blit1423

UPDATED: Hackers transmit zombie alerts over EAS in Great Falls and Michigan

UPDATE: The Great Falls Tribune has posted a story with more details and which also mentions the Michigan hacks. Reporter Michael Beall spoke with the manager of the Michigan ABC station I mentioned in my post, who said authorities there have identified a suspect in at least one of the hacking incidents there.

Beall’s story also contains a statement from an MTN executive in Bozeman who basically says that the Great Falls incident is still being investigated. Make sure to read Beall’s story for the interviews and follow-up, including how Great Falls police are currently treating this as a prank or joke and not something more serious.


It’s possible that if you’ve been living under a screen-free rock that you haven’t heard about this. Possible, but unlikely.

Yesterday, KRTV in Great Falls had its emergency alert system hacked, resulting in an EAS broadcast telling daytime television viewers that corpses were rising from their graves and attacking the living.

The Great Falls Tribune reports that the broadcast, which aired during the Steve Wilkos show, prompted several concerned calls to police. It also prompted what I am declaring the best police quote of the year, from GFPD Lt. Shane Sorenson:

“We can report in the city, there have been no sightings of dead bodies rising from the ground.”

KRTV has been mum about the incident, which has been reported widely online from Gawker to NPR. The station’s Facebook page contains no mention of the hack — apart from messages posted by users, and the notice apologizing for the bogus broadcast is not listed in the stream of stories on the KRTV website (though it is still reachable by clicking on the most popular stories lists).

The station’s sole communique about the matter has been to say that its engineers are investigating. KRTV referred a call from the Associated Press to a Montana Television Network executive in Bozeman named Jon Saunders, who did not return the AP’s call.

Interestingly, Great Falls viewers weren’t the only ones to see the zombie message (you know, apart from the thousands who have watched clips on YouTube).

Hackers also broke into ABC and PBS affiliates in Marquette, Mich. The hoax aired in the afternoon on WNMU and during prime time on WBUP.

WBUP’s message about the hacking is here. The station mentions that similar hacks happened at several other stations, but I’ve not been able to find any reference to other hacks yesterday apart from those in Michigan and Montana. Let me know if you know of any more.

For background, the Emergency Alert System was first put into service back in 1997, replacing the old Emergency Broadcast System. It is designed to give the president, or whomever he designates, the ability to broadcast to the American public during a national emergency, though local authorities can also activate the EAS to deliver smaller scale emergency information. Apart from a test in 2011, the national EAS system has never been used.

FCC regulations say that all broadcast stations must install EAS decoders, that monitor the signals from at least two other, nearby broadcast stations for EAS messages. Stations must also keep logs of all tests and messages, according to the Wikipedia article on the subject. Stations can buy their EAS equipment from a number of certified vendors.

Messages are broadcast using a network called IPAWS-OPEN using what’s called the Common Alerting Protocol (CAP). CAP alerts from authorized public officials are distributed to the EAS systems via the EAS CAP feed, which travels over the Internet.

Notes on the Federal Emergency Management Agency’s website say CAP-based systems are not meant to replace over-the-air methods of monitoring for EAS alerts. Rather, the Internet-based solution is meant to supplement and provide redundancy.

FEMA says that because CAP is a digital system, it does not suffer from signal degradation and that signals are available to decoders within seconds.

In 2004, computer security writer Kevin Poulsen wrote that the U.S. Emergency Alert System was vulnerable to hacking.

Poulsen’s SecurityFocus blog reported that the EAS was built without “basic authentication mechanisms” and that it was “activated locally by unencrypted low-speed modem transmissions over public airwaves.”

Poulsen goes on:

That places radio and television broadcasters and cable TV companies at risk of being fooled by spoofers with a little technical know-how and some off-the-shelf electronic components. Under FCC regulations, unattended stations must automatically interrupt their broadcasts to forward alerts, making it possible for even blatantly false information to be forwarded without first passing human inspection.

The FCC confirmed this in a 2004 order, in which it wrote that the EAS’s Internet-based systems could be subjected to denial of service attacks and “when a station is operating unattended, no one is available on-site to intervene should an unauthorized seizure occur.”

Further, the FCC wrote:

There is also concern about physical security and unauthorized use of the system at state and local EAS activation sites. Although Commission-certified EAS encoders have the capability for password protection, it is up to each station and cable system to implement sufficient security and there is no way of knowing which stations use password security.

In 2011, an ABC station in San Francisco reported that a convicted hacker called “Jake” had detailed plans to exploit gaps in the EAS.

“There’s no authentication, there’s no encryption, there’s no passwords, there’s nothing that is required to send what would appear to be a valid message,” he told investigative reporter Dan Noyes.

From the ABC story:

Jake’s plan almost sounds too simple. He’s written a software program to generate those familiar squawks you hear that activate the Emergency Alert System. He has figured out the authorization codes and radio frequencies from documents published by the government online. All he has to do is drive to a location near an EAS receiver and take out his gear, without being spotted.

There is even a YouTube video from the DEFCON hacker conference taking you deep into the innards of how the EAS works.

A former engineer Noyes spoke to said the tendency of smaller TV stations to be unmanned for at least some portion of the business day opens up even more vulnerability to hackers because there is simply no one there to stop an unofficial EAS broadcast.