Thursday, October 23, 2014

Ransomeware and Radio

I normally avoid news stories but this is so daft and so readily avoidable I feel I must comment. In the past the fear "hacks" in radio was largely limited to "broadcast intrusion" aka hijacking. I do note that last year USSOCOM posted on fbo.gov that they were seeking the ability to do that. [SOURCE] But these most recent attacks are more random, and more of a low-hanging-fruit target. Initial reports in Louisiana and Arkansas have been knocked off air by ransomware.  More here.

In Michigan the target was 980 WAKV-AM. In Louisiana the target was Stannard Broadcasting in Leesville including the three station in their cluster: 105.7  KVVP-FM, 95.7 KROK-FM and 106.7 KUMX-FM. In Arkansas another yet-unnamed station was been hit as well. More here.
Stannard Broadcasting in Leesville that was attacked. Not one but all three of its stations were affected; they are KVVP(FM) “Today’s Country 105.7” as well as KROK(FM) and KUMX(FM). - See more at: http://www.radioworld.com/article/%E2%80%9Cransomware%E2%80%9D-demanded--from-broadcaster/272950#sthash.yK56IFz3.dpuf
Stannard Broadcasting in Leesville that was attacked. Not one but all three of its stations were affected; they are KVVP(FM) “Today’s Country 105.7” as well as KROK(FM) and KUMX(FM). - See more at: http://www.radioworld.com/article/%E2%80%9Cransomware%E2%80%9D-demanded--from-broadcaster/272950#sthash.yK56IFz3.dpuf

nnard Broadcasting in Leesville that was attacked. Not one but all three of its stations were affected; they are KVVP(FM) “Today’s Country 105.7” as well as KROK(FM) and KUMX(FM). - See more at: http://www.radioworld.com/article/%E2%80%9Cransomware%E2%80%9D-demanded--from-broadcaster/272950#sthash.yK56IFz3.dpuf
The stations were still running Windows XP despite years of EOL announcements (End Of Life) from Microsoft. This is of course supremely stupid. Of course it also turns out that 95% of banks are equally stupid. By using a known explot hackers gained control of a PC with an internet connection (LAN) that was still on that archaic OS (operating system). froim there they shut down the stations OMT iMediaTouch Radio Automation System and compromised their digital music library. Game over. The hackers demanded just $500 in bitcoins to unlock the computer.  (Radio Ink and Radio World have covered this extensively.)

Let's review the mistakes that Stannard made and see if we can learn anything.
  1. A PC with  access to core systems was on the LAN.
  2. Using a PC with EOL operating system. 
  3. Using Windows in general
  4. Lack of archived back up files for disaster recovery
  5. Lack of fail over systems
My recommendations are as follows: 
  1. If you must run windows (ANY VERSION OF WINDOWS) to run it in a VM on a Linux server. 
  2. Furthermore... it is not necessary to run windows. At this point, you can readily find applications that run in Linux for free, that will generally be less exposed to these problems.
  3. You no longer need to run local versions of essentially anything. You can remotely host or run your infrastructure from an instance in the cloud and make redundancy and archiving their problem. 
  4. If you feel you must run things locally do not connect devices running core services to the internet
  5. If for some reason to feel compelled to make all of the above mistakes... build an offline back up system you can switch over to readily. More here.