In the morning of April 5, 2016 a number of American radio stations treated their listeners to quite the unusual broadcast. Over the course of 90 minutes, the hosts discussed the the sexual subculture of furry fandom \u2013 an interest in humanlike characters from popular cartoons, comics and science fiction. Now, the station\u2019s employees weren\u2019t looking to shock their listeners, the station\u2019s equipment was hacked.<\/p>\n
In an hour and a half, citizens of some cities in Colorado and Texas became intimately acquainted with Paradox Wolf<\/a>, Fayroe<\/a> and their friends. These nicknames belong to the authors of FurCast \u2014 a fan webcast<\/a> created by two guys and a girl from New York. Their channel was never intended to be heard by the wide public, but the hackers didn\u2019t care.<\/p>\n At least one of the shows on the stations were sent over the Internet from Denver to four remote transmitters. Of those, one was located in the city of Breckenridge, Colorado. It was this transmitter, K258AS<\/a>, that was hacked. The hacker replaced the intended program with Furcast<\/a> Episode 224<\/a>. Broadcast engineers could not regain control over transmitters remotely so they had to leave Denver<\/a> and travel to the remote transmitter site, where they reprogrammed the system manually.<\/p>\n During the hack the actual creators of FurCast detected an increase in connections to their podcast archive. This lasted several hours, and was turned off after the team discovered the problem on KIFT-FM<\/a> (Colorado) and KXAX<\/a> (Texas) and temporarily disabled access to the database. The majority of the connections made had the user agent \u201cBarix Streaming Client.\u201d<\/p>\n Barix is a popular manufacturer of audio streaming hardware and these devices were used by the hacked radio stations.<\/p>\n Ars Technica reported, that the hackers had spent some time accumulating passwords. Barix translators support up to 24 symbols combinations, \u201cbut in at least two cases 6 character passwords were cracked.\u201d<\/p>\n A number of those transmitters were also visible on Shodan<\/a> \u2014 a search engine through the Internet of Things, which lets people find connected devices.<\/p>\n What are #IoT<\/a> search engines Shodan and Censys and what are they capable of? We take a look: https:\/\/t.co\/mLszoMwAOv<\/a> pic.twitter.com\/D0xCgt700n<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) February 29, 2016<\/a><\/p><\/blockquote>\nHow could it happen?<\/h3>\n
\n