's been a few years since I worked down there, but EAS always seemed like pretty primitive tech. One of the last remaining bastions of serial printer ports as I recall. It is (or was a few years ago) ugly, annoying, tended to chop the ends off of messages, and many of the weather service alerts either were for somewhere entirely remote from us, or were so garbled that they were incomprehensible.
I'm entirely unsurprised that it's easy to hack in to EAS.
Three Squirrels
This message did not originate from KRTV, and there is no emergency
those are some wily zombies
how many pairs of boxer shorts should you own?
Not cause any harm? It won't be so funny when the dead start rising from the grave and no one believes it because this guy cried wolf already! Thousands of people will disregard the warning and subsequently get their brains eaten! It won't seem so fun then!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Obviously someone with half a brain should have believed it. Who else ate the missing half?
Now when the REAL zombie apocalypse arrives, everyone will assume it's just another prank...
This is an obvious prank, and is unlikely to cause any harm, except to embarrass those who ought to be embarrassed.
I doubt that. If you are referring to the local officials who implemented the system or maintain it, then no, they have nothing to be embarrassed about. They didn't design the system, they just installed what was compatible with everyone else. Those who designed the system will probably not be overly embarrassed, either.
I doubt you're referring to the prankster, who certainly won't be embarrassed at all, even though such public displays should be embarrassing to him. It's like finding a mailing list and sending a bunch of spam to it to prove how insecure it is; annoying everyone on the list who can do nothing about it and really changing nothing.
The only likely result of this will be a confirmation in the minds of the public that hackers are nutcases who need to be put in jail for doing stupid things, not a sudden realization that hackers are here to save us from our mistakes.
And remember not to run up stairs to escape them, leaving you stranded on the roof like EVERY FUCKING MOVIE IN EXISTANCE.
Hey, the CDC doesn't run zombie apocalypse drills for no reason
https://www.youtube.com/watch?v=I28e0IqIgPc -- KRTV out of Great Falls, Montana.
Later studies suggested the panic was less widespread than newspapers had indicated at the time. During this period, many newspaper publishers were concerned that radio, a new medium, would render them obsolete. In that time of yellow journalism, print journalists took the opportunity to suggest that radio was dangerous by embellishing the story of the panic that ensued
The parallels almost write themselves...
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
I think these gentle reminders about security are great and are part of the spirit of hacking.
Which would the USA rather have: (a) goofball hackers create a zombie panic, or (b) our next enemy uses a coordinated attack to create actual panic?
Reminds me of the infamous "War of the Worlds" broadcast by Orson Welles.
Futurist Traditionalism
All they would have had to do was walk a little bit faster!
Break into a system meant for emergency use only and the hammer will come down.
Fine. But it should come down equally as hard, if not more so, on those who accepted public money to build a secure system and failed to do so. Anything else is scapegoating.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
All stations share their EAS infrastructure. The largest stations get their data direct; smaller stations get it from larger ones. All stations need to have at least two different data sources set up. It is actually a reasonably well set up topology, and it is tested on a very regular basis.
The FCC also imposes strict fines on anyone who fails a test; the base fine for a violation is $8,000 and is scaled up for repeat or blatant violations.
How the FCC handles fines in this case will be interesting. The EAS system is designed for speed and reliability, not for security; there is message validation built in to prevent unintentional activation, but a correctly-formatted bogus message inserted into the system will propogate as designed.
First the undead rise from their graves. Then the establishment covers it up. And it's not a coincidence that there are shortages and limits on ammo.
I'm an American. I love this country and the freedoms that we used to have.
I find nothing in that citation to indicate that Assange has been charged with any offence. On the contrary and to quote directly: "Assange has not yet been formally charged with any offence."
Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
http://en.wikipedia.org/wiki/Assange_v_Swedish_Prosecution_Authority
Assange fled Sweden rather than defend himself against the charges.
Hmmm
Except that is not correct, he did not flee, he left Sweden legally. It was only after he had left Sweden that the new prosecutor issued a new arrest warrant.
Amazing that this got through to the front page of /. in the same week that it happened!
*Still* negative function...
Most local TV stations are already air gapped.
Not the equipment. The air gap is usually between the ears of the anchor
He should have reported that Dihydrogen Monoxide has been detected in the city's water system. :-D
For the uninitiated (see http://dhmo.org/
Dihydrogen monoxide:
is called "hydroxyl acid", the substance is the major component of acid rain.
contributes to the "greenhouse effect".
may cause severe burns.
is fatal if inhaled.
contributes to the erosion of our natural landscape.
accelerates corrosion and rusting of many metals.
may cause electrical failures and decreased effectiveness of automobile brakes.
has been found in excised tumors of terminal cancer patients.
Despite the danger, dihydrogen monoxide is often used:
as an industrial solvent and coolant.
in nuclear power plants.
in the production of Styrofoam.
as a fire retardant.
in many forms of cruel animal research.
in the distribution of pesticides. Even after washing, produce remains contaminated by this chemical.
as an additive in certain "junk-foods" and other food products.
This hack is clearly an invocation of the Emergency Alert System. The EAS is a hierarchically-organized digital message propagation system that has no authentication scheme for the vast majority of the nodes that participate in the network. Since every moderately-sized licensed broadcast radio and TV station in the United States is required to participate in the network, that is a lot of attackable nodes.
The hierarchy is easy to exploit if you wish to spoof an alert on a specific station. All you need to know is the specific list of stations that your target listens to for alerts and a mobile radio transmitter that you can position relatively closely to your target's EAS receiving equipment. The list of "source" stations for your target is often public information, or can be deduced very easily. (Search for "<city> eas plan" in your favorite search engine.) The radio transmitter required is nothing more than a VHF two-way radio, which can often be a "modded" Amateur Radio which can transmit outside of the legal Amateur bands.
Step 4 (transmission) is extremely easy, even with low-powered equipment (250mW). Because of your proximity and the FM Capture Effect you will have no problem overpowering the real source station without adversely affecting or alerting anyone outside a 1/2 mile radius.
My guess is the attackers here did precisely this. They probably exploited this TV station by spoofing a local NOAA weather radio channel that the TV station was listening to for alerts.