Forgot your password?
typodupeerror
Idle

Local Emergency Alert System Hacked, Warns Dead Rising From Graves 235

Posted by Unknown Lamer
from the brains-delicious-brains dept.
First time accepted submitter Rawlsian writes "Great Falls, Montana, television station KRTC issued a denial of an Emergency Alert System report that 'dead bodies are rising from their graves.' The denial surmises that 'someone apparently hacked into the Emergency Alert System...This message did not originate from KRTV, and there is no emergency.'"
This discussion has been archived. No new comments can be posted.

Local Emergency Alert System Hacked, Warns Dead Rising From Graves

Comments Filter:
  • Hurry (Score:5, Funny)

    by puddingebola (2036796) on Monday February 11, 2013 @09:31PM (#42867439) Journal
    Gotta get to the shopping mall. Stop at the sporting goods store and pick up some weapons and ammo. The zombies will feast on the easier targets for 30 days or so.
    • Re:Hurry (Score:4, Insightful)

      by rubycodez (864176) on Monday February 11, 2013 @09:39PM (#42867487)

      forget that 30 day urban legend. it's whether or not the Tall Man is still around. and give priority to shooting down flying chrome balls over zombies.

      "You think when you die, you go to heaven.......... You come to us! " -- the Tall Man

    • Time to get out the chainsaw and the sawed off shotgun!
    • by Anonymous Coward

      And remember not to run up stairs to escape them, leaving you stranded on the roof like EVERY FUCKING MOVIE IN EXISTANCE.

      • by Molochi (555357)

        But if you can get them up stairs withith you you can outrun them downstairs... Oh wait that's bears and cows. Zombies you just walk away from.

        I wanna do a movie where the survivors wear ripstop nylon (or something similar) to stop bites while they sleep and just out walk the zombies.

    • Re: (Score:3, Informative)

      by fizzer06 (1500649)
      All the stores are back-orderd on ammo.
      • Re: (Score:2, Interesting)

        by Nadaka (224565)

        yup. Last time I looked, I could only get 300 win mag. And I don't have any guns that take that.

        22LR and 5.56 are IMPOSSIBLE to find, and my personal stockpile is only 300 rounds for each of my rifles and barely over a hundred total for my pistols.

        It doesn't help any I don't like spending time around the conservatives who usually frequent gun shops.

    • typical. (Score:5, Funny)

      by frovingslosh (582462) on Monday February 11, 2013 @11:21PM (#42868013)
      First the undead rise from their graves. Then the establishment covers it up. And it's not a coincidence that there are shortages and limits on ammo.
      • Re:typical. (Score:5, Funny)

        by knorthern knight (513660) on Tuesday February 12, 2013 @01:40AM (#42868675)

        > First the undead rise from their graves. Then the establishment covers it
        > up. And it's not a coincidence that there are shortages and limits on ammo.

        Chinese infiltrators in the US government want zombies to survive, so that they can be enslaved into preparing food at Chinese restaurants... the project codename is "Dead Men Wokking".

    • Re:Hurry (Score:4, Insightful)

      by RubberDogBone (851604) on Tuesday February 12, 2013 @01:07AM (#42868527)

      Have you BEEN to gun store lately? There's few firearms available and damn near zero ammo, especially in common sizes like 9mm. All you will find are bare shelves -and if you do find some ammo, you better buy it. Don't even stop to look at the prices.

      About the only ammo easily in stock is shotgun shells and slugs. Everything else is gone the moment it hits the shelves. It's been this way since 2008, had gotten better but went to hell in a handbasket after Sandy Hook.

      • by Nadaka (224565)

        Guns are available if you are willing to pay a premium (retardedly so for AR or AK pattern rifles). Ammo though is horrifically hard to find unless you happen to have a gun in every conceivable caliber.

      • by gmhowell (26755)

        Not sure where you live, but even in MD, ammo has been trivially available from at least 2010 until shortly after Sandy Hook. And having just come back from South Carolina I can say, while the shelves aren't brimming, a bit of shopping around got my gf and I more than a bit of ammo.

        Yeah, still hardly any 5.56 though :(

    • by r33per (585447)
      OK. Let's take a moment to go over the Ground Rules:

      1. Cardio

      2. The Double Tap

      3. Beware of Bathrooms

      4. Seatbelts

      And find a kick-ass partner ASAP.

      Good night and good luck, Godspeed to you all...

    • While this is just a joke, one thing is dead wrong:

      In any case of big emergency, you should not head to common stores or malls, but to big warehouses that are usually outside towns/cities.

      Shopping malls have low supplies and require to be restocked fairly frequenctly. Most of food is low duration or requires refrigeration and you will run out of anything that can be reliably stored in few weeks (depending on amount of people who get same idea - and that amount is going to be very high).

      Big warehouses will h

  • Let me guess... (Score:4, Insightful)

    by eksith (2776419) on Monday February 11, 2013 @09:32PM (#42867449) Homepage
    Those systems that were never meant to go on the internet were somehow available on the internet? It's too bad some broadcast stations don't know when to air-gap
    • Re:Let me guess... (Score:5, Informative)

      by JJJJust (908929) <JJJJust@NOSPAm.gmail.com> on Monday February 11, 2013 @09:37PM (#42867471)

      If it was a Common Alerting Protocol-enabled system, it was entirely designed to be on the internet.

    • Re:Let me guess... (Score:4, Insightful)

      by ljw1004 (764174) on Monday February 11, 2013 @10:10PM (#42867653)

      You want to air-gap this system??!

      so that when an emergency makes it impossible to travel by road, then someone has to travel by road to key in an alert about it?

      • by Obfuscant (592200)

        so that when an emergency makes it impossible to travel by road, then someone has to travel by road to key in an alert about it?

        I dunno about other states, but I assume they are the same as here. We have a statewide network of stations who listen (via radio) to other stations to get their alert notifications. There are portal stations that get out-of-state alerts.

        I think it was done this way to avoid issues of network (internet) outages preventing notices from going out. Of course, the last major test was an utter fail -- except in the eyes of those who think that finding out that the system was a failure at actually notifying any

        • Re:Let me guess... (Score:5, Interesting)

          by slimjim8094 (941042) <[slashdot3] [at] [justconnected.net]> on Tuesday February 12, 2013 @01:16AM (#42868567)

          Maybe that's what happened here. It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna and spoof the EAS message from whatever station it listens to for alerts.

          • Re:Let me guess... (Score:4, Interesting)

            by vlm (69642) on Tuesday February 12, 2013 @08:18AM (#42870041)

            It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna

            Its a hell of a lot simpler just to get really close and use a "low" power omni. If "they've" got 1e4 times the power but you're 1e6 times closer, you do the math for who wins the FM capture effect battle. Rather like a cheap mp3 transmitter can override a 50 kilowatt broadcast transmitter, well, for 10 feet or so. You can imagine the range a 50 watt mobile has vs a 1000 watt NOAA/NWS transmitter. This is in the news fairly often. Most commonly someone transmits over the NOAA weather radio freqs this way using some old VHF-hiband mobiles (now there's a well thats running dry...) reprogrammed.

            Anybody who's ever written a SAME code decoder for weather radios or a SDR, or ever seriously considered it anyway, would not be very challenged by writing a SAME code encoder, in fact probably had to write one first, to test their decoder.

            I enjoy the comedic stories I read in the newspaper about this. Those are real hacks. Like announcing a blizzard in Florida in the summer, heat warning in the frozen north during the winter. If I were still an impulsive teen I'd probably be doing that kind of thing.

            However, the people who transmit sorta-plausible stuff intended to scare people are just jackasses. There's a fox news "joke" in there somewhere, or maybe not really a joke.

      • by eksith (2776419)
        If there's an emergency, I would sure hope there's a method to access it that doesn't involve a trudge through snow n' stuff, but at the same time, there ought to be someone on site if it's really important. If JJJJust is right and this is a Common Alerting Protocol system, then it should have been secured better. We just don't know what the system in question was that allowed access into the broadcast yet.
    • Re:Let me guess... (Score:5, Informative)

      by UnknownSoldier (67820) on Monday February 11, 2013 @10:37PM (#42867813)

      You don't need to be on the internet to have a "hack".

      i.e. The road sign hack was actually funny the first time. :-)
      https://www.google.com/search?q=l4d+road+sign+zombie+hack&tbm=isch [google.com]

      • by eksith (2776419)

        Ha! Priceless!

        See, this is further proof, if there's an input of any sort, it needs be secured. Either by lock and key or through proper admin filtering (that's not taking into account social engineering, but I don't think they've come up with filtering for human thought yet... unless TV counts).

    • by HiThere (15173)

      IIRC, there was a story about a "Zombie Apocalapse" test message that was to be used on that net. I think the idea was supposed to be that it was so clearly a test message, that nobody would think it anything else.

      This sounds like through some kind of glitch that message actually got released. There was probably no hacking involved.

    • Most local TV stations are already air gapped.

      Not the equipment. The air gap is usually between the ears of the anchor

  • by beanfeast (125905) on Monday February 11, 2013 @09:40PM (#42867497)

    Supposedly this is the capture of the hacked broadcast: http://www.youtube.com/watch?v=nc60XPCXrh8 [youtube.com]

  • Primitive Tech (Score:5, Informative)

    by rueger (210566) * on Monday February 11, 2013 @09:51PM (#42867573) Homepage
    It's been a few years since I worked down there, but EAS always seemed like pretty primitive tech. One of the last remaining bastions of serial printer ports as I recall. It is (or was a few years ago) ugly, annoying, tended to chop the ends off of messages, and many of the weather service alerts either were for somewhere entirely remote from us, or were so garbled that they were incomprehensible.

    I'm entirely unsurprised that it's easy to hack in to EAS.
    • It's all in-band signalling, right? What could possible go wrong.

    • by Cbs228 (596164)

      I recently built a decoder for EAS/SAME messages. You can read about the protocol it uses at the National Weather Service [noaa.gov]. Forget about cryptographic signatures; SAME has absolutely no concept of message integrity. There is no CRC or checksum—not even a lowly parity bit.

      Of course, it's difficult to use a checksum when you can't figure out when the message ends. Most systems use some kind of flag byte to tell the decoder where the end of the frame is, but SAME doesn't even have that. The decoder has to

  • yeah right (Score:5, Funny)

    by bitt3n (941736) on Monday February 11, 2013 @09:54PM (#42867587)

    This message did not originate from KRTV, and there is no emergency

    those are some wily zombies

  • Great... (Score:5, Funny)

    by runeghost (2509522) on Monday February 11, 2013 @10:07PM (#42867643)

    Now when the REAL zombie apocalypse arrives, everyone will assume it's just another prank...

    • by epyT-R (613989)

      too late.. all those zombie movies have already desensitized us.. we should ban all zombie movies! ...just in case.. you know, for the children?

  • by AbsoluteXyro (1048620) on Monday February 11, 2013 @10:30PM (#42867775)
    https://www.youtube.com/watch?v=I28e0IqIgPc [youtube.com] -- KRTV out of Great Falls, Montana.
  • by hessian (467078) on Monday February 11, 2013 @10:36PM (#42867803) Homepage Journal

    I think these gentle reminders about security are great and are part of the spirit of hacking.

    Which would the USA rather have: (a) goofball hackers create a zombie panic, or (b) our next enemy uses a coordinated attack to create actual panic?

    Reminds me of the infamous "War of the Worlds" broadcast by Orson Welles. [wikipedia.org]

  • When the Zombies do come, there's no real point in fighting or running, eventually they will win.
  • And tsk, tsk. What can I say, it's a battle between the young and the old internal geeks.

    I also note sadly to myself that my old geek would scold, while the current enforcement mindset would encourage terrorist charges. And also noting that the fact that I would even _think about that_ is fucking sad.

    • Guess my inner geek is still young, as I thought it was quite amusing, as was one comment to a YouTube video of the alert begging "please someone hack into Fox News to do this on Easter!"

  • by nigelo (30096) on Tuesday February 12, 2013 @12:16AM (#42868335)

    Amazing that this got through to the front page of /. in the same week that it happened!

    • Amazing that this got through to the front page of /. THE FIRST TIME in the same week that it happened!

      Fixed that for you.

  • by hyades1 (1149581) <hyades1@hotmail.com> on Tuesday February 12, 2013 @01:21AM (#42868593)

    Sounds like a test of the voting system the Republicans are planning to have in place for 2014. ;-)

    • by CAIMLAS (41445)

      Don't be silly. By 2014, there won't be any Republicans... only survivors.

      • by hyades1 (1149581)

        It's times like this I wish Slashdot had a slightly different thread setup. That remark deserves to be rated "ROFL", or something like that.

  • They're coming soon. Maybe you should think twice about opening the door.
  • by Dr. JJJ (325391) on Tuesday February 12, 2013 @03:44AM (#42869079)

    This hack is clearly an invocation of the Emergency Alert System [wikipedia.org]. The EAS is a hierarchically-organized digital message propagation system that has no authentication scheme for the vast majority of the nodes that participate in the network. Since every moderately-sized licensed broadcast radio and TV station in the United States is required to participate in the network, that is a lot of attackable nodes.

    The hierarchy is easy to exploit if you wish to spoof an alert on a specific station. All you need to know is the specific list of stations that your target listens to for alerts and a mobile radio transmitter that you can position relatively closely to your target's EAS receiving equipment. The list of "source" stations for your target is often public information, or can be deduced very easily. (Search for "<city> eas plan" in your favorite search engine.) The radio transmitter required is nothing more than a VHF two-way radio, which can often be a "modded" Amateur Radio which can transmit outside of the legal Amateur bands.

    • Step 1: Assemble an EAS alert on a computer using a little bit of code to generate the appropriate tones and an audio editor to stitch them together. The exact format is tricky, but the information is publicly available.
    • Step 2: Find your likely target's listening list. These are often listed as the "Local Primary" and "Local Secondary" stations in your target's metropolitan area. These, unfortunately, are hard to spoof because broadcast-band FM and AM transceivers are harder to get a hold of. Instead, look up the NOAA weather radio transmission frequencies in your target's area. These stations are often used as additional EAS sources by almost every broadcast station in the system, and they are easy to spoof with portable equipment.
    • Step 3: Put the spoof transmitter in a car and drive as close as possible to the target's published studio headquarters. Targets often place their receiving equipment in their primary studio locations.
    • Step 4: Put your transmitter into transmit mode and play back your spoofed alert. You need to remain nearby just long enough to complete the injection process. With a short message you only need about 60 seconds.
    • Step 5: Drive away. The automated relay system at your target will do the rest.

    Step 4 (transmission) is extremely easy, even with low-powered equipment (250mW). Because of your proximity and the FM Capture Effect [wikipedia.org] you will have no problem overpowering the real source station without adversely affecting or alerting anyone outside a 1/2 mile radius.

    My guess is the attackers here did precisely this. They probably exploited this TV station by spoofing a local NOAA weather radio channel that the TV station was listening to for alerts.

  • by golodh (893453) on Tuesday February 12, 2013 @06:10AM (#42869565)
    Think of it ... zombies don't need health insurance, retirement packages, dental care, medical care, or career prospects. And they're not taxed either.

    They also don't take bathroom breaks, don't need time off. Health and safety laws don't apply to them, they're genuinely American (don't forget to bring geo-coded picture of your personal grave), if one or two get caught up in machinery or drop from scaffolding no-one will ask inconvenient questions, and they will work for a few pounds of squishy matter a day that should be easy enough to obtain.

    Am I the only one who sees an opportunity here?

It's a poor workman who blames his tools.

Working...