Another station was hit on Monday with the Barix box hijacking as Lake Keowee Broadcasting Group’s Classic Hits/Beach “Sunny 105.9” WFBS-LP Salem SC began playing the loop of YG & Nipsey Hussle “F*** Donald Trump” around 10:00pm.
President Frank Patterson wrote on Facebook that he has captured the IP address used by the hijackers and has passed it on to the FCC. In a follow-up comment it is mentioned that it was of international origin.
Additionally it is now believed that the 101.9 pirate in Seattle that played the song on a loop for nearly a week was 101.9 KQES-LP Bellevue WA. The station has been operating for nearly a year, but has never filed for Program Test Authority nor a License To Cover.
Update 1/23: Heat Street confirms that the hackings were done through a Barix Exstreamer device.
Kathy Weisbach, President of Crescent Hill Radio’s 100.9 WCHQ-LP Louisville, told Heat Street:
“Other stations that it happened to have contacted me, and we all used the same device, and none of us had set a password to the device,” Weisbach said. “My bad, as I had done other security measures at the tower and the studio but failed to password protect this device. You can bet it is now.”
We can also confirm another station that was hit; Mother of the Redeemer Radio’s 103.5 WIAH-LP Evansville IN. Alpha Media Urban “We 96.3” KWEE Portland OR was not hacked but played a clean edit of “F*** Donald Trump” once an hour all weekend long and a pirate on 101.9 in Seattle continues to loop the song.
Original Report 1/20: For the second time in less than a year multiple radio stations had their signals hijacked.
This time the stations that were corrupted aired a loop of YG & Nipsey Hussle “F*** Donald Trump“. Among the confirmed victims are Radio 810 Nashville’s Regional Mexican “El Jefe 96.7” 810 WMGC/96.7 W244CW Murfreesboro TN ,Crescent Hill Radio’s 100.9 WCHQ-LP Louisville, and Sunday Morning Glory Radio’s 100.5 KCGF-LP San Angelo TX. Unverified reports of stations in California, Indiana, and Washington State being affected have also been seen.
The attacks on the stations began around 2:00pm eastern time on Friday, January 20. SanAngeloNow.com features a brief aircheck of it on KCGF-LP.
In April 2016 multiple stations were hijacked through unsecured Barix STL devices via a botnet attack and aired a podcast about furry sex. The hackers in the first case used the Shodan device search engine to build a database of unsecured radio stations and over-rode the station’s outgoing audio with the Furcast stream.
If you utilize a Barix or Comrex device at any of your facilities, the Michigan Association of Broadcasters has a tutorial on how to lock down the IP address to prevent something like this from happening.
Eric Jon Magnuson 
Kent 
notdarth 
I didn’t come across it until last night, but the Courier-Journal did get some additional comments from WCHQ’s PD…
http://www.courier-journal.com/story/news/local/2017/01/20/local-radio-station-hacked-anti-trump-song/96853106
The station on 101.9 in Seattle was not a pirate station. It was KQES-LP 101.9 in Bellevue east of Seattle, which is Chinese, was hijacked all week. They fixed it this afternoon and were back on the air.
Oooh. You almost got through the whole article without blaming hackers (check the next to last paragraph).
SO close!
Hack definition: To use a computer to gain unauthorized access to data in a system
Is that not what happened here?
No.
Real “hacking” definition: Hacking is about production, not destruction; it involves curiosity, research, analysis, knowledge, the creation of new ideas, the discovery of amazing breakthroughs, and the sharing of information with those who will use it responsibly. Hacking is not illegal activity. (http://www.binrev.com/forums/index.php?/terms/)
What happened here is not hacking at all. What happened here is unauthorised access to a computer system. You were correct in your usage of the term “hijacking”. Gaining unauthorised access to a system is not “hacking”. It is “attacking” or “intrusion”.
As a hacker I find bastardisation of the term of my art an affront.