#9/2010

Hackers’ attacks on large LED screens, roadside informational displays and screen networks

Chief editor - Vladimir Krylov
Deputy chief editor - Michael Nikoulichev

All digital screen networks, including large LED screens, roadside informational displays and DOOH (digital out-of-home) systems are operated via computers and therefore are vulnerable to hackers’ attacks.

Illegal access to advertising screen networks, hacking of operational systems, substituting content – all this is can be qualified as an offence. But this is an offence that guarantees wide public attention and media coverage. In this respect hacker attacks maybe compared to a litmus test on efficiency and popularity of this or that computer solution. As we see, DOOH networks are not an exception. As DOOH systems are getting more and more wide-spread, this market segment is turning into an attractive target for hackers.

To prove the point we decided to list the most well-publicized cases of hacking attacks on informational and advertising networks starting with the latest:

August 2010. Indonesian incident. Computer screens at the Indonesian Parliament's internal information service broadcast porn images in an incident that caused a shock among journalists and legislators. It appeared that someone had copied images from a pornographic site, saved them and then uploaded them to the parliament's website. The images, including “young teens”, were displayed for 15 minutes before officials switched off the screens. According to the local newspaper Jakarta Globe, the images were taken from the web-site that was recently officially closed in neighboring countries Malaysia and Singapore. The incident caused embarrassment to the government of President Susilo Bambang Yudhoyono, who has recently threatened to get tough with Internet pornographers following a scandal caused by celebrities having sex online. Naturally, the incident was properly planned and well-executed effectively by-passing all available security procedures in the Indonesian Parliament.

Hardcore porn film on 20 TV screens in Tesco supermarket Hardcore porn film on 20 TV screens in Tesco supermarket
Photo credit: newsru.co.il

March 2009. UK-based incident. Parents and children visiting a Tesco supermarket in Hampshire (UK) had a shock when a hardcore porn film appeared on 20 TV screens all over the supermarket. It is believed that the film was being shown for at least five minutes before a member of staff went to see why so many shoppers were crowded around the televisions. Tesco officials later apologized and told that the supermarket was the target of a prankster. Some hi-tech prankster!

Hacker’s content on electronic informational signs in New York Hacker’s content on electronic informational signs in New York
Photo credit: Marlon Ying

March 2009. Hackers in New York accessed digital road signs. In the center of New York some unknown pranksters accessed and reprogrammed a network of electronic informational signs. Instead of normal informational messages to motorists the signs showed the phrase “New York is dying”.

February 2009. Citizens of Tucson (Arizona, US) watched a hardcore film during Super bowl match. Thousands of people and countless thousands more who watched the Super bowl on TV were amazed to watch a porno commercial during the match. Entertainment for some, outrage for others, but for us a clear sign that today digital screens are helpless and vulnerable.

January 2009. Road signs hacked in the USA. Hackers’ blog in the Internet and one of the pages of Massachusetts Institute of Technology, MIT hosted a detailed step-by-step instruction on how to hack digital signs. It turned out that the majority of digital information boards operate via the open or easily accessible terminal protected only by a simple or factory-issued password. It is unbelievably easy to get connected to the terminal, enter your own text and click “Enter”. The text would then be displayed on the board or a network of boards, while motorists will either be distracted by it or follow the given instructions.

January 2010. Moscow incident. A well-publicized incident in Moscow when a hardcore porn could be seen on a large LED screen in the very center of Moscow on one of the main traffic routes. The incident caused long traffic jams, public outrage and wide media coverage. Our magazine already has written about this incident in article “The Weak Link: Hacker’s Attack on Moscow LED Screens”.

November 2008. Slavonski-Brod incident. An electronic display which normally displayed general information about Croatia and its culture suddenly started showing clips with indecent content. The authorities could not switch it off for several hours.

October 2008. UK-based incident. An electronic LED display in Crawley (UK) entertained citizens and tourists with indecent texts and jokes. It was a rather unwelcome change since normally the LED display was showing a number of free places at a nearby parking lot.

Hacker’s content on Los Angeles outdoor LED screen Hacker’s content on Los Angeles outdoor LED screen
Photo credit: stupidevilbastard.com

March 2008. Los Angeles incident. Hackers penetrated into the network of 10 LA-based LED screens. All outdoor digital screens that belong to Clear Channel started showing the image of a skull between commercials. Apparently this incident was not the first one, since this image is a brand for one of US well known but illusive hackers. Articles devoted to the incident expressed the opinion that “as soon as some new digital application finds its way to the market someone tries to break in the security gates”.

December 2007. Iran incident. Pornography in the Islamic republic is a grave offense. Indecent images are prohibited in any shape or form. The offenders may face steep fines, imprisonment or even death penalty. But hackers are obviously not scared. Someone broke into a large outdoor display in the capital and played hardcore films for everyone to see.

November 2007. Germany-based incident. Informational digital sign on one of German autobahns was hacked into and the speed limit numbers changed to suit those who like higher speeds.

July 2007. Sophia incident. The capital of Bulgaria was in the center of scandal when several large outdoor PDP displays installed in the downtown square turned the square into the adult theatre.

Outdoor screens near subway entrances in New YorkOutdoor screens near subway entrances in New York
Photo credit: Sign Industry

February 2005. New York. The popular magazine “Sign Industry” published an article about a network of 80 outdoor screens installed near subway entrances in most downtown stations. The article stressed that one of the most important problems in screen network maintenance was related to preventing unauthorized access to the network security system and substituting content. Tests run on the system proved that the data exchange protocol selected for the control system failed from the point of view of informational security.

January 2005. Delhi incident. On the night of 11-th January all monitors in Delhi airport started showing an adult film. The show continued for 20 minutes until it was possible to switch all the monitors off. The incident occurred at the time of airport “rush hour” with the highest number of passengers in the terminals. The officials apologized and announced that this was part of a planned AIDS-prevention campaign. Meanwhile journalists found out that some airport security personnel were watching this film in the office, and someone hooked the signal up to the airport advertising and informational network as a prank.

Indecent message on informational sign in New York subway
Photo credit: engadget.com

November 2004. New York incident. All informational signs in New York subway displayed an indecent message. It took the authorities nearly 24 hours to remove the message from the control systems.

These incidents are by no means all that actually took place. We hope that we made the point: more attention must be paid to the security data exchange protocols in public digital networks.