Hackers Hijack ESPN & NPR Radio Stations, Broadcast “Obscene” Material

Two regional radio stations were hacked in the past week and, according to the FCC, “broadcast to the public an attacker inserted audio stream that includes an actual or simulated Attention Signal and EAS alert tones, as well as obscene language, and other inappropriate material.”

On Sunday, during its broadcast of the Dallas Cowboys’ comeback win against the Philadelphia Eagles, ESPN 97.5 in Houston was compromised and listeners heard, according to one report, “a loop of fake EAS tones, a racist Country song, and a promo to follow [the hackers] on social media.”

The station later posted an explanation to listeners who were not only subjected to obscenities, but also missed a game between the Cowboys and their archrivals.

“In the past hour, there was audio airing on 97.5 FM signal that didn’t come from the radio station. Our signal had been hacked. We are actively trying to rectify the problem. We appreciate the many of you who posted to alert us of the issue.”

The prior Wednesday, Richmond, VA-area NPR station WVTF, known as “Radio IQ,” was compromised and “offensive material” was broadcast to listeners.

Radio IQ later apologized and explained, “The hacker was able to hijack our backup audio feed from Roanoke to Richmond. We have a sensor that starts the back-up feed when it hears ‘dead-air’ or silence on the main audio feed. Our engineers have to manually switch back to the main channel when it becomes available again.”

The station reported, “We had some dead-air that triggered the switch to back-up audio where an unauthorized audio loop was placed by the hacker.”

An FCC statement issued today explained the incident as follows: “It appears that these recent hacks were caused by a compromised studio-transmitter link (STL) — the broadcast equipment that carries program content from the studio to remote transmitters — with threat actors often accessing improperly secured Barix equipment and reconfiguring it to receive attacker controlled audio in lieu of station programming.”

This past summer, KRLL in California, Mo., and KPOG in Des Moines, Iowa were reportedly hit by similar attacks that compromised their Barix equipment.