SBE Hack Alert!

SBE Alert

Feb 4, 2017

The SBE is sharing the following message with our members at the request of the FCC.

The Federal Communications Commission is requesting your assistance in disseminating the information below to your organization’s members.

It has come to our attention that unauthorized persons recently may have illegally gained access to certain audio streaming devices used by broadcasters, and may have transmitted potentially offensive or indecent material to the public. We believe that the reported cases involved unauthorized access to equipment manufactured by Barix, which some licensed broadcasters use for studio-to transmitter (STL), remote broadcast (remote) and similar audio connections. We understand that the unauthorized access to the devices may be due, in part, to instances where the licensee fails to set a password for devices with no default password, or to re-set default passwords on the Barix device.

We urge licensees to take all available precautions to prevent future unauthorized transmissions. In many cases, there may be simple, practical solutions to prevent such situations from occurring. For example, we strongly encourage licensees that use Barix devices, as well as other transmitting equipment, to check and, if necessary, add a password, or reset existing passwords with new, robust passwords. Similarly, if a broadcast station experiences turnover in staff who had access to passwords, we encourage licensees to reset the password to ensure future security. We also recommend that broadcasters investigate whether additional data security measures, such as firewalls or VPNs configured to prevent remote management access from other than authorized devices, in some cases, could be implemented to preserve this potentially critical part of the broadcast transmission chain. If you suspect that broadcast equipment has been subject to attempts at unauthorized access, we also recommend that you contact the equipment manufacturer and/or a data security firm. We also suggest that you notify the FCC Operations Center at 202-418-1122 or FCCOPCenter@fcc.gov of suspected unlawful access.

If you have any questions, please contact Lark Hadley, the regional director for the Enforcement Bureau’s Region Three via WR-Response@fcc.gov.

Thank you.

Charles Cooper

FCC/Enforcement Bureau/Office of the Field Director/Field Director

KQES-LP Transmitter

Editors note: Recently, several US radio stations’ IP STLs were hacked and broadcast an obscene anti-Trump rap song.  A low power FM station operating with a CP, KQES-LP, 101.9, in Bellevue broadcast the message for several hours last week.  The Chapter 16 remailer was very active with member’s reception reports of the hacked broadcast before the station personnel could turn off the offending transmissions.  Chapter members Steve Lockwood, Dave Ratener, and Jim Dalke worked with the Portland FCC office to pin-point the offending transmitter and equipment used in the incident. The problem was traced to a hacked Barix Instreamer 100 connected to the station’s transmitter. The information they gathered in the incident was used by the FCC in preparation of the alert.  See Clay’s Corner for more comments.