Another station was hit on Monday with the Barix box hijacking as Lake Keowee Broadcasting Group’s Classic Hits/Beach “Sunny 105.9” WFBS-LP Salem SC began playing the loop of YG & Nipsey Hussle “F*** Donald Trump” around 10:00pm.
President Frank Patterson wrote on Facebook that he has captured the IP address used by the hijackers and has passed it on to the FCC. In a follow-up comment it is mentioned that it was of international origin.
Additionally it is now believed that the 101.9 pirate in Seattle that played the song on a loop for nearly a week was 101.9 KQES-LP Bellevue WA. The station has been operating for nearly a year, but has never filed for Program Test Authority nor a License To Cover.
Update 1/23: Heat Street confirms that the hackings were done through a Barix Exstreamer device.
Kathy Weisbach, President of Crescent Hill Radio’s 100.9 WCHQ-LP Louisville, told Heat Street:
“Other stations that it happened to have contacted me, and we all used the same device, and none of us had set a password to the device,” Weisbach said. “My bad, as I had done other security measures at the tower and the studio but failed to password protect this device. You can bet it is now.”
We can also confirm another station that was hit; Mother of the Redeemer Radio’s 103.5 WIAH-LP Evansville IN. Alpha Media Urban “We 96.3” KWEE Portland OR was not hacked but played a clean edit of “F*** Donald Trump” once an hour all weekend long and a pirate on 101.9 in Seattle continues to loop the song.
Original Report 1/20: For the second time in less than a year multiple radio stations had their signals hijacked.
This time the stations that were corrupted aired a loop of YG & Nipsey Hussle “F*** Donald Trump“. Among the confirmed victims are Radio 810 Nashville’s Regional Mexican “El Jefe 96.7” 810 WMGC/96.7 W244CW Murfreesboro TN ,Crescent Hill Radio’s 100.9 WCHQ-LP Louisville, and Sunday Morning Glory Radio’s 100.5 KCGF-LP San Angelo TX. Unverified reports of stations in California, Indiana, and Washington State being affected have also been seen.
The attacks on the stations began around 2:00pm eastern time on Friday, January 20. SanAngeloNow.com features a brief aircheck of it on KCGF-LP.
In April 2016 multiple stations were hijacked through unsecured Barix STL devices via a botnet attack and aired a podcast about furry sex. The hackers in the first case used the Shodan device search engine to build a database of unsecured radio stations and over-rode the station’s outgoing audio with the Furcast stream.
If you utilize a Barix or Comrex device at any of your facilities, the Michigan Association of Broadcasters has a tutorial on how to lock down the IP address to prevent something like this from happening.