People in Great Falls, Mont., on Feb. 11 were startled to hear the raucous tones on their radios and televisions of the nationwide Emergency Alert System followed by an alert telling them that the dead were rising from their graves and attacking the living.
In other words, northern Montana was having the first recorded Zombie Apocalypse in the United States. At around the same time broadcast stations in Michigan and New Mexico aired similar warnings. Stations in other western states, including California, also received the warnings, but did not air them.
The first station to air the emergency alert messages was KRTV in Great Falls, which later posted a statement that they’d had their emergency alert computers hacked. The emergency messages went out because they arrive in pre-recorded form directly into the computers that control the emergency announcements at each station and normally the station personnel don’t have a way to interrupt that.
“We were hacked and we’re not proud of it,” Duane Ryan, director of programming at KENW, a public broadcasting station in Portales, N.M. Ryan said that the station had never changed the default user name and password from the manufacturer when they’d received their EAS computers. “We’ve changed them now,” he said.
Ryan said that KENW follows a practice that many other broadcasting stations follow, and that is to tie their EAS alerts into other stations so that an alert from one is automatically picked up by the others. He said that the station is now making it possible for operators to intervene manually so that bogus alerts, zombie-related or not, can be killed before they’re broadcast.
This particular series of intrusions took place at individual stations that had not updated their user names and passwords, which meant that it was very easy for the hackers to insert the bogus message into the system. However, it wasn’t universal. Ryan said that his station uses the same EAS computers for both its radio and television station, but that only the television station was hacked.
The good news, if there is any, is that the national EAS network wasn’t affected. According to Dan Watson, a spokesman for the Federal Emergency Management Agency (FEMA), this was a localized event. “This appears to be a breach of security of a product used by some local broadcasters,” Watson said in an email to eWEEK. “FEMA's integrated public alert and warning system was not breached or compromised and this had no impact on FEMA’s ability to activate the Emergency Alert System to notify the American public. FEMA will continue to support the FCC and other federal agencies looking into the matter.”