recommended reading

Threatwatch

Furball Erotica Replaces Regularly-Scheduled Programming on Radio Stations Nationwide

Network intrusion; Unauthorized use of system administrator privileges; User accounts compromised; Man-in-the-middle attack

A hack by an unknown party caused some listeners of KIFT, a Colorado Top 40 radio station, to hear a sexually explicit podcast about the erotic attraction to furry characters. The unauthorized broadcast on April 5 lasted for about 90 minutes, preempting normal fare from the likes of Taylor Swift. 

This was not an isolated incident. 

On the same day, Livingston, Texas-based country music station KXAX also broadcast raunchy furry-themed audio. The unauthorized broadcasts of a hobbyist group called FurCast reportedly were also aired on an unnamed station in Denver and an unidentified national syndicator.

Jason Mclelland, owner and general manager of the KXAX Radio Group, wrote in an e-mail: "They talked about sex with two guys and a girl in explicit details and rambled on with vulgar language not really having much of a point to the podcast. I'm assuming there was no real reason for this hack."

Mclelland said the hack was carried out by someone who managed to take control of an audio streaming device sold by a company called Barix. It seems that the attackers attempted to log in to large numbers of Barix boxes. When successful, the attackers locked out the rightful operators and caused the equipment to play Internet-accessible podcasts by FurCast.

"This appears to have been in the planning stages for some time by the person doing it," an advisory published by the Michigan Association of Broadcasters said of the Barix system hack. "Apparently they have been accumulating passwords for some time. MAKE SURE that your password is of sufficient strength! Barix Boxes will take up to 24 characters…. In at least two cases six character passwords were cracked."

The real FurCast also has supported the explanation. In an online post, the group behind the podcast reported that starting the morning of April 5, its streaming server was hit by "large numbers of IP addresses attempting to connect to our archive stream."

Most of the connection requests identified themselves as being made by a "Barix Streaming Client." Many or all of the Barix boxes attempting to connect were listed on the search website Shodan, an indication that they were easy for hackers to find and then probe for weaknesses. 

FurCast members were able to stop the attack by changing the Web addresses of the podcasts.

According to KIFT officials, the compromise hit a studio transmitter link used to send audio to a booster antenna and didn't affect broadcasts over the station's main signal. "Our station was unable to regain control over the STL [studio transmitter link] until the station engineer actually traveled to the remote transmitter site and reprogrammed the system from that location," the station officials wrote.

sector

Entertainment; Telecommunications

reported

April 7, 2016

reported by

Ars Technica

number affected

Unknown

location of breach

United States

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

April 05, 2016

date breach detected

April 05, 2016