I ask that of all the pro big government people out there.
The same government that over sees EAS and allowed this to happen through poor oversight and testing, is the same government we constantly hear the clamor for it to do more to control our lives.
Please rethink how much you trust the government if they cannot keep a simple EAS network protected.
We all know that, as usual, IF they catch the people who did this, they will not be prosecuted because some bleeding heart will say 'it was just a prank.'
So nothing to see here folks. Move on.
http://www.tvnewscheck.com/article/65439/zombie-eas-hack-attack-hits-4-stations?nocookies
We may like the idea of smart meters and grids, but what’s the point if we can’t even protect the emergency broadcast system?
The recent hacking of America’s Emergency Alert System (EAS), which warned citizens in Montana that “the bodies of the dead are rising from their graves and attacking the living” raised confusion as well as hilarity, but if hackers can so easily get into an emergency system designed to protect citizens, who knows what would happen if a smart grid system was taken down — something that so many core services rely upon.
Was it down to sophisticated cracking software or the back-breaking work of criminals? No. According to Reuters, it was the far too-common reason so many systems are often compromised — simple, human stupidity.
Like waving a red flag to a bull, system administrators across the U.S. left a number of passwords for the EAS software simply set to default. Unsurprising when you consider how many people insist on using passwords that are the hacker’s delight, including ‘qwerty’, ‘password’, and ‘12346′.
Mike Davis, a security expert at IOActive Labs, told the publication that by using Google’s search engine, he was able to find at least 30 additional alert systems that are vulnerable to attack. The zombie hoax may have only been a prank present on one station, but as Davis noted, the message could have been delivered to a lot more systems, and had the potential to breed chaos rather than humor.
The vulnerabilities in EAS systems have been forwarded to the Department of Homeland Security’s U.S. Computer Emergency Readiness Team, US-CERT, but here’s an idea: how about we start with the basics, and force lazy administrators to change the passwords regularly when it comes to such sensitive systems?
Failing that, perhaps the guys behind the EAS should take Google’s password ring for a spin.
Image credit: Daniel Hollister
Related:
- Cyber security isn’t the U.K.’s cup of tea
- What tech advances will change our lives in the next 5 years?
- The $1 billion opportunity in cyber security
- What makes a good password? Bad grammar.
- Top 25 common, hackable passwords: ‘qwerty’, ‘ninja’, ‘jesus’
- Google puts a ring on it to infuriate hackers, replace passwords
