Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Emergency Alert System
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Cybersecurity breaches === EAS equipment has been the subject of various [[Cyberattack|cyberattacks]], caused primarily by participants using insecure or factory default passwords on their encoders and decoders, and outdated software containing [[Patch (computing)|unpatched]] [[Vulnerability (computing)|vulnerabilities]]. On multiple occasions, federal government departments have warned that failure to employ secure passwords and keep software updated made EAS equipment vulnerable to such attacks, which could result in disruptions such as false alerts.<ref>{{cite web |last=Goodin |first=Dan |date=2022-08-05 |title="Huge flaw" threatens US emergency alert system, DHS researcher warns |url=https://arstechnica.com/information-technology/2022/08/huge-flaw-threatens-us-emergency-alert-system-dhs-researcher-warns/ |access-date=2022-08-06 |website=Ars Technica |language=en-us |archive-date=August 6, 2022 |archive-url=https://web.archive.org/web/20220806035649/https://arstechnica.com/information-technology/2022/08/huge-flaw-threatens-us-emergency-alert-system-dhs-researcher-warns/ |url-status=live }}</ref><ref name=":8" /><ref name=":9" /><ref name=":10" /> * In February 2013, the EAS equipment of several stations in [[Great Falls, Montana]] and [[Marquette, Michigan]] [[2013 Emergency Alert System hijackings|were breached]] to play a false alert allegedly warning of a [[zombie apocalypse]], using the lines "Civil authorities in your area have reported that the bodies of the dead are rising from the graves and attacking the living". It was identified that the attack had come from an "overseas" source. Furthermore, the broadcasters had neglected to change the factory default logins or passwords on their equipment. Because of this, the FCC, FEMA, equipment manufacturers, as well as trade groups, including the [[Michigan Association of Broadcasters]], urged broadcasters to change their passwords and to recheck their security measures.<ref>{{cite web | url=http://www.mlive.com/news/index.ssf/2013/02/zombie_apocalypse_now_michigan.html | title=Zombie apocalypse now? Michigan TV stations' Emergency Alert Systems hacked with notice of walking dead | date=February 12, 2013 | website=Mlive.com | access-date=February 12, 2013 | archive-url=https://web.archive.org/web/20130214013017/http://www.mlive.com/news/index.ssf/2013/02/zombie_apocalypse_now_michigan.html | archive-date=February 14, 2013 | url-status=live }}</ref><ref>{{cite web|url=https://www.radioworld.com/industry/wzzy-hacked-broadcasts-zombie-warning-in-indiana|title=WZZY Hacked, Broadcasts Zombie Warning in Indiana|date=March 3, 2017|website=Radio World|language=en-US|access-date=August 8, 2019|archive-url=https://web.archive.org/web/20190808174947/https://www.radioworld.com/industry/wzzy-hacked-broadcasts-zombie-warning-in-indiana|archive-date=August 8, 2019|url-status=live}}</ref><ref>{{cite web|url=https://www.usatoday.com/story/news/nation/2013/02/13/police-believe-zombie-hoax-attacks-linked/1915921/|title=Police say Mont. TV zombie hoax likely linked to others|website=USA Today|language=en|access-date=August 8, 2019|archive-url=https://web.archive.org/web/20190808174947/https://www.usatoday.com/story/news/nation/2013/02/13/police-believe-zombie-hoax-attacks-linked/1915921/|archive-date=August 8, 2019|url-status=live}}</ref><ref name=":8">{{cite news|url=https://www.chicagotribune.com/business/ct-xpm-2013-02-14-chi-zombie-hack-blamed-on-easy-passwords-20130214-story.html|title=Zombie hack blamed on easy passwords|agency=Reuters|website=chicagotribune.com|language=en-US|access-date=August 8, 2019|archive-url=https://web.archive.org/web/20190808193235/https://www.chicagotribune.com/business/ct-xpm-2013-02-14-chi-zombie-hack-blamed-on-easy-passwords-20130214-story.html|archive-date=August 8, 2019|url-status=live}}</ref><ref name=":9">{{cite web|url=https://www.npr.org/sections/thetwo-way/2013/02/12/171814715/zombie-alert-also-aired-in-michigan-hacking-traced-to-overseas-source|title='Zombie Alert' Also Aired In Michigan; Hacking Traced To Overseas Source|website=NPR.org|date=February 12, 2013|language=en|access-date=August 8, 2019|archive-url=https://web.archive.org/web/20190808174945/https://www.npr.org/sections/thetwo-way/2013/02/12/171814715/zombie-alert-also-aired-in-michigan-hacking-traced-to-overseas-source|archive-date=August 8, 2019|url-status=live|last1=Memmott|first1=Mark}}</ref> ** In a related incident, [[WIZM-FM]] in [[La Crosse, Wisconsin]] accidentally triggered the EAS on television station [[WKBT-DT]] by airing a recording of the false message during its morning show. The relayed audio included the hosts' reactions and laughter to the clip.<ref>{{cite web|url=https://lacrossetribune.com/news/local/tv-zombie-attack-warning-a-false-alarm/article_96312830-759f-11e2-bb49-0019bb2963f4.html|title=TV zombie-attack warning a false alarm|last=Hubbuch|first=Chris|website=La Crosse Tribune|date=February 13, 2013 |language=en|access-date=August 8, 2019|archive-url=https://web.archive.org/web/20190808174946/https://lacrossetribune.com/news/local/tv-zombie-attack-warning-a-false-alarm/article_96312830-759f-11e2-bb49-0019bb2963f4.html|archive-date=August 8, 2019|url-status=live}}</ref> * On February 28, 2017, [[WZZY]] in [[Winchester, Indiana]] was hijacked in a nearly identical manner, playing the same "dead bodies" audio from the February 2013 incidents. The incident prompted a public response from the Randolph County Sheriff's Department clarifying that there was no actual emergency.<ref>{{cite web|url=http://fox59.com/2017/03/01/hackers-take-over-randolph-county-radio-stations-alert-system-send-out-messages-about-fake-zombie-attack/|title=Hackers take over Randolph County radio station's alert system, send out messages about fake zombie attack|work=Fox59.com|date=March 1, 2017|access-date=March 9, 2017|archive-url=https://web.archive.org/web/20170308021407/http://fox59.com/2017/03/01/hackers-take-over-randolph-county-radio-stations-alert-system-send-out-messages-about-fake-zombie-attack/|archive-date=March 8, 2017|url-status=live}}</ref><ref>{{cite web|url=http://www.wcpo.com/news/state/state-indiana/hacked-radio-station-reports-zombie-attack-and-disease-outbreak-in-randolph-county-indiana|title=WZZY 98.3FM zombie outbreak: Hacked radio station reports zombie attack in Randolph County, Indiana|first=PJ|last=O'Keefe|work=WCPO.com|date=March 3, 2017|access-date=March 9, 2017|archive-url=https://web.archive.org/web/20170309033751/http://www.wcpo.com/news/state/state-indiana/hacked-radio-station-reports-zombie-attack-and-disease-outbreak-in-randolph-county-indiana|archive-date=March 9, 2017|url-status=live}}</ref> * In January 2020, ''Security Ledger'' published an investigation finding that at least 50 EAS decoders by Digital Alert Systems had not been patched for a security vulnerability (use of a shared [[Secure Shell|SSH]] [[Public-key cryptography|key]]) found by [[IOActive]] in 2013.<ref name=":10">{{cite web|url=https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/|title=Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable|date=January 27, 2020|website=The Security Ledger|language=en-US|access-date=January 29, 2020|archive-url=https://web.archive.org/web/20200129041238/https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/|archive-date=January 29, 2020|url-status=live}}</ref> * On February 20, 2020, the EAS equipment of [[Washington (state)|Washington]]-based provider [[Wave Broadband]] was hijacked, causing approximately 3,000 customers in [[Jefferson County, Washington|Jefferson County]] to receive several false alerts (including a "Radiological Hazard Warning"), which contained irrelevant and comedic messages (including one suggesting that the provider change its passwords) and alert audio referencing [[internet meme]]s and [[Twitch (service)|Twitch]] streamer [[Vinesauce]] (who was unaffiliated with this breach).<ref>{{cite web|title=Wave cable meme hack affects 3,000 Jefferson County residents|url=https://www.ptleader.com/stories/wave-cable-meme-hack-affects-3000-jefferson-county-residents,68027|url-status=live|archive-url=https://web.archive.org/web/20200406174429/https://www.ptleader.com/stories/wave-cable-meme-hack-affects-3000-jefferson-county-residents,68027|archive-date=April 6, 2020|access-date=April 6, 2020|website=Port Townsend Leader|date=February 26, 2020 |language=en}}</ref><ref>{{cite web|last=Johnson|first=Graham|title=Hackers target cable TV alert system and send false messages|url=https://www.kiro7.com/news/local/false-alert-indicating-radiological-incident-appeared-tv-jefferson-county/KJI2SNVTZBE6DAOMYWFOQK47SM/|access-date=July 26, 2020|website=KIRO|date=February 22, 2020|language=en-US|archive-date=June 8, 2020|archive-url=https://web.archive.org/web/20200608225614/https://www.kiro7.com/news/local/false-alert-indicating-radiological-incident-appeared-tv-jefferson-county/KJI2SNVTZBE6DAOMYWFOQK47SM/|url-status=live}}</ref> On March 2 and 3, 2020, a legitimate Required Monthly Test was displayed with a message ("AIGHT IM DONE U CAN REST NOW. MR GERDE WAS HERE") that had also appeared in the hijack: a company official stated that this was a remnant of the attack that had not yet been removed.<ref>{{cite web|url=https://www.ptleader.com/stories/wave-false-alert-remains-mystery-after-residual-message-airs-again,68246|title=Wave false alert remains mystery after 'residual' message airs again|website=Port Townsend Leader|date=March 11, 2020 |language=en|access-date=April 6, 2020|archive-url=https://web.archive.org/web/20200406174433/https://www.ptleader.com/stories/wave-false-alert-remains-mystery-after-residual-message-airs-again,68246|archive-date=April 6, 2020|url-status=live}}</ref><ref>{{cite web|url=https://www.king5.com/article/news/local/no-emergency-false-alert-over-radiological-incident-sent-by-jefferson-county/281-568c86b3-8aae-4df0-b3b3-5dd4c800e0e8|title=False TV alert over 'radiological hazard' concerns Washington emergency officials|website=[[KING-TV|KING5.com]]|date=February 21, 2020|access-date=April 6, 2020|archive-url=https://web.archive.org/web/20200327050956/https://www.king5.com/article/news/local/no-emergency-false-alert-over-radiological-incident-sent-by-jefferson-county/281-568c86b3-8aae-4df0-b3b3-5dd4c800e0e8|archive-date=March 27, 2020|url-status=live}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)