Cyber Incident Victim: Mix Megapol
Date:
Nov 2017
Location:
Sweden
Summary
A Swedish radio station experienced unauthorized transmission hijacking during a live broadcast, resulting in the playback of a pro-ISIS recruitment song for approximately 30 minutes. The intrusion, attributed to an external transmitter overpowering the station’s frequency, disrupted programming but did not compromise internal systems, with services later restored. Authorities and telecom regulators were notified, though investigators indicated tracing the perpetrators would be challenging due to the transient nature of the signal interference. This incident aligns with broader patterns of broadcast signal intrusions targeting media platforms to disseminate extremist content, leveraging accessible transmission equipment to override legitimate broadcasts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of November 10, 2017, Swedish radio network Mix Megapol experienced a cyberattack during its breakfast show broadcast. An unidentified actor hijacked the station’s transmission frequency across its 24-city network, replacing regular programming with the pro-ISIS song "For The Sake Of Allah" for approximately 30 minutes. The song contained lyrical content encouraging listeners to join the terrorist organization. Mix Megapol, owned by German media conglomerate ProSiebenSat.1 Media AG, immediately reported the intrusion to Swedish police and government authorities. Company spokesperson Jakob Gravestam confirmed the incident triggered an official investigation, though technical details about the station’s internal systems remained undisclosed. Transmission resumed normal operations by the time media reports circulated later that day, with no public confirmation of whether ancillary systems like the station’s website were compromised.
Technical analysis by Jonas Wessel of Sweden’s Post and Telecom Agency (PTS) indicated the attacker likely used an FM transmitter tuned to Mix Megapol’s broadcast frequency to overpower its signal—a method consistent with broadcast signal intrusion. Wessel noted the transient nature of such attacks complicates forensic efforts, stating investigators would face significant challenges tracing perpetrators if the interference didn’t recur. The incident occurred amid heightened cybersecurity concerns in Sweden following a July 2017 citizen data leak and October 2017 DDoS attacks against national transport agencies that disrupted train services. While no group claimed responsibility, the intrusion mirrored previous ISIS-linked broadcast takeovers, including 2015 attacks on France’s TV5Monde and the BBC, though French authorities later attributed their incident to Russian hackers posing as ISIS sympathizers. Mix Megapol’s case highlighted ongoing vulnerabilities in radio transmission infrastructure, paralleling other 2017 intrusions at U.S. stations like WCHQ and WFBS that involved unauthorized political content broadcasts.