{"id":30702,"date":"2013-02-16T12:12:01","date_gmt":"2013-02-16T17:12:01","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2023-06-08T17:23:23","modified_gmt":"2023-06-08T21:23:23","slug":"up-eas-warns-of-zombie-attack","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/up-eas-warns-of-zombie-attack\/","title":{"rendered":"UP EAS Warns of Zombie Attack"},"content":{"rendered":"<p><strong><a href=\"http:\/\/supernaturaleconomics.blogspot.com\/2011\/10\/when-zombies-attack.html\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-108573\" title=\"UP EAS Warns of Zombie Attack\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Zombie-1.jpg?resize=100%2C95&#038;ssl=1\" alt=\"UP EAS Warns of Zombie Attack\" width=\"100\" height=\"95\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Zombie-1.jpg?resize=150%2C142&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Zombie-1.jpg?resize=75%2C71&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Zombie-1.jpg?w=389&amp;ssl=1 389w\" sizes=\"auto, (max-width: 100px) 100vw, 100px\" \/><\/a>Emergency Alert Systems<\/strong> at northern <strong>Michigan<\/strong> television stations sent out a fake emergency alert warnings. The alters warned the UP of a <strong>zombie attack<\/strong> after being <strong>hacked.<\/strong> The fake broadcast warned that bodies were rising from the grave and alerted people to avoid contacting the <strong>walking dead<\/strong>.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/aNXmuhNKX_g\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p><em><a title=\"MLive\" href=\"http:\/\/www.mlive.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">MLive<\/a><\/em> <a href=\"http:\/\/nakedsecurity.sophos.com\/2013\/02\/12\/hackers-zombie\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-108575 size-thumbnail\" title=\"Zombie\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/zombie_green.jpg?resize=75%2C75&#038;ssl=1\" alt=\"Zombie\" width=\"75\" height=\"75\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/zombie_green.jpg?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/zombie_green.jpg?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/zombie_green.jpg?w=170&amp;ssl=1 170w\" sizes=\"auto, (max-width: 75px) 100vw, 75px\" \/><\/a><a title=\"Zombie apocalypse now? Michigan TV stations' Emergency Alert Systems hacked with notice of walking dead\" href=\"http:\/\/www.mlive.com\/news\/index.ssf\/2013\/02\/zombie_apocalypse_now_michigan.html\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a> the message went on Monday about 8:30 p.m.. The zombie attack warning interrupted \u201c<a title=\"The Bachelor\" href=\"http:\/\/beta.abc.go.com\/shows\/the-bachelor\" target=\"_blank\" rel=\"noopener noreferrer\">The Bachelor<\/a>\u201d on <a title=\"WBUP, ABC 10\" href=\"http:\/\/abc10up.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">WBUP, ABC 10<\/a> and \u201c<a title=\"The Carrie Diaries\" href=\"https:\/\/www.imdb.com\/title\/tt2056366\/\" target=\"_blank\" rel=\"amazon noopener noreferrer\">The Carrie Diaries<\/a>,\u201d a prequel to &#8220;<a title=\"Sex and The City\" href=\"https:\/\/web.archive.org\/web\/20171018045042\/http:\/\/www.hbo.com:80\/sex-and-the-city\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sex and The City<\/a>,&#8221; on CW. The same person got into <a title=\"Northern Michigan University\" href=\"http:\/\/maps.google.com\/maps?ll=46.55901,-87.40525&amp;spn=1.0,1.0&amp;q=46.55901,-87.40525 (Northern%20Michigan%20University)&amp;t=h\" target=\"_blank\" rel=\"geolocation noopener noreferrer\">Northern Michigan University<\/a>\u2019s public television station <a title=\"WNMU (TV)\" href=\"http:\/\/wnmutv.nmu.edu\/\" target=\"_blank\" rel=\"homepage noopener noreferrer\">WNMU-TV<\/a> 13. That message interrupted &#8220;<a title=\"Barney\" href=\"https:\/\/web.archive.org\/web\/20180111124557\/http:\/\/www.hitentertainment.com\/barney\/index2.asp\" target=\"_blank\" rel=\"homepage noopener noreferrer\">Barney and Friends<\/a>&#8221; at about 4 p.m., reports NMUstation manager Eric Smith.<\/p>\n<p>\u201c<em>People panicked and it was crazy and <strong>we didn\u2019t know how to stop it<\/strong>,<\/em>\u201d\u00a0 Cynthia Thompson, station manager and news director at ABC 10 and CW 5 in <a title=\"Marquette, MI\" href=\"http:\/\/www.mqtcty.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Marquette, MI<\/a> said. The suspected hacker has been caught, according to <em>MLive<\/em>, Ms. Thompson could not release any further details on the suspect.<\/p>\n<h4><span style=\"color: #0000ff;\">Attacks around the nation<\/span><\/h4>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-108577 size-medium\" title=\"Security leak\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/security_breach-1.jpg?resize=83%2C150&#038;ssl=1\" alt=\"Security leak\" width=\"83\" height=\"150\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/security_breach-1.jpg?resize=83%2C150&amp;ssl=1 83w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/security_breach-1.jpg?resize=42%2C75&amp;ssl=1 42w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/security_breach-1.jpg?w=200&amp;ssl=1 200w\" sizes=\"auto, (max-width: 83px) 100vw, 83px\" \/>Similar attacks were reported at <a title=\"Great Falls, Montana\" href=\"http:\/\/maps.google.com\/maps?ll=47.5036111111,-111.286388889&amp;spn=0.1,0.1&amp;q=47.5036111111,-111.286388889 (Great%20Falls%2C%20Montana)&amp;t=h\" target=\"_blank\" rel=\"geolocation noopener noreferrer\">Great Falls, MT<\/a> station KRTV and KNME\/KNDM in <a title=\"Albuquerque, New Mexico\" href=\"http:\/\/www.cabq.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">Albuquerque, NM<\/a>. The <strong>security breach&#8217;s<\/strong> occurred at stations that didn\u2019t have their login names or passwords reset from <strong>factory default<\/strong> settings, said Ed Czarnecki, senior director for strategy and regulatory affairs for <a title=\"Monroe Electronics Inc.\" href=\"http:\/\/www.monroe-electronics.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Monroe Electronics Inc.<\/a>, a <a title=\" Lyndonville, NY\" href=\"http:\/\/goo.gl\/maps\/3GaaO\" target=\"_blank\" rel=\"noopener noreferrer\">Lyndonville, NY<\/a> based manufacturer of <a title=\"Emergency Alert System\" href=\"http:\/\/en.wikipedia.org\/wiki\/Emergency_Alert_System\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">EAS<\/a> equipment. \u201c<em>We are very aggressively working with authorities \u2026 to ensure that all broadcasters have updated their passwords on their critical equipment,<\/em>\u201d he said.<\/p>\n<p><a title=\"Michigan Association of Broadcasters\" href=\"http:\/\/www.michmab.com\/\" target=\"_blank\" rel=\"homepage noopener noreferrer\">Michigan Association of Broadcasters<\/a> CEO Karole White said the MAB is taking the issue very seriously and working with the <a title=\"Michigan State Police\" href=\"https:\/\/www.michigan.gov\/msp\/\" target=\"_blank\" rel=\"noopener noreferrer\">Michigan State Police<\/a> and <a title=\"Federal Communications Commission\" href=\"https:\/\/www.fcc.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">Federal Communications Commission<\/a> on the case. \u201c<em>Though this was kind of a pranksters joke, they could have used a different code that could have caused people to be very concerned and possibly even panic,<\/em>\u201d CEO White said.<\/p>\n<p><a href=\"https:\/\/beniciapoa.com\/news\/bpoa-news\/internet-and-website-safety-tips\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-108582\" title=\"Hacker\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data_breach1.jpg?resize=100%2C83&#038;ssl=1\" alt=\"Hacker\" width=\"100\" height=\"83\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data_breach1.jpg?resize=150%2C125&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data_breach1.jpg?resize=75%2C63&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data_breach1.jpg?w=240&amp;ssl=1 240w\" sizes=\"auto, (max-width: 100px) 100vw, 100px\" \/><\/a><a title=\"InfoSecurity\" href=\"http:\/\/www.infosecurity-magazine.com\" target=\"_blank\" rel=\"noopener noreferrer\"><em>InfoSecurity<\/em><\/a> <a title=\"The zombie apocalypse is more than just a prank \u2013 it\u2019s a wake-up call\" href=\"https:\/\/www.infosecurity-magazine.com\/view\/30772\/the-zombie-apocalypse-is-more-than-just-a-prank-its-a-wakeup-call\/\" target=\"_blank\" rel=\"noopener noreferrer\">says<\/a> the problem goes beyond just passwords. Mike Davis, a security expert with <a href=\"http:\/\/www.ioactive.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">IOActive<\/a>, submitted a report to <a title=\"US-CERT\" href=\"http:\/\/www.us-cert.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>US-CERT<\/strong><\/a> detailing flaws in the equipment used by the EAS system a month before the incident. \u201c<em>Changing passwords is insufficient to prevent unauthorized remote login. There are still <strong>multiple undisclosed authentication bypasses<\/strong><\/em>,\u201d he <a href=\"https:\/\/web.archive.org\/web\/20131206111351\/http:\/\/www.reuters.com\/article\/2013\/02\/14\/net-us-usa-zombie-hacking-idUSBRE91D07Z20130214\" target=\"_blank\" rel=\"noopener noreferrer\">told Reuters<\/a> via email. \u201cI<em> would recommend disconnecting them from the network until a fix is available.<\/em>\u201d<\/p>\n<h4><span style=\"color: #0000ff;\">Really, really, terrible software<\/span><\/h4>\n<p>According to <a title=\"Kaspersky\" href=\"http:\/\/usa.kaspersky.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky\u2019s<\/a> <em><a href=\"https:\/\/threatpost.com\/en_us\/blogs\/flaws-emergency-alert-system-hardware-allow-remote-login-zombie-alert-insertion-021413\" target=\"_blank\" rel=\"noopener noreferrer\">ThreatPost<\/a><\/em>, the flaws Mr. Davis unearthed allowed him to do exactly what Monday\u2019s hacker did. \u201c<em>There is some really, really, terrible software on the other side of that box,<\/em>\u201d Davis said. \u201c<em>There are some known issues like authentication bypasses and what I would call <strong>back doors<\/strong>, although I don&#8217;t know if they were meant that way. While I can&#8217;t provide authenticated messages [from the EAS system itself], I can log into all of them and insert authenticated messages.<\/em>\u201d<\/p>\n<p>\u201c<em>The problems that Davis found,<\/em>\u201d warns <em>ThreatPost<\/em>, \u201c<em>represent a serious weakness in the EAS system. Some of the ENDECs (encoder-decoder) are <strong>networked together<\/strong> in a way that enables them to <strong>relay messages<\/strong> to one another, so an attacker who could compromise one could conceivably cause problems on others, as well.<\/em>\u201d<\/p>\n<p><strong><em>\u00a0rb-<\/em><\/strong><\/p>\n<p><em>Umm Networking 101, change your default passwords. <\/em><\/p>\n<p><em>Haven&#8217;t the dead been roaming the halls of Congress for years? Brain dead anyway!?<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"http:\/\/www.networkworld.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Emergency Alert System devices vulnerable to hacker attacks, researchers say<\/a> (networkworld.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a>\u00a0about IT, careers and anything else that catches his attention since 2005. You can follow him at\u00a0<a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Emergency Alert Systems at northern Michigan television stations sent out an fake emergency alert warning the UP of a zombie attack after being hacked.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3044,1544,1541,1542,67,1825,19,1538,209,4,1844,1537,1543],"class_list":["post-30702","post","type-post","status-publish","format-standard","hentry","category-security","tag-3044","tag-apocalypse","tag-eas","tag-emergency-alert-system","tag-hack","tag-marquette","tag-michigan","tag-northern-michigan-university","tag-password","tag-security","tag-weak","tag-wnmu","tag-zombie"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/30702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=30702"}],"version-history":[{"count":15,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/30702\/revisions"}],"predecessor-version":[{"id":130575,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/30702\/revisions\/130575"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=30702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=30702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=30702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}