When you turn on the radio, you probably expect to hear music, news or commercials. Thanks to hackers, when listeners of KIFT, a Top 40 radio station located in Breckenridge, Colorado, turned on their radios Tuesday morning, they were treated to a sexually explicit podcast that focused on the erotic attraction to furry characters.
In addition to KIFT, the hackers commandeered a country music station KXAX in Livingston, Texas, which also broadcast raunchy furry-themed audio. And according to an article posted Wednesday by RadioInsight.com, the unauthorized broadcasts from a hobbyist group called FurCast were also forced on an unnamed station in Denver and an unidentified national syndicator. The identity of the hackers is still unknown.
"All in all the FurCast aired for an hour, possibly two," said Jason Mclelland, owner and general manager of the KXAX Radio Group. "During that time they talked about sex with two guys and a girl in explicit details and rambled on with vulgar language not really having much of a point to the podcast. I'm assuming there was no real reason for this hack."
Ars Technica Reports
Mclelland said the hack was carried out by someone who managed to take control of an audio streaming device sold by a company called Barix. The account is consistent with the RadioInsight post, which said the string of unauthorized broadcasts was accomplished when attackers attempted to log in to large numbers of Barix boxes. When successful, the attackers locked out the rightful operators and caused the equipment to play Internet-accessible podcasts made available by FurCast, a hobbyist group dedicated to furry sex.
"This appears to have been in the planning stages for some time by the person doing it," an advisory published by the Michigan Association of Broadcasters said of the Barix system hack. "Apparently they have been accumulating passwords for some time. MAKE SURE that your password is of sufficient strength! Barix Boxes will take up to 24 characters.... In at least two cases six character passwords were cracked."
Members of the group responsible for the FurCast have also supported the explanation. In a post published Wednesday and updated Thursday, they report that starting on Tuesday morning, their streaming server was hit by "large numbers of IP addresses attempting to connect to our archive stream." Most of the connection requests identified themselves as being made by a "Barix Streaming Client." Most or all of the Barix boxes attempting to connect were listed on the search website Shodan, an indication that they were easy for hackers to find and then probe for weaknesses. FurCast members were able to thwart the attack by changing the Web addresses of podcasts the compromised streaming equipment attempted to play.