On March 14th, 2023, an incident within the EAS Relay Network resulted in an Emergency Action Notification (EAN) being received and logged within ERN log channels from a participant.
ERN has traced back the origination to a monitor with noaaweatherradio.org. This monitor used to be maintained by a GWES Staff member, but at the time of the incident, has not been available/maintained for a period of months.
Currently at this time, there is no evidence to show that the GWES Staff member in question had any involvement within this incident.
Network Operations of ERN have investigated the incident and found a cause. NWROrg currently utilizes Icecast for stream ingest and distribution. This ingest process is currently using an unprotected password, and is publicly available on their website.
This is a very poor security practice that led to an individual, who is unknown to GWES or ERN, to be able to stream audio as an “official” stream.
Thankfully, due to ERN participant vigilance, the participant was able to shut down their ENDEC right before unauthorized EAN headers were transmitted into the network. We commend the actions taken by this participant, as they prevented all ERN participants from receiving this fake alert. You can view a statement issued by the participant by clicking here.
This incident shows a need for better security practices from NWROrg, and we call on them to improve their practices, in the interest of public safety.
If you have any questions regarding this incident, or have any evidence pertaining to potential suspects, please reach out to the GWES Leadership Council by emailing us at [email protected].