[EAS] Interesting zombie artifact (I think)

Gregory Muir engineering at mt.net
Thu Feb 14 00:47:01 CST 2013 

I am throwing this out there as a real curiosity item to the group.
 
The below event was logged on a Sage machine owned by a radio station that is located in the same town that the original Montana "zombie" television station is located.  It never made it to air due to several strange characteristics to it which I will explain.
 
First, this message was tagged (tag omitted for respect) as the originator being the original "zombie" television station that made the news.  This ENDEC only monitors the NWS and local LP1 (AM) & 2 (FM) stations, not the source that was tagged. "Monitor 2" is the local LP2 which will be discussed about a little more later.
 
The receive time stamp is one day later than the issue date which is one reason why the ENDEC did not forward the message.  In addition, the counties listed are not part of this ENDECs forwarding counties.  There was no associated audio file stored possibly because the message was expired (not sure about that issue).
 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>                                             Expired 02/12/13 20:23:17 Local Area Emergency, Received on Monitor 2.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>                                                                       The Civil Authorities have issued a Local Area Emergency for Powell, MT, Broadwater, MT, Jefferson, MT, Lewis and Clark, MT, and Meagher, MT beginning at 2:33 pm Mon Feb 11 and ending at 2:48 pm Mon Feb 11 (Tag omitted for this email)

 
As for the LP1/LP2 arrangement in this town, both stations are owned by the same broadcast group, a result of the LP2 being picked up by them in a purchase several years ago.  Both station EAS alerts emanate form the same ENDEC so, if the alert were broadcast by them, it should have been logged on both "Monitor 1" and "Monitor 2" channels.
 
This event is a real phantom.  The Internet connection is through a high security firewall of which only the ENDEC is connected.  It is not part of an internal network for the station and is not used for any other purpose except connection to the IPAWS server.  All ENDEC logon information was changed to significantly cryptic codes when the machine was originally installed. 
 
And I do subscribe to the theory that "...if it is connected to the Internet, it is no longer secure" no matter what one does within a reasonable cost to implement same.
 
-End of story-
 
Now, questions will be asked as to why both LP1 and 2 are coming from the same source.  I will defer bantering over that because of the inability to properly "push a rope" in this area and the avoidance of local and state authorities to consider any action to change it after I had spent considerable time trying to change it (I am not responsible for this particular broadcasting group).
 
Secondly, I do obtain a lot of value from reading everyone's thoughts about the subject of EAS.  For that, I thank you.  But one thing came to mind as I have been reading about the ideas of bolstering security for our machines - has anyone given thought that some of this list members might just be the hackers themselves???
 
...just a thought...
 
Thanks,
 
Greg Muir

More information about the EAS mailing list