CAP EAS hack attack

A hacker may have done the industry, and perhaps the country, a favor on Monday, Feb. 11. That’s the day someone hacked and took control of the CAP EAS system at KRTV Great Falls, MT. The station aired what would have appeared as a standard EAS test or alert, beginning with the familiar and purposely annoying header tones and a top-of-screen crawl. What followed next was an audio message saying “Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages on screen that will be updated as information becomes available. Do not attempt to approach or apprehend these bodies as they are considered extremely dangerous.”

On Tuesday, Feb. 12, the FCC issued the following advisory to EAS participants, and manufacturers of EAS insertion equipment distributed the advisory to known customers and those who registered for e-mail from CAP EAS encoding/decoding equipment manufacturers, or have requested support from CAP EAS encoding/decoding equipment manufacturers in the past:

From the FCC, February 12, 2013. Urgent Advisory: Immediate actions to be taken regarding CAP EAS device security.

All EAS Participants are required to take immediate action to secure their CAP EAS equipment, including resetting passwords and ensuring CAP EAS equipment is secured behind properly configured firewalls and other defensive measures. All CAP EAS equipment manufacturer models are included in this advisory.

All Broadcast and Cable EAS Participants are urged to take the following actions immediately

1. EAS Participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts.

2. EAS Participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.

3. EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.

4. If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device’s Ethernet connection until those settings have been updated.

5. EAS Participants that have questions about securing their equipment should consult their equipment manufacturer.

Later the same day, probably not coincidentally, President Obama issued an executive order and a related presidential policy directive to strengthen America’s cyber security.