Government wants PSYOPS tool to hijack every AM and FM radio station in target area

If you saw Iron Man 3, then you recall The Mandarin hijacking TV broadcast signals to threaten the President of the United States and to intimidate Tony Stark. Although Iron Man’s arch-enemy is fictional, hijacking TV and radio station broadcast signals is not fiction. In a nutshell, the regularly scheduled show is temporarily replaced with a message of the attacker’s choosing.

Tactics such as broadcast signal intrusion – better known as hijacking – might be classified as psychological operations (PSYOPS). At least the Armed Forces Communications and Electronics Association’s (AFCEA) Signal Magazine thinks so, since it had a short blurb titled “Special Ops hunts for PSYOPS tool.”

The United States Special Operations Command (USSOCOM) posted on FedBizOps that it is:

seeking sources to provide a radio broadcast system capable of searching for and acquiring every AM and FM radio station in a specific area and then broadcasting a message(s) in the target area on all acquired AM and FM radio station frequencies. USSOCOM is contemplating a Foreign Comparative Test (FCT) of a light-weight, multi-frequency, simultaneous over-broadcast system. Prior to initiating the FCT, USSOCOM wishes to identify all firms (both foreign and domestic) which could provide a non-developmental light-weight, multi-frequency, simultaneous over-broadcast system that has demonstrated a Technology Readiness Level of 8 or higher. 

To qualify as a Technology Readiness Level of 8, according to Wikipedia, there must be an “actual system completed,” meaning the technology has been tested and proven through demonstration that it works. USSOCOM makes it clear by the bold print that this is “for information and planning purposes only.” At this time, it doesn’t intent to award a contract, but if you want more information: The Government will not entertain any questions at this time. However, the notice adds, “If USSOCOM decides to conduct procurement as a result of your submissions, a separate pre-award synopsis of that procurement will be posted to FEDBIZOPPS.”

I’ve been in a little hot water with a U.S. Central Command PR person before, so I’ll make their point clear before I’m contacted again that *PSYOPS would never be used on or against America’s citizens.* Just the same, perhaps we can save the government a bit of time and/or money by pointing out that the easiest way to potentially hijack all radio and TV stations would be via an emergency population warning system. Most countries have one; in the U.S. it is the Emergency Alert System (EAS).

Hijack all AM and FM radio station frequencies

EAS messages are automated, so if the system was hacked then it is unlikely the fake emergency messages would be caught before being transmitted, according to hacker and computer expert "Jake" aka "Secret Squirrel." He said, "The potential is that you could hijack all radio and TV stations across the country. There's no authentication, there's no encryption, there's no passwords, there's nothing that is required to send what would appear to be a valid message. I would then play the tones on my laptop, they get transmitted by the radio, I then play my audio message and then I just pack everything up and walk away."

“Jake” was not the first to say so, since way back in 2008 at Def Con 16 [video] there was a presentation about hacking EAS. Despite both of those previous warnings, this February a hacker hijacked EAS on a TV station in Montana and broadcast an emergency zombie apocalypse warning.

This July, researchers from IOACTIVE went public after discovering vulnerabilities in the U.S. Emergency Alert System; this time the “digital alerting systems DASDEC application servers” accidentally shipped “the root privileged SSH key as part of a firmware update package.” IOActive’s Mike Davis stated, “This key allows an attacker to remotely log on in over the Internet and can manipulate any system function.”

“An attacker who gains control of one or more DASDEC systems can disrupt these stations' ability to transmit and could disseminate false emergency information over a large geographic area,” according to IOActive’s vulnerability notice [pdf]. “In addition, depending on the configuration of this and other devices, these messages could be forwarded to and mirrored by other DASDEC systems.”

In fact, the DASDEC II emergency messaging platform is used in some other countries such as the Caribbean Islands. Problem solved and government dollars saved? As a bonus, if the government wanted to mess with the minds of university students, then it could try hiring the “V” for Vendetta hacker who hijacked the projector systems in more than two dozen classrooms at Washington State University.

Are you curious about other “successful” hijacking of TV or radio broadcasts that didn’t include hacking EAS? I’ll pretend you said “yes” and point back to “Captain Midnight” who “jammed HBO's satellite signal in April 1986 to broadcast a message protesting their rates for satellite dish owners.” Before you get any wild notions, the FCC warned that jamming devices “have no lawful use” unless you are a government or other law enforcement agency. In fact, a driver who recently used a GPS jammer to stop his boss from tracking his location in a company vehicle, also accidentally messed up airport navigation. He was fired and then fined almost $32,000 by the FCC.

A man hired by the Christian Broadcasting Network hijacked the Playboy Channel signal in 1987. That was the same year as the Max Headroom incident in which an unidentified man wearing a Max Headroom mask hijacked two different Chicago TV stations within three hours. “Neither the hijacker nor the accomplices have ever been found or identified.” There have also been many other confirmed TV and radio hijacking attacks.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.