Loading ...
Sorry, an error occurred while loading the content.

Re: [HDTV-in-SFbay] Fun With EAS [1 Attachment]

Expand Messages
  • Duke And Rat
    I move that everybody reset their password to: DUKE. Then nothing can go wrong! BD
    Message 1 of 3 , Feb 13 1:00 PM
    • 0 Attachment
      I move that everybody reset their password to: DUKE. Then nothing can go wrong!



      BD




      On Feb 13, 2013, at 12:33 PM, Larry Kenney wrote:

      > I just read the following article in a "TV Technology" email.
      >
      > Larry
      >
      > - - -
      >
      > FCC Issues Urgent EAS Advisory
      > Participants asked to change passwords
      >
      > WASHINGTON – The Federal Communications Commission is requiring all broadcast and cable operations to secure their Emergency Alert System equipment. The commission issued an urgent advisory yesterday after EAS systems were hacked at several stations and fake alerts about zombie invasions were transmitted. The EAS system was transitioned in recent years to an Internet Protocol format and a Common Alerting Protocol that makes it available to all manner of public-safety authorities, but also vulnerable to hacking.
      >
      > The FCC urged participants “to take immediate action to secure their CAP EAS equipment, including resetting passwords, and ensuring CAP EAS equipment is secured behind properly configured firewalls and other defensive measures. All CAP EAS equipment manufacturer models are included in this advisory.”
      >
      > The advisory directs “all broadcast and cable EAS participants… to take the following actions immediately:
      > 1. EAS participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts.
      >
      > 2. EAS participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.
      >
      > 3. EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.
      >
      > 4. If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device’s Ethernet connection until those settings have been updated.
      >
      > 5. EAS Participants that have questions about securing their equipment should consult their equipment manufacturer. The advisory is avalable at /portals/4/FCC Urgent EAS Advisory.pdf
      >
      > - - -
      >
      >
      > ------------------------------------
      >
      > Yahoo! Groups Links
      >
      >
      >
      >
      >
      > On Feb 13, 2013, at 12:07 PM, Duke And Rat wrote:
      >
      >> "Dead bodies are rising from the grave!"
      >>
      >> Hackers targeted EAS nationwide. First reports said it originated at KRTV. But apparently the "Zombie Attack" went nationwide.
      >>
      >> The FCC, FBI and several state and local law enforcement agencies are investigating what now appears to have been a widespread hack attack on the Emergency Alert System. The full extent of the attack isn’t yet clear, but several HD2 stations aired a bogus message about zombies. Engineers say the hackers apparently had a solid working knowledge of EAS.
      >>
      >> Bonneville director of engineering John Dehnel says the company’s Salt Lake City stations were one target. While it never made it to news-talk KSL (1160) — the LP1 station for the area — or its sister KSL-TV, the bizarre message was broadcast on the cluster’s three HD2 stations. Dehnel believes the culprit was EAS boxes that were left set to factory-installed default passwords to accommodate tech support crews. “We left the default password in and frankly I forgot about it — my guess is you’ll find everyone still had the default password on it,” he says.
      >>
      >> The Bonneville HD2 stations fired the bogus EAS messages about one hour before a Great Falls, MT television station that made headlines yesterday. Several other stations also aired a fake EAS message, including TV stations in Albuquerque and Marquette, MI. A radio station in Los Angeles apparently thwarted its attack. It’s possible other stations also broadcast the alert.
      >>
      >> Following Monday’s breach of the Emergency Alert System, tech manufacturers are scrambling to make sure there are no open security windows in their equipment. Monroe Electronics said its customers should change passwords and step up EAS’ security by putting the system behind a firewall.
      >>
      >> Hours before their fake EAS activation, Dehnel says Bonneville has been able to piece together that someone outside the U.S. was “probing around” in the middle of the night on its Dasdec boxes. Because of how the fake alert was created, such as using live codes, a duration time, and knowing how to send an audio cut, Dehnel is convinced the hackers know a lot about the inner-workings of EAS. “A normal hacker hitting that thing would not know how to do that,” he says.
      >>
      >> Rudman agrees. “It would require a little bit more expertise than the average hacker would have to do what appears to have happened,” he says.
      >>
      >> Besides blatantly bogus messages about a “zombie attack,” the message also told listeners to tune to 920 AM which Dehnel believes shows it was written for a market other than Salt Lake City. Bonneville has taken its box offline to preserve any data it may contain — data which could be used as evidence. Besides violating FCC rules, the hacker could face federal criminal charges.
      >>
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.