Who’s Hijacking Station Signals?
More details regarding the hijacking of the multiple station’s audio have come to light.
Furcast wrote a long accord of what happened on their end after they were tipped off to their content being heard on the stations. The hacker apparently used the Shodan device search engine to build a database of unsecured Barix devices which then broke into as many of the devices as possible and connected them to Furcast’s stream. When Furcast was made aware they cut off the stream and moved it to a new URL to prevent further access. ArsTechina also has a feature up on the event.
The Michigan Association of Broadcasters published a report on how to further secure a Barix box including using a 24 character password and hide the web access to the box underneath a firewall.
Original Report 4/6: Some listeners of Always Mountain Time Hot AC “Lift FM” 106.3 KIFT Kremmling CO and other stations across the country got a surprise on Tuesday morning when the stations began airing the audio of an explicit podcast about furry sex.
KIFT was not the only station to be affected. 104.3 KXAX-LP Livingston TX, an AM in Denver and a national syndicator that wished to not be identified were also affected by what seems like a directed botnet attack seeking access to as many public facing Barix while then locking out the stations. Engineers at the stations needed to do a hard reset of the devices to regain control.
Always Mountain Time released the following statement about their hijacking:
In regards to our station KIFT this morning, what we know at this time is that a Studio Transmitter Link for our station, which is Internet enabled, was hacked earlier today. For approximately an hour and a half, programming from a podcast unrelated to our normal programming was broadcast on a booster of KIFT. The main signal of KIFT was not affected, but the booster station was broadcasting the podcast programming, some of which was inappropriate for broadcast use. Our station was unable to regain control over the STL until the station engineer actually traveled to the remote transmitter site, and reprogrammed the system from that location.
We use industry standard closed systems for our STL and are unsure how this was able to happen. We are working with equipment manufacturers and auditing the security of our own systems to avoid any repeats of this incident. Unfortunately, we live in a day and age where hacking is becoming and increasingly bigger problem. We would urge other broadcast outlets to be aware of the possibilities and to take precautions. We sincerely apologize for to our listeners for the content of the broadcast and are doing everything possible to ensure that is doesn’t happen again.
KXAX-LP also issued an apology to listeners.
This morning, our remote encoders that send audio to our transmitter site was hacked. We want to apologize to anyone that was listening in this morning. At about 9am we were notified that a program was playing on the station that did not originate from this studio. We found out that our equipment had been hacked and was broadcasting a podcast or a stream from an unknown source. We were able to eventually get the problem resolved. But still want to apologize to anyone who may have heard the programming.
The staff of Furcast, the show that was broadcast over these stations, were quick to release a statement that they had nothing to do with their audio being used by the hijackers and they were cooperating with all law enforcement agencies investigating the incidents.
We have been made aware of a reported incident where FurCast & XBN content was syndicated without our knowledge on a terrestrial FCC licensed FM radio station. We are deeply sorry to hear about this inappropriate incident. FurCast and XBN content is made freely available on iTunes, our website and our YouTube channel for anyone to download and distribute. We are a group of friends who publish audio and video entertainment, wherein it is marked for containing explicit and inappropriate content.
We are working with law enforcement to investigate this incident. We have preserved all access log files.
INSTANT INSIGHT: Every station better be doing routine inspections of their setups to ensure this doesn’t happen to them. Change all your passwords and make them as strong as possible.
— Matt Kroschel (@Matt_Kroschel) April 5, 2016