Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Latest News
    • Networking

    Zombie Attack Warnings Broadcast After Emergency Alert System Hack

    Written by

    Wayne Rash
    Published February 17, 2013
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      People in Great Falls, Mont., on Feb. 11 were startled to hear the raucous tones on their radios and televisions of the nationwide Emergency Alert System followed by an alert telling them that the dead were rising from their graves and attacking the living.

      In other words, northern Montana was having the first recorded Zombie Apocalypse in the United States. At around the same time broadcast stations in Michigan and New Mexico aired similar warnings. Stations in other western states, including California, also received the warnings, but did not air them.

      The first station to air the emergency alert messages was KRTV in Great Falls, which later posted a statement that they’d had their emergency alert computers hacked. The emergency messages went out because they arrive in pre-recorded form directly into the computers that control the emergency announcements at each station and normally the station personnel don’t have a way to interrupt that.

      “We were hacked and we’re not proud of it,” Duane Ryan, director of programming at KENW, a public broadcasting station in Portales, N.M. Ryan said that the station had never changed the default user name and password from the manufacturer when they’d received their EAS computers. “We’ve changed them now,” he said.

      Ryan said that KENW follows a practice that many other broadcasting stations follow, and that is to tie their EAS alerts into other stations so that an alert from one is automatically picked up by the others. He said that the station is now making it possible for operators to intervene manually so that bogus alerts, zombie-related or not, can be killed before they’re broadcast.

      This particular series of intrusions took place at individual stations that had not updated their user names and passwords, which meant that it was very easy for the hackers to insert the bogus message into the system. However, it wasn’t universal. Ryan said that his station uses the same EAS computers for both its radio and television station, but that only the television station was hacked.

      The good news, if there is any, is that the national EAS network wasn’t affected. According to Dan Watson, a spokesman for the Federal Emergency Management Agency (FEMA), this was a localized event. “This appears to be a breach of security of a product used by some local broadcasters,” Watson said in an email to eWEEK. “FEMA’s integrated public alert and warning system was not breached or compromised and this had no impact on FEMA’s ability to activate the Emergency Alert System to notify the American public. FEMA will continue to support the FCC and other federal agencies looking into the matter.”

      Zombie Attack Warnings Broadcast After Emergency Alert System Hack

      The emergency alert systems that were affected are all connected by an Internet-based emergency communications network. Previously, emergency alert messages used a private landline network. A number of sources report that hackers have been using botnets to attempt to break into the emergency alert systems of broadcasting stations. The EAS system is normally used for weather emergencies, disasters and Amber alerts. It can also be used by the President to make a simultaneous announcement to everyone in the U.S.

      By now anyone who regularly reads this column is likely aware that I’ve written about failures in securing the critical infrastructure of the U.S and the federal government’s seeming inability to do anything about it. While the EAS isn’t specifically part of the critical infrastructure, it’s still critically important. The EAS is in fact the only way available to send emergency alerts to people in entire regions or throughout the U.S. But that only works when the system retains its integrity and when people believe what it says.

      While an emergency alert of a zombie attack is good for a few laughs and probably wasn’t taken seriously by most people, it’s still another step toward eroding the integrity of the EAS. While it didn’t originate from the part of the system controlled by the U.S. Department of Homeland Security, but rather from individual stations, the people who hear the alerts don’t know that. To them it initially sounded like a real emergency.

      Unfortunately, these problems are exacerbated by the fact that there are a lot of places where Internet connected computers are installed and maintained by people who are not IT professionals. These people, like the broadcast engineers who installed the EAS computers, really don’t know much about security nor do they understand how to protect the part of the national infrastructure with which they’re entrusted.

      Clearly better training would be a help, but it’s not a quick solution. Perhaps a better idea might be to adopt a practice that Cisco has been following for some time now with its Internet facing consumer products—default user names and passwords that are not standardized. If you’ve installed a Linksys router in the last few years, you’ll have noticed that the SSID (Service Set Identification) and passwords are made up and in the case of passwords are not something you’d find in a dictionary. What’s more, every router is different.

      Adopting such a process would cost manufacturers of Internet or public-facing equipment a little more because they’d have to revise their procedures. But it would add a lot of security to products that run in a world where people aren’t trained to be IT managers. The minor costs involved would be more than offset by not having to worry about reports of bogus zombie attacks.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.