Cyber Incident Victim: KIFT
Date:
Apr 2016
Location:
United States of America
Summary
A cyberattack compromised multiple radio stations, including KIFT, by exploiting weak passwords on Barix audio streaming devices. Attackers hijacked the equipment to broadcast explicit furry-themed podcasts for approximately 90 minutes, disrupting auxiliary transmission channels but not primary signals. The intrusion involved brute-forcing credentials to lock out legitimate operators and redirect streams to unauthorized content hosted by FurCast, whose members later mitigated the attack by altering their podcast URLs. Affected stations required engineers to physically access transmitter sites to regain control, as remote management was blocked. The incident highlighted vulnerabilities in broadcast infrastructure, with compromised devices identified via public search tools. Similar prior breaches targeted emergency alert systems to spread false warnings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 5, 2016, multiple US radio stations experienced unauthorized broadcasts of explicit content originating from the FurCast podcast, a hobbyist group discussing erotic furry themes. The incident began when attackers compromised studio transmitter links (STLs) using Barix streaming devices, which relay audio to broadcast antennas. KIFT, a Top 40 station in Breckenridge, Colorado, had its booster antenna signal hijacked for approximately 90 minutes, replacing scheduled music with sexually explicit discussions. Simultaneously, country station KXAX in Livingston, Texas, broadcast similar content for one to two hours. Additional unnamed stations in Denver and a national syndicator were also affected. Listeners reported hearing vulgar language and explicit descriptions of sexual encounters during the unauthorized transmissions.
The attackers gained access by brute-forcing weak passwords on internet-connected Barix boxes, many of which were discoverable via the Shodan search engine. The Michigan Association of Broadcasters confirmed attackers had pre-collected credentials, targeting devices with six-character passwords despite support for 24-character complexity. Upon compromise, attackers locked out legitimate operators and redirected equipment to stream FurCast’s online archives. FurCast members detected the attack through abnormal connection spikes from Barix clients and mitigated it by changing their podcast URLs. Affected radio stations, including KIFT, required engineers to physically visit transmitter sites to reprogram compromised systems, as remote access remained blocked. The incident highlighted vulnerabilities in broadcast infrastructure, echoing prior hacks like the 2013 zombie alert TV breaches. Industry advisories emphasized password strengthening but did not disclose financial or operational downtime impacts for the stations.