An American hacker claims to have gained access to both Canada and the US’s Emergency Alert Systems.
According to a new report from Input, the hacker, who goes by the alias “virtrux,” says he’s able to send a message nationwide using a system he found open on the internet.
By scanning for ports utilized by two systems commonly used in emergency alerts, explains the report, virtrux says he found millions of IP addresses. He then scanned through them for a list of keywords likely to be used in such alert systems, and narrowed that down to thousands.
“I social engineered some manufacturers of these to give me either the service password or the default password, and after trying a few IPs, I was in,” virtrux says. “I was disgusted. This is federal infrastructure, this isn’t a printer left open.”
What would you send to everyone in the United States? @thugcrowd pic.twitter.com/jkQwfmPem6
— virtrux (j3ws3r) (@virtrux) November 23, 2020
virtrux claims that the system access points are available online for use by authorized users, but are also easily accessible by those with the technological knowhow.
“You can get whatever you need to gain full access – not to all, as most are updated – but a scary majority,” he says. “This reminds me of the banking systems, they run COBOL because they are too lazy and cheap to upgrade to something more secure and we get left with very old people who know how to program COBOL working on the banking and insurance infrastructure. I think the federal government needs to set up proper training for set up and usage of these devices, and make it illegal to operate if you have not been trained.”
The hacktivist says he could send whatever he pleases to millions of people. “Theoretically I can send anything from a volcano warning to the entire U.S. to an AMBER alert. If I really wanted, I can send out custom messages too,” he says.
He also says he could do the same in Canada. “As for Canada, I’m sure the same is possible: custom messages to country-wide levels of emergency.”
“In the wrong hands, this can and will only incite panic,” he says. “I wouldn’t go as far as to say the wrong message sent out can theoretically start a war but I don’t think it’s all that impossible.”
