Hackers Infiltrate Early Warning Network System to Send Spam

Just as ex-tropical Cyclone Penny moved toward the coast of Queensland, Australia, users of Early Warning Network reported receiving strange messages from the emergency system.

Hackers were able to access the Early Warning Network, a large-scale emergency warning system in Australia, and then send alarming spam messages to subscribers.

According to the Early Warning Network (EWN), a hacker accessed its system over the weekend and then sent “nuisance messages” via text, phone call and email to a part of its database on Jan. 5 at around 9:30 p.m. EST.

The EWN said Monday on its website that it appears the hacker used “illicitly gained credentials” to login to its system.

“The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to log in and post a nuisance spam-notification to some of our customers,” according to the note on the EWN’s website. “This was sent out via email, text message and landline. EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out.”

The emergency notification system sends varying threat level alerts – including catastrophic and severe threats – sourced from the Bureau of Meteorology to registrants. The incident occurred just as ex-tropical Cyclone Penny moved toward the Queensland coast.

According to multiple people who posted to Twitter, the spam message read: “EWN has been hacked. Your personal data stored with us is not safe. We are trying to fix the security issues. Please email support[@]ewn.com.au if you wish to unsubscribe.”

The EWN said that the links used in the spam alert were non-harmful; and subscribers’ personal information were not compromised during the incident.

While it did not specify the number of subscribers who received the notice, the EWN said that a “small proportion” of its database received the alert. An ABC report meanwhile said that “thousands” had received the alert.

EWN said Monday that its systems are back up and running, and that it is continuing to investigate the incident with police involvement.

It’s not the first time some type of public emergency alert siren, designed to both caution citizens of crises, has been compromised by attackers to take control of the system to broadcast false alarms – or shut it down completely.

In April 2018, researchers found that public emergency alert sirens in San Francisco could be compromised by attackers who can take control of the system to broadcast false alarms.

And in March 2018, Baltimore’s 911 dispatch system was hacked, triggering a shutdown of the platform’s automated dispatching functions.

Tom Kellermann, chief cybersecurity officer at Carbon Black, told Threatpost in an interview that early warning networks are becoming a “soft target.”

“Security leadership typically focuses on the resiliency of these systems,” he told us. “This can be a double-edged sword.  The business continuity and resiliency priorities of these systems inherently increases the attack surface. As they have added redundancy, backup network operations centers and remote access – coupled with the introduction of applications – introduce a myriad of vectors by which attackers can conduct a cyber-intrusion.”

An EWN did not respond to Threatpost for further statement before publication.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.