[BreachExchange] KHQ-TV part of cyber attack that hit news stations across Washington, Montana

Destry Winant destry at riskbasedsecurity.com
Wed Dec 11 10:14:59 EST 2019


A “very sophisticated” cyber attack on the software running KHQ-TV’s
news broadcasts has journalists at the Spokane NBC affiliate reading
off paper scripts and resorting to technical workarounds for video.

“It’s very late ’90s all of a sudden in here,” said Traci Zeravica,
director of content and communications for the station.

The security breach occurred overnight Sunday, just hours before the
affiliate’s 4:30 a.m. morning newscast, said Patricia McRae, president
of KHQ, Inc. and Cowles Montana Media. The attack targeted the
company’s technical software needed to prepare local newscasts across
all stations owned by the television group, but no personal employee
or advertiser data was compromised in the breach, McRae said.

KHQ reported the attack to the FBI, McRae said. The company, which is
an affiliate of the Cowles Co. that also publishes The
Spokesman-Review, is working to restore the software from backups
after it determines data is secure, she added.

In the meantime, the station has been informing viewers of “technical
difficulties” that have limited recent broadcasts, including fewer
on-screen graphics and video than they might be accustomed to, said
Zeravica. She applauded station employees, including reporters,
anchors and those working behind-the-scenes, for responding quickly
and adapting to the new, old way of delivering the news.

“Everybody’s been very kind to us,” Zeravica said of viewers, who have
mostly complimented the station for their work despite the technical

McRae said it was unclear Tuesday afternoon where the attack
originated and said it would be at least a couple more days before
everything was back online at the three KHQ, Inc., stations in
Washington and the eight affiliates in Montana owned by Cowles Montana

A recent uptick in cyber attacks has the Cybersecurity and
Infrastructure Agency, a division of the U.S. Department of Homeland
Security, warning private citizens, municipal governments and private
companies about hackers who trick users into allowing access into
systems. They then freeze those systems and demand payment before
letting others back in.

In 2017, the FBI reported so-called “ransomware” attacks accounted for
losses of $2.3 million nationwide. In March, a local medical services
company announced it had paid $15,000 to hackers who stole patient
information, and in July, an industry group released a report that
some 140 attacks in the past year had targeted local and state

McRae declined to say Tuesday whether there were demands tied to the
hacking of KHQ’s software. An FBI spokesman declined comment Tuesday

The company has reached out to other news organizations to see if
they’ve been victims of similar attacks and if they had any advice for
combating the threat in the future, McRae said.

“They’ve had small breaches,” she said. “Nothing like what we’re dealing with.”

On Monday, KHQ’s reporters were filing stories through private social
media accounts and accessing email on smartphones because of an
internet shutdown, Zeravica said. Sydnee Stelle, a reporter and
weather forecaster for the station, produced a weather report for
stations in Montana because the station’s weather graphic systems were
knocked out by the cyber attack.

Producers were huddling Tuesday to determine how to shoot live video
simultaneously in two studios in the newsroom, after one of the
control room computers was identified as at-risk of infection and
taken out of commission. Zeravica floated from desk to desk with a
fistful of zip drives that would contain videos for the nightly news
broadcast, while night-side producers created scripts and lists of
stories in Microsoft Word documents that would later be printed and
transferred to control rooms.

Zeravica said producing the news without the software they’re used to
was like driving home one way every day after work, then overnight
shifting to a different route home.

“It’s a hurdle for us,” she said.

More information about the BreachExchange mailing list