The Marquette Police Department received at least 10 calls on Monday, Feb. 11 regarding a warning issued via an Emergency Alert System, in which an apparent hacker warned viewers of a potential zombie attack.
At 4 p.m. on Monday, Feb.— and later at around 8:36 p.m. — two local TV stations were hacked with a fabricated alert warning viewers that “the bodies of the dead are rising from the grave and attacking the living,” and the warning applied to all of those who were receiving the broadcast.
NMU’s public television station WNMU TV 13 was the first station to be hacked on Monday, according to WNMU General Manager Eric Smith. The glitch was quickly found to be a hoax, and was caught shortly after it aired on the station.
“Shortly before 4 p.m., in our TV master control, we had an Emergency Alert Message air that was not legitimate,” said Smith. “So once we determined what was happening, we disconnected the equipment and then we had to begin the process of figuring out where it came from and how it took place.”
At 8:36 p.m., another, similar alert was broadcast on WBUP ABC 10 during an episode of “The Bachelor,” and resulted in calls from concerned citizens to not only the Marquette Police Department but also to the ABC 10 station itself, according to the station’s operations manager Ken Baynard.
“From what I understand, the phone was basically blowing up,” Baynard said. “We were getting emails, Facebook posts — it got crazy around here. I heard it about 10 minutes after it happened and I couldn’t believe it. It was an interesting night.”
The Marquette Police Department received calls from a handful of Upper Peninsula residents, who were more concerned with the hack than zombies themselves.
“The concern was safety of course, people were just wondering what was going on,” said Lt. Mike Laurila, of Marquette Police Department. “So I don’t think they were concerned that zombies were coming, I think people were more concerned that there was an Emergency Alert Broadcast across the screen. They were curious to see what was going on.”
Josh Wright, a junior accounting major he was working on Tuesday night when he heard about the prank from another student.
“A lot of thought has to go into figuring out how to hack into a well-protected broadcasting system like the one that Marquette’s media probably has,” Wright said. “Kudos to whoever was smart enough and evil enough to do that.”
For NMU authorities, the investigation into the hoax had already attained a potential suspect by 10 a.m. Tuesday Feb. 12, according to Smith. It was discovered that the hack had originated overseas, and fixing the vulnerability in the system was fairly easy.
“The origination was the (United Kingdom) and it was a simple fix for us,” said WNMU broadcast operation and IT supervisor Grant Guston. “We know it’s a vulnerability and it’s great that it was a good hacker out there who was trying to expose vulnerabilities like that, so essentially it’s an easy fix to fill that hole for that security issue, but it could have been potentially serious.”
Both Smith and Laurila agreed that the hack could have been much more serious, had the threat been only slightly more believable.
“People think that there is some humor to this, and that it’s not very serious,” Smith said. “But we think that it is serious, and the reason is that if there had been a real emergency, we wouldn’t have been able to air that emergency alert at that time. More importantly, if someone had used or created a message that sounded real, but was indeed false, that could have caused the public to do things they shouldn’t do and that’s a very serious thing.”
Laurila also felt that while the hoax was humorous in nature, it should not make us overlook the actual significance of the situation.
“What people have to understand is that of any message that you can create, this was a message that can be interpreted as a joke,” Laurila said. “However, had something a little more serious been put out there — I mean, we didn’t think it was funny, and I’m sure the TV people didn’t think it was funny either.”
A Great Falls, Mont. station was also hacked on Monday, and it is assumed that all three instances were completely random, according to Smith. However, while the hack could have been potentially serious, most of those who were involved were thankful for the information and future security measures that may come from the hoax.
“There are many other stations around the country that air the same messages using the same equipment,” Smith said. “So these stations are now talking to each other, sharing information, working with equipment manufacturers to make sure that these security breaches are closed and that the integrity of the system is restored.
“At this point we believe it was just a random occurrence — we happened to be two that were targeted. It was just somebody going out on the internet and scanning looking for these devices, found ours for some reason, and therefore we were the ones that were victimized.”
The Emergency Alert System, which is controlled by local, state and national authorities to warn of impending danger, has just recently been switched from an analog system which rarely had such problems with hacking, to a digital system, according to Guston. But with the new technology of the digital system, there were certain overlooked vulnerabilities that made Monday’s prank possible for the overseas hackers.
“We now have a digital Emergency Alert System, whereas not so long ago it was analog and there was never an issue,” he said. “Now this is new, it’s an Internet appliance, and the installers bring it to us and we basically host it. As a result, there was a vulnerability there, where someone could go online and figure out how to access an admin account.”
Smith said there is an ongoing investigation into the responsible parties involved in the hack, but assured that they’ve done all they can do to close the gaps in the system that made the hoax possible.
“The important thing now is that we’ve fixed the problem so that it can’t happen again,” Smith said. “We’ve turned over the forensic data that came from that machine and that went to Public Safety, who is conducting and investigating to see if they can determine who might have been responsible.
“We’re back now to normal operations, but we still view this as being quite serious and it is still under investigation.”