Cyber Incident Victim: 98.9 Magic FM
Date:
Apr 2016
Location:
United States of America
Summary
A radio station experienced unauthorized broadcasting of explicit content when attackers compromised Barix audio streaming devices by exploiting weak passwords, locking out legitimate operators. The intrusion redirected equipment to play vulgar podcasts from an online group, affecting multiple stations nationwide for approximately 90 minutes. Compromised devices, identifiable via public search tools, were forced to stream the content until engineers physically reset systems at transmitter sites. The incident highlighted vulnerabilities in broadcast infrastructure, with attackers reportedly pre-collecting credentials to target insufficiently secured devices. While some stations maintained primary broadcasts, auxiliary signals were disrupted, requiring manual intervention to regain control. Similar prior breaches involved hijacked emergency alert systems, underscoring broader industrial control security challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 5, 2016, multiple U.S. radio stations experienced unauthorized broadcasts of explicit content attributed to the FurCast podcast, a hobbyist group discussing erotic themes related to furry characters. The incident began during Tuesday morning programming when KIFT (a Top 40 station in Breckenridge, Colorado) and KXAX (a country music station in Livingston, Texas) had their transmissions interrupted. Attackers compromised studio transmitter links (STLs) using Barix audio streaming devices, replacing scheduled music with approximately 90 minutes of vulgar discussions detailing explicit sexual scenarios. The hack also affected an unnamed Denver station and a national syndicator, with FurCast content airing for one to two hours across impacted stations. Forensic analysis indicated attackers systematically targeted internet-connected Barix boxes by brute-forcing weak passwords, with compromised devices identified via the Shodan search engine due to their public exposure.
The attackers locked legitimate operators out of the Barix systems, redirecting the equipment to stream FurCast’s archived podcasts. FurCast members detected the intrusion through anomalous connection spikes from Barix clients, overwhelming their servers with requests. Station engineers at KIFT regained control only after physically traveling to the remote transmitter site to reprogram the STL hardware, as remote access remained blocked. The Michigan Association of Broadcasters confirmed password vulnerabilities enabled the breach, noting attackers had harvested credentials over time and exploited devices with six-character passwords despite Barix supporting 24-character credentials. FurCast mitigated further exploitation by altering their podcast stream URLs to disrupt the attackers’ access. Operational impacts included temporary signal hijacking on auxiliary transmitters, though primary broadcasts remained unaffected at KIFT. No financial or data theft motives were identified, with station owners characterizing the content as nonsensical and sexually graphic without clear ideological intent.