Just a short time ago, we posted a story that the Montana station claimed Radio DJ's mistake was to blame for putting out the Zombie Emergency Broadcast Message.
But, now word comes that the message was broadcast on 4 stations in different states.
TVNewsCheck writes that at least four TV stations across the country Monday were the victims of a hoax after a hacker broke into their Emergency Alert Systems.
KRTV Great Falls, Mon., initially made headlines Tuesday after a video of the alert, claiming “dead bodies were rising from their graves,” went viral on the Web. But the CBS affiliate wasn’t alone. WBKP and WNMU Marquette, Mich., and KNME-KNDM Albuquerque, N.M, also had the same alert played on their airwaves.
The hack likely happened because station operators didn’t change the default password on their Common Alert Protocol Emergency Alert System, says Ed Czarnecki, senior director of strategy and regulatory affairs for Monroe Electronics, the main manufacturer of EAS systems across the country.
“Quite simply, someone made an unauthorized access to the stations’ firewall and somebody logged into the system using a default username and password,” says Czarnecki. “This is a simple matter of operational security best practices. You have to change your default password on any new device.”
Now local and state authorities and the FCC are investigating to determine how that unauthorized access was granted. Calls into the Michigan State Police and FCC weren’t immediately returned.
After reviewing his station’s EAS security log Monday night, Kenn Baynard, WBKP operations manager in Marquette, said it was clear that someone made multiple attempts to break into the system. “They went in from the back door of this system and tried numerous passwords and have been doing so for days leading up to the hack,” Baynard says.
Before any real alert goes out, such as one from the National Weather Service, station executives are notified via email about it. That didn’t happen at the ABC affiliate on Monday afternoon, Baynard says. “It just went out by itself. There was no log about it, nothing. It just went out.”
Baynard is now blaming Monroe Electronics, claiming the software has a security flaw. “I spoke with an engineer in Montana using the same system, and it was hit the same exact way.”
Czarnecki stands by his argument, saying the company clearly states in its manual to change all default passwords, including the administrator password. He’s now telling all station operators to double-check their passwords and even choose a new password to avoid anything similar from happening.
“We’re not treating this lightly,” he says, adding the company is examining multiple options to fix any possible security flaws.