Local Emergency Alert System Hacked, Warns Dead Rising From Graves 235
First time accepted submitter Rawlsian writes "Great Falls, Montana, television station KRTC issued a denial of an Emergency Alert System report that 'dead bodies are rising from their graves.' The denial surmises that 'someone apparently hacked into the Emergency Alert System...This message did not originate from KRTV, and there is no emergency.'"
Re:find him, prosecute him (Score:2, Interesting)
As we've seen, being a good white-hat and reporting the potential security is likely to result in you being prosecuted, and the fault being swept under the carpet.
I tried that. I reported to a school that they put social security number together with full name, address etc on a html page, made it accessible without logging in and they transferred it without any encryption. It looked it they made a page for each student and then emailed the student in question the URL to their "personal page". I ended up talking to some lady, who went "only criminals would detect such flaws. You must be a hacker. I'm calling the police right away". They didn't dare to keep the page up when I kept a cool head and said I would report it for privacy violation if they didn't remove it.
Two mysteries remains though: ... and lives...". I kind of knew that even before they decided to tell me.
1: why send a mail with a personal link to a page containing only stuff, which could be written in the mail
2: why send out "your daughter's name is.. and is born on
Oh and in case you wonder. Their "security" is that the personal URL contained a hash value. Nobody would be able to guess a hash value and get info on a stranger, right?
Re:Let me guess... (Score:5, Interesting)
Maybe that's what happened here. It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna and spoof the EAS message from whatever station it listens to for alerts.
Re:Hurry (Score:2, Interesting)
yup. Last time I looked, I could only get 300 win mag. And I don't have any guns that take that.
22LR and 5.56 are IMPOSSIBLE to find, and my personal stockpile is only 300 rounds for each of my rifles and barely over a hundred total for my pistols.
It doesn't help any I don't like spending time around the conservatives who usually frequent gun shops.
Likely attack vector: NOAA weather radio (Score:5, Interesting)
This hack is clearly an invocation of the Emergency Alert System [wikipedia.org]. The EAS is a hierarchically-organized digital message propagation system that has no authentication scheme for the vast majority of the nodes that participate in the network. Since every moderately-sized licensed broadcast radio and TV station in the United States is required to participate in the network, that is a lot of attackable nodes.
The hierarchy is easy to exploit if you wish to spoof an alert on a specific station. All you need to know is the specific list of stations that your target listens to for alerts and a mobile radio transmitter that you can position relatively closely to your target's EAS receiving equipment. The list of "source" stations for your target is often public information, or can be deduced very easily. (Search for "<city> eas plan" in your favorite search engine.) The radio transmitter required is nothing more than a VHF two-way radio, which can often be a "modded" Amateur Radio which can transmit outside of the legal Amateur bands.
Step 4 (transmission) is extremely easy, even with low-powered equipment (250mW). Because of your proximity and the FM Capture Effect [wikipedia.org] you will have no problem overpowering the real source station without adversely affecting or alerting anyone outside a 1/2 mile radius.
My guess is the attackers here did precisely this. They probably exploited this TV station by spoofing a local NOAA weather radio channel that the TV station was listening to for alerts.
Re:Let me guess... (Score:4, Interesting)
It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna
Its a hell of a lot simpler just to get really close and use a "low" power omni. If "they've" got 1e4 times the power but you're 1e6 times closer, you do the math for who wins the FM capture effect battle. Rather like a cheap mp3 transmitter can override a 50 kilowatt broadcast transmitter, well, for 10 feet or so. You can imagine the range a 50 watt mobile has vs a 1000 watt NOAA/NWS transmitter. This is in the news fairly often. Most commonly someone transmits over the NOAA weather radio freqs this way using some old VHF-hiband mobiles (now there's a well thats running dry...) reprogrammed.
Anybody who's ever written a SAME code decoder for weather radios or a SDR, or ever seriously considered it anyway, would not be very challenged by writing a SAME code encoder, in fact probably had to write one first, to test their decoder.
I enjoy the comedic stories I read in the newspaper about this. Those are real hacks. Like announcing a blizzard in Florida in the summer, heat warning in the frozen north during the winter. If I were still an impulsive teen I'd probably be doing that kind of thing.
However, the people who transmit sorta-plausible stuff intended to scare people are just jackasses. There's a fox news "joke" in there somewhere, or maybe not really a joke.