Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Emergency Alert System Hacked, Warns Dead Rising From Graves

Posted by Unknown on from the brains-delicious-brains dept.

First time accepted submitter Rawlsian writes "Great Falls, Montana, television station KRTC issued a denial of an Emergency Alert System report that 'dead bodies are rising from their graves.' The denial surmises that 'someone apparently hacked into the Emergency Alert System...This message did not originate from KRTV, and there is no emergency.'"

13 of 235 comments (clear)

  1. Re:Let me guess... by JJJJust · · Score: 5, Informative

    If it was a Common Alerting Protocol-enabled system, it was entirely designed to be on the internet.

  2. Capture of the broadcast by beanfeast · · Score: 5, Informative

    Supposedly this is the capture of the hacked broadcast: http://www.youtube.com/watch?v=nc60XPCXrh8

    --
    The preceding line was intentionally left blank.
  3. Re:find him, prosecute him by TWX · · Score: 5, Funny

    Nah, he did a community service by demonstrating the failure without starting a panic over a real possible event. No one should have believed it.. At least not anyone with half a BRAAAAAAAAAAIINSS!!!!

    --
    Do not look into laser with remaining eye.
  4. Re:find him, prosecute him by LordLucless · · Score: 5, Insightful

    On the contrary.

    This is an obvious prank, and is unlikely to cause any harm, except to embarrass those who ought to be embarrassed. It would have been much more harmful to send an alert about a more believable disaster. Can you imagine the panic if the hoax had been about rising floodwater, or an incoming storm or hurricane?

    This hack has the benefit of exposing a weakness before it could be maliciously exploited, in probably the only way that guarantees action will be taken. As we've seen, being a good white-hat and reporting the potential security is likely to result in you being prosecuted, and the fault being swept under the carpet.

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  5. yeah right by bitt3n · · Score: 5, Funny

    This message did not originate from KRTV, and there is no emergency

    those are some wily zombies

    --
    how many pairs of boxer shorts should you own?
  6. Re:find him, prosecute him by Greyfox · · Score: 5, Funny

    Not cause any harm? It won't be so funny when the dead start rising from the grave and no one believes it because this guy cried wolf already! Thousands of people will disregard the warning and subsequently get their brains eaten! It won't seem so fun then!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  7. Full Recording of the Alert on KRTV by AbsoluteXyro · · Score: 5, Informative

    https://www.youtube.com/watch?v=I28e0IqIgPc -- KRTV out of Great Falls, Montana.

  8. Re:find him, prosecute him by LordLucless · · Score: 5, Insightful

    Later studies suggested the panic was less widespread than newspapers had indicated at the time. During this period, many newspaper publishers were concerned that radio, a new medium, would render them obsolete. In that time of yellow journalism, print journalists took the opportunity to suggest that radio was dangerous by embellishing the story of the panic that ensued

    The parallels almost write themselves...

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  9. Gentle reminder about security by hessian · · Score: 5, Insightful

    I think these gentle reminders about security are great and are part of the spirit of hacking.

    Which would the USA rather have: (a) goofball hackers create a zombie panic, or (b) our next enemy uses a coordinated attack to create actual panic?

    Reminds me of the infamous "War of the Worlds" broadcast by Orson Welles.

    --
    Futurist Traditionalism
  10. typical. by frovingslosh · · Score: 5, Funny

    First the undead rise from their graves. Then the establishment covers it up. And it's not a coincidence that there are shortages and limits on ammo.

    --
    I'm an American. I love this country and the freedoms that we used to have.
    1. Re:typical. by knorthern+knight · · Score: 5, Funny

      > First the undead rise from their graves. Then the establishment covers it
      > up. And it's not a coincidence that there are shortages and limits on ammo.

      Chinese infiltrators in the US government want zombies to survive, so that they can be enslaved into preparing food at Chinese restaurants... the project codename is "Dead Men Wokking".

      --

      I'm not repeating myself
      I'm an X window user; I'm an ex-Windows user
  11. Astonishing news! by nigelo · · Score: 5, Funny

    Amazing that this got through to the front page of /. in the same week that it happened!

    --
    *Still* negative function...
  12. Likely attack vector: NOAA weather radio by Dr.+JJJ · · Score: 5, Interesting

    This hack is clearly an invocation of the Emergency Alert System. The EAS is a hierarchically-organized digital message propagation system that has no authentication scheme for the vast majority of the nodes that participate in the network. Since every moderately-sized licensed broadcast radio and TV station in the United States is required to participate in the network, that is a lot of attackable nodes.

    The hierarchy is easy to exploit if you wish to spoof an alert on a specific station. All you need to know is the specific list of stations that your target listens to for alerts and a mobile radio transmitter that you can position relatively closely to your target's EAS receiving equipment. The list of "source" stations for your target is often public information, or can be deduced very easily. (Search for "<city> eas plan" in your favorite search engine.) The radio transmitter required is nothing more than a VHF two-way radio, which can often be a "modded" Amateur Radio which can transmit outside of the legal Amateur bands.

    • Step 1: Assemble an EAS alert on a computer using a little bit of code to generate the appropriate tones and an audio editor to stitch them together. The exact format is tricky, but the information is publicly available.
    • Step 2: Find your likely target's listening list. These are often listed as the "Local Primary" and "Local Secondary" stations in your target's metropolitan area. These, unfortunately, are hard to spoof because broadcast-band FM and AM transceivers are harder to get a hold of. Instead, look up the NOAA weather radio transmission frequencies in your target's area. These stations are often used as additional EAS sources by almost every broadcast station in the system, and they are easy to spoof with portable equipment.
    • Step 3: Put the spoof transmitter in a car and drive as close as possible to the target's published studio headquarters. Targets often place their receiving equipment in their primary studio locations.
    • Step 4: Put your transmitter into transmit mode and play back your spoofed alert. You need to remain nearby just long enough to complete the injection process. With a short message you only need about 60 seconds.
    • Step 5: Drive away. The automated relay system at your target will do the rest.

    Step 4 (transmission) is extremely easy, even with low-powered equipment (250mW). Because of your proximity and the FM Capture Effect you will have no problem overpowering the real source station without adversely affecting or alerting anyone outside a 1/2 mile radius.

    My guess is the attackers here did precisely this. They probably exploited this TV station by spoofing a local NOAA weather radio channel that the TV station was listening to for alerts.