#9/2013

Security of Informational and Advertising Systems

Chief editor - Vladimir Krylov, PhD
Deputy chief editor - Michael Nikulichev, PhD

We have already published several articles on hacker attacks on informational networks consisting of LED and LCD screens:

Hackers keep users on their toes

Back in 1993 representatives of the hackers’ community gather in Las Vegas to attend the First International conference Defcon. Since then the Conference turned into a regular annual feature and attracts a lot of supporters, curious people and participants. Starting from 2010 the number of visitors to Defcon regularly exceeds 10 thousand people, and the Defcon 2013 is no exception. Whatever the case, the Conference agenda is always focused on security, or rather insecurity, of information and personal space.

This concerns physical break-ins and penetrations (of cars and locks) and electronic hacking (penetrating various digital networks) as well as methods for accessing information using drones and robots, seach for weak spots in software of all levels. For example, in 2012 researchers from Sipera presented new tools for the free utility UCSniff. These innovations allowed to grab video streams with the help of a convenient and user-friendly interface.

A handful of marginalized software engineers and geeks grew into a powerful community with strong supported around the world who are equally interesting and dangerous for special forces and large business and government institutions. The movement of hackers is no longer underground. To be a hacker today is quite respectable and profitable. No wonder Defcon created numerous clones around the world. Here is a list of some noticeable events taking place this year: Positive Hack Days (May 2013, Russia), CONFidence (May 2013, Poland), Chaos Constructions (August 2013, Russia), Black Hat (July 2013, USA), BreakPoint (October 2013, Australia) and many others.

We are only interested in these events from the point of view of security of informational and advertising systems. Almost all our publications deal with fast spread of LED and LCD networks in public space. In the beginning of the 1990ies you could count all these systems on the fingers of one hand, and first serious hackers were interested not in LED screens but in PC networks in banks and large corporations where money and secrets could be obtained. However, the situation has drastically changed. There are more and more informational and broadcasting networks around us. Practically all public space of our cities is domesticated by digital advertising and transport and informational systems. As a result, these networks become a lure for criminals, who are trying out their skills on these “simple” systems from the point of view of hackers.

Hacker attacks on informational and advertising networks

What follows is a list of hacking attempts at penetrating informational networks that caused some public awareness and were reported in mass media. Is it not the time to think about security?

Substituting video content

15 August 2013 Popular Russian TV station NTV reported an case in Moscow when one of the parties in a traffic accident provided a video recording as a proof of his innocence. However, purely by chance the police found out that the video recording was computer-edited and falsified the actual event.

Attack on the emergency broadcasting system of KRTV and CW TV channels in the USA

13 February 2013 Two American TV channels were attacked by hackers who managed to penetrate the security protocols and broadcast over the KRTV and CW channels information about the zombie attack. The audio report focused on “the dead” chasing after the people on the streets. The accompanying text suggested ways to avoid zombies.

Hackers succeeded in superimposing their audio stream over the original audio stream of the TV program. Several viewers were so impressed by the unexpected report that immediately called the police demanding action against zombies. A little later TV stations actually offered an explanation and an apology to their viewers.

Systems of emergency broadcasting compromised

15 February 2013 Experts on information security of IOActive commented on the recent news about zombie attacks and warned that most radio and TV stations are highly vulnerable to potential hacking. They commented by saying that this type of attacks is not only dangerous but also rather easy to accomplish. The fact is that the equipment used by radio and TV stations has numerous weak spots that may not offer sufficient protection against a well-planned and organized attack. As a result, millions of people may be affected by the falsified information.

“We identified several devices directly built-in the Internet networks that were used by hackers to penetrate TV station security”, - said Cesar Cerrudo, the Technical Director of IOActive.

Hackers and criminals usually use the following threats as false messages:

Assassination of the president

On July 4th, 2011, (The Independence Day) hackers from the Script Kiddies group penetrated the account of the popular Fox News TV in Twitter microblog to alarm readers with the news that President Obama had been shot dead in one of the Iowa restaurants during the election campaign. Fox news had to urgently issue a disclaimer and apologize to 34 thousand subscribers, while US Secret Service vowed to find the culprits.

Earthquake

In May 2008, 22-year-old student from China broke into a government seismology web-site and placed a false warning about the expected strong earthquake in Shānxī province. Just two weeks before China suffered a devastating earthquake in Sìchuān that had caused nearly 100 thousand casualties. Naturally, the report was met with panic in the Province. The “Joker” was arrested and spent 1.5 years in prison.

Nuclear explosion

In June 2007, hackers scared people in the Czech Republic by a nuclear explosion. During the morning broadcast the 2nd Channel of the National TV showed photos of the nuclear mushroom in the Krkonoše mountains in the Northern Moravia. The informational program Panorama usually provides weather forecast with slides showing pictures of different regions of the Republic. This time though the culprits succeeded in substituting video stream and nearly 50 thousand people watched the horrifying pictures and were completely taken in.

Luckily, the culprits soon admitted to playing this prank and placed another slide on the National TV with the text calling for the citizens to stop blindly trusting the official news. The trick was attributed to the hacker group Ztohoven well-known for such practical jokes.

Hackers broke into a large LED screen at the Palace of the Republic in Alma-Aty (Kazakhstan)

13 August 2013 The large LED screen installed right in front of the the Palace of the Republic in AlmaAty for some time was running porno clips instead of advertising. IT specialists attributed this to hackers. The video report on the prank was shown on YouTube on August 12th 2013.

Porno clip on TV channel in Belorussia

14 April 2013 The Belorussian authorities are looking for a video engineer that maybe responsible for the incident when a music channel of the National TV showed a clip with indecent content. This is not the first such incident. Journalists confessed that porno clips appeared on the air several times either by mistake or with malicious intent.

Porno on Swedish TV on TV4 News

7 January 2013 Viewers of the Swedish TV4 News Channel unexpectedly witnessed a long series of indecent clips. The indecent video stream appeared on the screens at the time when the anchor-woman was discussing Syria conflict with their correspondent in Russia. The indecent video appeared on a TV monitor located behind the back of the show host.

Porno clips in the public transport displays in Chile

January 2013 Passengers on a long-distance bus in Chile became involuntary spectators of an adult film that was shown by mistake by the company personnel. Though the film was switched off after a short while, people still managed to make video recordings on their cell phones and immediately forwarded this to social network on the Internet.

Conclusions

Digital video networks are widely used not only for commercial advertising but for the informational support of official events, public holidays or emergency situations. In many countries the authorities use commercial networks for searching for missing people, especially children, or hunt for local criminals.

Naturally, as modern digital networks acquire more and more importance in our informational age, the task of protecting these systems on both software and hardware levels is becoming extremely important for Russia and all other world countries.