Attacks/Breaches
2/12/2013
08:52 AM
50%
50%

Zombie Alert Hoax: Emergency Broadcast System Hacked

Bodies of the dead are rising from their graves, warns CBS affiliate. News at 10.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
Emergency alert: zombies are rising up in Montana.

"Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages onscreen that will be updated as information become available. Do not attempt to approach or apprehend these bodies as they are considered extremely dangerous."

That Emergency Alert System (EAS) voiceover warning, preceded by the standard, staccato EAS attention signal, ran Monday afternoon on CBS affiliate television station KRTV in Great Falls, Mont. The EAS warning interrupted a broadcast of "The Steve Wilkos Show" devoted to teen cheaters.

Signs of an apparent zombie apocalypse to the contrary, KRTV later that day released a statement confirming that a bogus message had been transmitted via its EAS equipment. "Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that there was an emergency in several Montana counties," according to the statement. "This message did not originate from KRTV, and there is no emergency. Our engineers are investigating to determine what happened and if it affected other media outlets."

Local police likewise said there was no emergency. "We can report in the city, there have been no sightings of dead bodies rising from the ground," Lt. Shane Sorensen of the Great Falls Police Department told the Great Falls Tribune -- admittedly, with a laugh.

[ Do zombies know how to use computers? Read Uncertain State Of Cyber War. ]

"We had four calls checking to see if it was true. And then I thought, Wait. What if?" Sorenson said. But he noted that KRTV hadn't contacted the police department to report the incident or request an investigation, and said it's unclear what penalties someone might face for hacking a television station's EAS.

The zombie story was spotted by journalism watcher Jim Romenesko, and no doubt zombies rank high in the cultural zeitgeist, as the Emmy Award winning The Walking Dead mid-season premiere Sunday night set a series and basic cable record by drawing 12.3 million viewers.

Accordingly, might the prank may have been a promo for either The Walking Dead, or horror-romcom Warm Bodies? That was the suggestion made by The Register, which noted that the EAS hack clearly tops the 2012 hack of highway signs in Portland, Maine, to read: "Warning Zombies Ahead!"

At the time, a Portland city spokeswoman told Portland Press Herald that whoever broadcast the zombie warning could face misdemeanor charges of "tampering with a safety device," which includes penalties of up to a year in jail and a $1,000 fine.

But tampering with signs to display zombie warnings was already a meme. Indeed, the first zombie-related highway sign tampering incident appears to have been in Austin, Texas, in 2009, reported Portland Press Herald. Similar warnings later appeared on highway signs in Washington, Illinois and New York.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
2/12/2013 | 7:28:55 PM
re: Zombie Alert Hoax: Emergency Broadcast System Hacked
Now that's just funny!
jc
50%
50%
jc,
User Rank: Apprentice
2/12/2013 | 8:35:23 PM
re: Zombie Alert Hoax: Emergency Broadcast System Hacked
I have also seen a "Caution Zombies Ahead" sign in San Francisco recently, and according to the CDC, it's only a matter of time: http://www.cdc.gov/phpr/zombie...
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
2/13/2013 | 5:16:26 AM
re: Zombie Alert Hoax: Emergency Broadcast System Hacked
I guess that FEMA hasn't worked out the bugs, even since the November 2011 calamity. Although, given the show content, I'd have to wonder if people were actually expecting a warning about zombies or if they would have preferred being switched over to a shopping network or a music video channel showing a Lady GaGa video.

Going to make for some interesting questions at the next IPAWS meeting, that's for sure. :)

Andrew Hornback
InformationWeek Contributor
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
2/13/2013 | 5:31:17 PM
re: Zombie Alert Hoax: Emergency Broadcast System Hacked
Oh, wake up, people. They only want you to think it was a hoax.

Jim Donahue
Copy Chief
InformationWeek
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/19/2013 | 7:06:53 AM
re: Zombie Alert Hoax: Emergency Broadcast System Hacked
I had to chuckle when I read this, a public service announcement about zombies and people bought it. I also find it amusing that if convicted their perpetrators only misdemeanor charges along with a measly $1000 fine. I thought that if the organizations do not change the default settings on these devices then they could be easily hacked. This has been going on for years and apparently it is still going on today.

Paul Sprague
InformationWeek Contributor
anon3846919518
50%
50%
anon3846919518,
User Rank: Apprentice
7/8/2013 | 4:26:20 PM
re: Zombie Alert Hoax: Emergency Broadcast System Hacked
Wasn't one of those mobile roadside alert signs hacked with "Zombies Ahead" a few years ago, or was that just a good photoshop job? Either way, this whole zombie apocalypse thing is just annoying. I think you can actually sign up for zombie alerts here. http://www.alertbroadcast.com, but I don't know if you'll actually need them...BECAUSE ZOMBIES DON'T EXIST!
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.