2013 Emergency Alert System hijackings explained

On February 11, 2013, the Emergency Alert System of five different television stations across the U.S. states of Montana, Michigan, Wisconsin, and New Mexico were hijacked, interrupting each television broadcast with a Local area emergency message warning viewers of a zombie apocalypse. The message was subsequently declared as a hoax by local authorities and was reported to be a result of hackers gaining access to the Emergency Alert System equipment of various television stations.^{[1] [2] [3] [4] [5]}

The first incident took place in Great Falls, Montana, during an afternoon airing of The Steve Wilkos Show on CBS affiliate television station KRTV. The television signal was abruptly interrupted by an audible Local area emergency alert reading "Local authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living". Later the same day the stations of CBS affiliate WKBT-DT, ABC affiliate WBUP, and PBS member station WNMU in Marquette, Michigan, and La Crosse, Wisconsin, respectively, had their Emergency Alert System hijacked, transmitting a similar "Zombie Apocalypse" alert during their primetime programming hours. Not long afterwards, the television broadcasts of PBS affiliate KENW in Portales, New Mexico were also interrupted by the false alert. The hijackers were later apprehended by authorities shortly after the incident.^{[6] [7]}

Just two days after the initial hijackings on February 13, 2013, a morning show on WIZM-FM in La Crosse aired an audio recording from the hoax alert, which triggered WKBT-DT's Emergency Alert System once more, relaying the message over the television station's broadcast signals. On February 28, 2017, radio station WZZY in Winchester, Indiana, had their emergency alert equipment hijacked in an almost identical manner using the same "zombie apocalypse" hoax audio message as the one used in the incidents in 2013.^{[8] [9] [10]}

CBS, ABC, and PBS hardware engineers who investigated the initial incidents reported that the hijackers likely gained access to the Emergency Alert Systems through a variety of weaknesses in the various station's emergency alert equipment, including a vulnerability in the machine's authentication bypass security and the usage of default passwords that were listed on online user manuals.^[11]

Hijackings

All five emergency alert hijackings took place on February 11, 2013, in Great Falls, Montana, Marquette, Michigan, La Crosse, Wisconsin, and Portales, New Mexico. The hijackings primarily compromised the television stations of KRTV, WKBT-DT, WBUP, WNMU, and KENW; however, the incident also led to stations ABC10 and its sister station CW 5 to disconnect their networks from the EAS system to prevent further intrusions. WKBT-DT was also struck again with the same hoax alert only two days after the initial incidents after a morning show on WIZM-FM triggered WKBT's Emergency Alert System. In February 2017, radio station WZZY in Randolph County, Indiana, was also hijacked with an identical "zombie apocalypse" EAS alert as the ones in 2013.^{[12] [13]}

KRTV

On the afternoon of February 11, 2013, at approximately 2:30 to 2:33 pm MST, an airing of The Steve Wilkos Show on KRTV's channels 1 and 2 was suddenly interrupted by a false Local area emergency alert transmitted by KRTV's Emergency Alert System after the system was hijacked via access to the television stations emergency alert equipment. Following the signal interruption, viewers were met with an audible message that read:^{[14] [15] [16] [17]} The Emergency Area Alert warned viewers of "bodies from the dead" in the areas surrounding Powell, Broadwater, Jefferson, and Lewis & Clark counties. Not long after the broadcast was transmitted, local authorities declared the alert as a hoax.^[18] The audio was later discovered to have been taken directly from a 2008 YouTube video titled "Zombie Emergency Alert System Warning (EAS)". The first sentence of the audio was also used in an Anthrax song, Fight 'Em 'Til You Can't.

WKBT-DT, WBUP, WNMU

The second hijacking took place in Marquette, Michigan, and La Crosse, Wisconsin, when the Emergency Alert System for the television stations of WKBT-DT in La Crosse, and WBUP and WNMU in Marquette at approximately 3:55 pm MST, were hacked, interrupting the television broadcasts with the same "zombie apocalypse" alert as before. The signal interruption occurred during WNMU's and WBUP's primetime afternoon broadcasting of Barney & Friends and The Bachelor.^{[19] [20]}

KENW

The final hijacking took place in Portales, New Mexico, at 5:35 pm MST, when television station KENW's Emergency Alert System was also hijacked, interrupting its television broadcasts with the same false emergency alert as the previous two incidents. The hackers were reportedly found by authorities shortly after the hijacking; however, further information on the perpetrators of the hijackings was never released.^[21]

Similar incidents

A similar incident involving the "zombie apocalypse" EAS hijacking took place during a morning talk show broadcast by WIZM-FM in La Crosse, when the hosts of the show, who were reacting with laughter to the hoax, played the audio recording from the alert. However, producers of the show failed to edit out the Specific Area Message Encoding (SAME) tones used in the alert, which led to the triggering WKBT-DT's Emergency Alert System. As a result, WKBT-DT's emergency alert equipment relayed the message from the hoax over the stations regular programming.

The FCC has since strongly prohibited the usage of actual or simulated EAS/WEA and SAME tones outside of genuine emergency alerts to protect the integrity of the system and to prevent signal relay incidents like the one in 2013. Any broadcasters that use the tones outside of a real emergency may be heavily fined or sanctioned.

On February 28, 2017, radio station WZZY, 98.3, in Randolph County, Indiana aired the same "bodies rising from the dead" false alert message from 2013 after their SAGE ENDEC EAS equipment was hijacked. The incident prompted the Randolph County Sheriff's Department to make a public announcement clarifying that WZZY's emergency alert equipment had been hacked and that no emergency was present.^[22]

Methods

There are numerous methods hackers will use to hijack the Emergency Alert System; however, the likely method used by the hijackers of the "zombie apocalypse" hoax, as reported by authorities and the television station engineers, was that the hackers were able to gain access to the emergency alert equipment via default system passwords that were listed in public user manuals. This would have came as a result of television station broadcasters neglecting to change the factory default logins and passwords on their equipment.^{[23] [24]}

Government response

A failure to prevent access into emergency alert equipment by broadcasters has been the subject to most of cybersecurity breaches of the Emergency Alert System. As a result, the federal government has made numerous statements to television broadcasters that a neglection to investigate unpatched software vulnerabilities and failure to implement secure passwords for EAS machines will lead to a massive failure in equipment security and a major cybersecurity breach such as the one in 2013.

The Federal Emergency Management Agency (FEMA) has also stated to television broadcasters of certain vulnerabilities in EAS encoders/decoders that, if not updated, could allow outside sources to gain access to various television station's EAS equipment and broadcast emergency messages over regular programming.^[25]

Aftermath and investigation

Following the hijacking incidents, both the FCC and the FEMA urged the broadcasters involved in the incidents to reset their passwords and recheck security measures. Trade groups, including the Michigan Association of Broadcasters, also requested that its partnered television stations, including WBUP and WNMU in Michigan, to update any unpatched security vulnerabilities of their emergency alert devices.

Investigations into the hijackings occurred via both local and federal authorities, with possible investigations partaken by the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC), who initially detected that the hijackings came from an overseas source. The hackers involved in hijackings were reportedly caught and arrested; however, any further information on the perpetrators' identities or charge remain unknown.

Shortly after the hijackings occurred, the Great Falls Police Department announced to the Great Falls Tribune that the alert was a hoax and there was no danger in the areas surrounding Great Falls. Similarly, almost immediately after the false emergency message aired, KRTV announced on air: "This message did not originate from KRTV, and there is no emergency".^[26]

Following the hijacking incident in February 2017, the Randolph County Sheriff's Department made a public statement announcing that the emergency alert was a false alarm and a hoax, after its local radio station, WZZY, was hacked with the same false emergency message.

See also

• Captain Midnight broadcast signal intrusion
• Max Headroom signal hijacking
• Broadcast signal intrusion
• Emergency Alert System
• Southern Television broadcast interruption

Notes and References

1. Web site: Goodin . Dan . 2013-02-14 . Bogus zombie apocalypse warnings undermine US emergency alert system . 2023-10-29 . Ars Technica . en-us . 2023-10-29 . https://web.archive.org/web/20231029233536/https://arstechnica.com/information-technology/2013/02/bogus-zombie-apocolypse-warnings-undermine-us-emergency-alert-system/ . live .
2. Web site: Schwartz . Mathew J. . 2013-02-12 . Zombie Alert Hoax: Emergency Broadcast System Hacked . 2023-10-29 . Dark Reading . en . 2021-08-02 . https://web.archive.org/web/20210802002503/https://www.darkreading.com/attacks-breaches/zombie-alert-hoax-emergency-broadcast-system-hacked . live .
3. Web site: Melissa . Anders . 2013-02-13 . Zombie apocalypse now? Michigan TV stations' Emergency Alert Systems hacked with notice of walking dead . 2023-10-29 . mlive . en . 2023-10-29 . https://web.archive.org/web/20231029233536/https://www.mlive.com/news/2013/02/zombie_apocalypse_now_michigan.html . live .
4. Hackers hijack Montana TV station, broadcast zombie apocalypse warning . en-GB . Wired UK . 2023-10-29 . 1357-0978 . 2023-10-29 . https://web.archive.org/web/20231029235038/https://www.wired.co.uk/article/zombie-broadcast-hijack-fake . live .
5. News: Associated Press . 2013-02-12 . Zombie apocalypse newsflash interrupts US TV schedule . en-GB . The Guardian . 2023-10-29 . 0261-3077 . 2023-10-29 . https://web.archive.org/web/20231029233536/https://www.theguardian.com/world/2013/feb/12/zombie-apocalypse-newsflash-montana-tv . live .
6. Web site: Storm . Darlene . 2013-02-12 . Hacker broadcasts emergency zombie apocalypse warning on TV station in Montana . 2023-10-29 . Computerworld . en . 2023-11-05 . https://web.archive.org/web/20231105064809/https://www.computerworld.com/article/2474427/cybercrime-hacking-hacker-broadcasts-emergency-zombie-apocalypse-warning-on-tv-station-in-montana.html . live .
7. Web site: That Time Someone Hacked an Emergency Broadcast System and Warned of the Zombie Apocalypse . 2023-10-29 . Cheezburger . en . 2023-10-29 . https://web.archive.org/web/20231029233536/https://cheezburger.com/99330561/that-time-someone-hacked-an-emergency-broadcast-system-and-warned-of-the-zombie-apocalypse . live .
8. Web site: Hubbuch . Chris . 2013-02-13 . TV zombie-attack warning a false alarm . 2023-10-31 . La Crosse Tribune . en . 2019-08-08 . https://web.archive.org/web/20190808174946/https://lacrossetribune.com/news/local/tv-zombie-attack-warning-a-false-alarm/article_96312830-759f-11e2-bb49-0019bb2963f4.html . live .
9. Web site: 2017-03-01 . Hacked radio station reports Ind. zombie attack . 2023-10-31 . WCPO 9 Cincinnati . en . 2023-10-31 . https://web.archive.org/web/20231031122002/https://www.wcpo.com/news/state/state-indiana/hacked-radio-station-reports-zombie-attack-and-disease-outbreak-in-randolph-county-indiana . live .
10. Web site: 2017-03-01 . Hackers take over Randolph County radio station’s alert system, send out messages about fake zombie attack . 2023-10-31 . Fox 59 . en-US . 2023-10-31 . https://web.archive.org/web/20231031122001/https://fox59.com/news/hackers-take-over-randolph-county-radio-stations-alert-system-send-out-messages-about-fake-zombie-attack/ . live .
11. Web site: Goodin . Dan . 2022-08-05 . "Huge flaw" threatens US emergency alert system, DHS researcher warns . 2023-10-29 . Ars Technica . en-us . 2022-08-06 . https://web.archive.org/web/20220806035649/https://arstechnica.com/information-technology/2022/08/huge-flaw-threatens-us-emergency-alert-system-dhs-researcher-warns/ . live .
12. Book: Committee on the Future of Emergency Alert and Warning Systems: Research Directions . Emergency Alert and Warning Systems . . April 19, 2018 . 9780309467407 . 70–72 . English . October 30, 2023 . October 31, 2023 . https://web.archive.org/web/20231031170318/https://books.google.com/books?id=TxhbDwAAQBAJ . live .
13. Book: Wheeler . Clyburn . Rosenworcel . Pai . O'Rielly . Tom . Mignon . Jessica . Ajit V. . Micheal . FCC Record: a comprehensive compilation of decisions, reports, public notices and other documents of the Federal Communications Commission of the United States. . . 2016 . Boulder, Colorado . 638.
14. News: Kumar . Mohit . February 13, 2013 . Hacker broadcasts zombie warning on TV . 1 . . October 29, 2023 . October 29, 2023 . https://web.archive.org/web/20231029233536/https://thehackernews.com/2013/02/hacker-broadcasts-zombie-warning-on-tv.html . live .
15. News: Moye . David . February 11, 2013 . KRTV's Emergency Alert System Hacked To Warn Of Fake Zombie Apocalypse . 1–2 . . October 29, 2023 . October 29, 2023 . https://web.archive.org/web/20231029233536/https://www.huffpost.com/entry/krtv-fake-zombie-alert_n_2665469 . live .
16. Book: Booth, Charlotte . A History of the Undead: Mummies, Vampires and Zombies . . March 15, 2021 . 9781526769077 . 86–90 . English.
17. Book: Goodman, Marc . Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It . . February 24, 2015 . English.
18. News: Albanesius . Chloe . February 12, 2013 . Hack of Montana TV Station Warns Viewers of Zombie Attack . 1–2 . . October 29, 2023 . October 29, 2023 . https://web.archive.org/web/20231029233535/https://www.pcmag.com/news/hack-of-montana-tv-station-warns-viewers-of-zombie-attack . live .
19. Web site: Hubbuch . Chris . 2013-02-13 . TV zombie-attack warning a false alarm . 2023-10-29 . La Crosse Tribune . en . 2019-08-08 . https://web.archive.org/web/20190808174946/https://lacrossetribune.com/news/local/tv-zombie-attack-warning-a-false-alarm/article_96312830-759f-11e2-bb49-0019bb2963f4.html . live .
20. Book: United States. Congress. House. Committee on Homeland Security . DHS Cybersecurity: Roles and Responsibilities to Protect the Nation's Critical Infrastructure : Hearing Before the Committee on Homeland Security, House of Representatives, One Hundred Thirteenth Congress, First Session, March 13, 2013 . . November 13, 2018 . Minnesota . 72 . English.
21. Web site: Archived copy . 2023-11-11 . 2019-11-28 . https://web.archive.org/web/20191128215052/https://abc10up.com/2013/02/12/update-eas-hacker-found/ . live .
22. Web site: 2017-03-01 . Hacked radio station reports Ind. zombie attack . 2024-07-15 . WRTV Indianapolis . en.
23. News: February 14, 2013 . Zombie hack blamed on easy passwords . 1–2 . . Reuters . 2023-10-29 . 2019-08-08 . https://web.archive.org/web/20190808193235/https://www.chicagotribune.com/business/ct-xpm-2013-02-14-chi-zombie-hack-blamed-on-easy-passwords-20130214-story.html . live .
24. News: Lyngaas . Sean . August 3, 2022 . FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated . 1–2 . . October 29, 2023 . October 7, 2023 . https://web.archive.org/web/20231007184910/https://www.cnn.com/2022/08/03/politics/fema-emergency-alert-software-warning/index.html . live .
25. Book: Loh-Hagen, Virginia . Ethical Hacker . . 2015 . 9781634700788 . 7 . English.
26. News: Montagne . Renee . February 12, 2013 . Montana TV Stations Warns of Attacking Zombies . 1 . . October 30, 2023 . October 30, 2023 . https://web.archive.org/web/20231030105809/https://www.npr.org/2013/02/12/171782346/montana-tv-station-warns-of-attacking-zombies . live .