Emergency Alert Systems at northern Michigan television stations sent out a fake emergency alert warnings. The alters warned the UP of a zombie attack after being hacked. The fake broadcast warned that bodies were rising from the grave and alerted people to avoid contacting the walking dead.
MLive 
reports the message went on Monday about 8:30 p.m.. The zombie attack warning interrupted “The Bachelor” on WBUP, ABC 10 and “The Carrie Diaries,” a prequel to “Sex and The City,” on CW. The same person got into Northern Michigan University’s public television station WNMU-TV 13. That message interrupted “Barney and Friends” at about 4 p.m., reports NMUstation manager Eric Smith.
“People panicked and it was crazy and we didn’t know how to stop it,” Cynthia Thompson, station manager and news director at ABC 10 and CW 5 in Marquette, MI said. The suspected hacker has been caught, according to MLive, Ms. Thompson could not release any further details on the suspect.
Attacks around the nation
Similar attacks were reported at Great Falls, MT station KRTV and KNME/KNDM in Albuquerque, NM. The security breach’s occurred at stations that didn’t have their login names or passwords reset from factory default settings, said Ed Czarnecki, senior director for strategy and regulatory affairs for Monroe Electronics Inc., a Lyndonville, NY based manufacturer of EAS equipment. “We are very aggressively working with authorities … to ensure that all broadcasters have updated their passwords on their critical equipment,” he said.
Michigan Association of Broadcasters CEO Karole White said the MAB is taking the issue very seriously and working with the Michigan State Police and Federal Communications Commission on the case. “Though this was kind of a pranksters joke, they could have used a different code that could have caused people to be very concerned and possibly even panic,” CEO White said.
InfoSecurity says the problem goes beyond just passwords. Mike Davis, a security expert with IOActive, submitted a report to US-CERT detailing flaws in the equipment used by the EAS system a month before the incident. “Changing passwords is insufficient to prevent unauthorized remote login. There are still multiple undisclosed authentication bypasses,” he told Reuters via email. “I would recommend disconnecting them from the network until a fix is available.”
Really, really, terrible software
According to Kaspersky’s ThreatPost, the flaws Mr. Davis unearthed allowed him to do exactly what Monday’s hacker did. “There is some really, really, terrible software on the other side of that box,” Davis said. “There are some known issues like authentication bypasses and what I would call back doors, although I don’t know if they were meant that way. While I can’t provide authenticated messages [from the EAS system itself], I can log into all of them and insert authenticated messages.”
“The problems that Davis found,” warns ThreatPost, “represent a serious weakness in the EAS system. Some of the ENDECs (encoder-decoder) are networked together in a way that enables them to relay messages to one another, so an attacker who could compromise one could conceivably cause problems on others, as well.”
rb-
Umm Networking 101, change your default passwords.
Haven’t the dead been roaming the halls of Congress for years? Brain dead anyway!?
Related articles
- Emergency Alert System devices vulnerable to hacker attacks, researchers say (networkworld.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedIn, Facebook and Twitter. Email the Bach Seat here.
Approximately 2/3’s of the worst passwords stayed the same between 2011 and 2012. Are your users’ passwords on this list? If so, it’s safe to say you should consider a password change policy to force them into using a stronger password.
