Why 'zombie' cyberattack is a real concern for Emergency Alert System (+video)
The Emergency Alert System was hacked this week by someone who inserted a warning that zombies were attacking the US. Funny, yes, but the vulnerabilities to cyberattack are real.
The Emergency Alert System, intended as a last-ditch measure to enable the president to communicate to Americans in national emergencies, was hacked Monday by someone who inserted messages reporting that the nation was being attacked by zombies.Skip to next paragraph
Subscribe Today to the Monitor
While the episode is not without humor, the hoax highlights that the EAS system is vulnerable to far more serious cyberattacks, cybersecurity experts say.
An EAS alert began unexpectedly at 8:36 p.m. on Feb 11, interrupting programming on two Michigan television stations with a message scrolling across the bottom of the screen, that read: “dead bodies are rising from their graves.” The alert also said the bodies were “attacking the living.”
In all, three Michigan TV stations were affected by the so-called “zombie” cyberattack, and another in Great Falls, Mont., was reported to have issued similar alerts. But the real problem is that such vulnerabilities could leave the nation open to fake alerts that look far more real than the “zombie” message and could potentially panic the public, broadcasters and other cybersecurity experts say.
"It isn't what they said. It is the fact that they got into the system. They could have caused some real damage," said Karole White, president of the Michigan Association of Broadcasters told Reuters. Underscoring the seriousness of the hack, federal agencies were reported to be investigating the attack – and no hacking group touted that it was responsible, as is common.
The zombie hack attack was particularly disturbing to broadcast engineers who work on the EAS system because of a series of concerns that preceded them.
The attacks followed an 11-hour outage of a key computer system that runs the Integrated Public Alert and Warning System (IPAWS) being developed by FEMA and the FCC. The system will eventually include not only the EAS, but digital capability to send alerts to cell phones and websites.
They also followed a threat by the hacktivist group “Anonymous” to disrupt President Obama’s State of the Union speech on the Internet.
In an “urgent advisory” this week, the Federal Communication Commission also required TV and radio broadcasters nationwide in the EAS to “take immediate action” including resetting passwords and securing EAS equipment “behind properly configured firewalls and other defensive measures.” The FCC did not respond by press time to requests for comment.
Cybersecurity and EAS experts both agree that at least some elements of the EAS system – which has its roots in the cold war and is intended to be a last ditch measure for the president to communicate with Americans – are vulnerable to intrusion via the Internet.