Wednesday, January 25, 2017

F**k Donald Trump

On Friday January 20th at about 2:00 PM EST an unknown party launched the radio hack. It was timed to happen during the Presidential inauguration. They took over the audio programming of an unknown number of  radio stations airing a loop of the profanity-laced rap song F**k Donald Trump. The recording artists were YG & Nipsey Hussle. I'm not a connoisseur of hip-hop or urban radio for that matter, but I don't think this was a promotional effort by Def Jam. the song was released last April and  peaked at number 50 on the Billboard R&B chart lat November. I wont' play critic with it's lyrical content, but you can read more here.

The story here isn't about the song, but how four (or more) radio stations were hacked simultaneously. The stations effected were 100.9 WCHQ-LP, 100.5 KCGF-LP, and 810 WMGC-AM (which simulcasts on 96.7 W244CW). The stations are geographically disparate:  San Angelo, TX; Louisville, KY; Murfreesboro, TN; etc. Multiple news sources describe the hack as "widespread" and/or effecting several stations but only the above three are confirmed. There are also unverified reports of stations in California, Indiana, and Washington State having been hacked. 96.3 KWEE in Portland, OR is playing a clean edit of song on loop as a stunt. They have not been hacked.

The hack centers around a device called a Barix Exstreamer.  This device receives the station's online stream and sends it to the transmitter and antenna. The hackers gained access to this device and replaced the link for that online stream with a URL looping the F**k Donald Trump. Early news mentioned this hack was via the EAS system. This has since proved to be incorrect. Barix has claimed that their streaming devices support the "highest security levels" and employ 24-character passwords. But also advise passwords be changed regularly. However this is not the first time the Barix has been used in a radio hack. Ironically Barix put out a press release on April 8th last year following a glut of technically similar attacks in April of 2016. [LINK]. Barix has not commented on this latest hack.
"Barix has been made aware of reported incidents where Barix devices have been hijacked to broadcast unauthorized content. We deplore these attacks. Barix would like to emphasize that its devices are secure for Broadcast use when set up correctly and protected with a strong password. With several hundreds of thousands of Barix devices in operation worldwide, these unfortunate security breaches are an extreme rarity."
*****UPDATE 01.25.17***** 
02-02-2017 - Additional hacks have taken place at 107.9 WFBS-LP in Salem, SC and 103.5 WIAH-LP in Evansville, IN the week of January 27th.  A growing number of tech sources claim the Barix device stores passwords in plain text. This remains unconfirmed. Additionally 101.9 KQES-LP Bellevue, WA played the song for days as well. It is unclear if that is a political statement or another hack.

*****UPDATE 02.03.17*****
The NCC department at Homeland Security has reached out via the FCC has reached out to warn stations. They distributed a list of 700 Barix systems (over 240 IP addresses) in the US with unsecured, internet accessible Barix broadcast systems. More here.