Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Local Emergency Alert System Hacked, Warns Dead Rising From Graves 235

First time accepted submitter Rawlsian writes "Great Falls, Montana, television station KRTC issued a denial of an Emergency Alert System report that 'dead bodies are rising from their graves.' The denial surmises that 'someone apparently hacked into the Emergency Alert System...This message did not originate from KRTV, and there is no emergency.'"
This discussion has been archived. No new comments can be posted.

Local Emergency Alert System Hacked, Warns Dead Rising From Graves

Comments Filter:
  • by Anonymous Coward on Monday February 11, 2013 @10:29PM (#42867769)

    As we've seen, being a good white-hat and reporting the potential security is likely to result in you being prosecuted, and the fault being swept under the carpet.

    I tried that. I reported to a school that they put social security number together with full name, address etc on a html page, made it accessible without logging in and they transferred it without any encryption. It looked it they made a page for each student and then emailed the student in question the URL to their "personal page". I ended up talking to some lady, who went "only criminals would detect such flaws. You must be a hacker. I'm calling the police right away". They didn't dare to keep the page up when I kept a cool head and said I would report it for privacy violation if they didn't remove it.

    Two mysteries remains though:
    1: why send a mail with a personal link to a page containing only stuff, which could be written in the mail
    2: why send out "your daughter's name is.. and is born on ... and lives...". I kind of knew that even before they decided to tell me.

    Oh and in case you wonder. Their "security" is that the personal URL contained a hash value. Nobody would be able to guess a hash value and get info on a stranger, right?

  • Re:Let me guess... (Score:5, Interesting)

    by slimjim8094 ( 941042 ) <> on Tuesday February 12, 2013 @01:16AM (#42868567)

    Maybe that's what happened here. It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna and spoof the EAS message from whatever station it listens to for alerts.

  • Re:Hurry (Score:2, Interesting)

    by Nadaka ( 224565 ) on Tuesday February 12, 2013 @03:28AM (#42869025)

    yup. Last time I looked, I could only get 300 win mag. And I don't have any guns that take that.

    22LR and 5.56 are IMPOSSIBLE to find, and my personal stockpile is only 300 rounds for each of my rifles and barely over a hundred total for my pistols.

    It doesn't help any I don't like spending time around the conservatives who usually frequent gun shops.

  • by Dr. JJJ ( 325391 ) on Tuesday February 12, 2013 @03:44AM (#42869079)

    This hack is clearly an invocation of the Emergency Alert System []. The EAS is a hierarchically-organized digital message propagation system that has no authentication scheme for the vast majority of the nodes that participate in the network. Since every moderately-sized licensed broadcast radio and TV station in the United States is required to participate in the network, that is a lot of attackable nodes.

    The hierarchy is easy to exploit if you wish to spoof an alert on a specific station. All you need to know is the specific list of stations that your target listens to for alerts and a mobile radio transmitter that you can position relatively closely to your target's EAS receiving equipment. The list of "source" stations for your target is often public information, or can be deduced very easily. (Search for "<city> eas plan" in your favorite search engine.) The radio transmitter required is nothing more than a VHF two-way radio, which can often be a "modded" Amateur Radio which can transmit outside of the legal Amateur bands.

    • Step 1: Assemble an EAS alert on a computer using a little bit of code to generate the appropriate tones and an audio editor to stitch them together. The exact format is tricky, but the information is publicly available.
    • Step 2: Find your likely target's listening list. These are often listed as the "Local Primary" and "Local Secondary" stations in your target's metropolitan area. These, unfortunately, are hard to spoof because broadcast-band FM and AM transceivers are harder to get a hold of. Instead, look up the NOAA weather radio transmission frequencies in your target's area. These stations are often used as additional EAS sources by almost every broadcast station in the system, and they are easy to spoof with portable equipment.
    • Step 3: Put the spoof transmitter in a car and drive as close as possible to the target's published studio headquarters. Targets often place their receiving equipment in their primary studio locations.
    • Step 4: Put your transmitter into transmit mode and play back your spoofed alert. You need to remain nearby just long enough to complete the injection process. With a short message you only need about 60 seconds.
    • Step 5: Drive away. The automated relay system at your target will do the rest.

    Step 4 (transmission) is extremely easy, even with low-powered equipment (250mW). Because of your proximity and the FM Capture Effect [] you will have no problem overpowering the real source station without adversely affecting or alerting anyone outside a 1/2 mile radius.

    My guess is the attackers here did precisely this. They probably exploited this TV station by spoofing a local NOAA weather radio channel that the TV station was listening to for alerts.

  • Re:Let me guess... (Score:4, Interesting)

    by vlm ( 69642 ) on Tuesday February 12, 2013 @08:18AM (#42870041)

    It's by no means difficult (though highly, highly illegal) to point a few-dozen watt transmitter at the receiving antenna with a highly directional antenna

    Its a hell of a lot simpler just to get really close and use a "low" power omni. If "they've" got 1e4 times the power but you're 1e6 times closer, you do the math for who wins the FM capture effect battle. Rather like a cheap mp3 transmitter can override a 50 kilowatt broadcast transmitter, well, for 10 feet or so. You can imagine the range a 50 watt mobile has vs a 1000 watt NOAA/NWS transmitter. This is in the news fairly often. Most commonly someone transmits over the NOAA weather radio freqs this way using some old VHF-hiband mobiles (now there's a well thats running dry...) reprogrammed.

    Anybody who's ever written a SAME code decoder for weather radios or a SDR, or ever seriously considered it anyway, would not be very challenged by writing a SAME code encoder, in fact probably had to write one first, to test their decoder.

    I enjoy the comedic stories I read in the newspaper about this. Those are real hacks. Like announcing a blizzard in Florida in the summer, heat warning in the frozen north during the winter. If I were still an impulsive teen I'd probably be doing that kind of thing.

    However, the people who transmit sorta-plausible stuff intended to scare people are just jackasses. There's a fox news "joke" in there somewhere, or maybe not really a joke.

Disraeli was pretty close: actually, there are Lies, Damn lies, Statistics, Benchmarks, and Delivery dates.