CAP EAS hack attack

Rumor mills rev up

The event is rapidly becoming infamous, and speculation is growing as the story spreads. As I began investigating this event, rumors abounded. Some are saying a few stations in New Mexico, California and Michigan were also affected. I’ve yet to see any reports, air checks or logging data to verify these stories other than KRTV. Part of the problem may have been that some other stations aired the video posted on YouTube as a news story or kicker.

As Darryl Parker, senior vice president at TFT suggested to me, airing of the clip including the header could trip more EAS receivers and confuse viewers. The story may be a bit stale by now, but make sure your newsroom doesn’t inadvertently become part of the story by airing this viral video. This is actually a violation of FCC Rules. CFR 47 11.45 says: "No person may transmit or cause to transmit the EAS codes or Attention Signal, or a recording or simulation thereof, in any circumstance other than in an actual National, State or Local Area emergency or authorized test of the EAS. Broadcast station licensees should also refer to §73.1217 of this chapter."

I contacted all the stations reported to have aired the zombie alert and am awaiting response, but I’m not holding my breath. What could anyone say other than something along the lines of, “I stepped off the curb and got hit by an unidentified bus?” Fact is that nobody at any station controls the installed CAP EAS monitoring and insertion equipment. On the other hand, as the FCC immediately advised, changing the password and ensuring an effective firewall is vital.

In these days of androids, iPhones and the like, a hacker doesn’t need a T-1 or a doctorate in computer science to hack into a system. Broadcasters have just been personally schooled in 21^stcentury cyber-threats. Fortunately, this reminder was somewhat innocuous. Clearly, however, call letters, tall towers and local celebrity make broadcasters an attractive target.