A “very sophisticated” cyber attack on the software running KHQ-TV’s news broadcasts has journalists at the Spokane NBC affiliate reading off paper scripts and resorting to technical workarounds for video.
“It’s very late ’90s all of a sudden in here,” said Traci Zeravica, director of content and communications for the station.
The security breach occurred overnight Sunday, just hours before the affiliate’s 4:30 a.m. morning newscast, said Patricia McRae, president of KHQ, Inc. and Cowles Montana Media. The attack targeted the company’s technical software needed to prepare local newscasts across all stations owned by the television group, but no personal employee or advertiser data was compromised in the breach, McRae said.
KHQ reported the attack to the FBI, McRae said. The company, which is an affiliate of the Cowles Co. that also publishes The Spokesman-Review, is working to restore the software from backups after it determines data is secure, she added.
In the meantime, the station has been informing viewers of “technical difficulties” that have limited recent broadcasts, including fewer on-screen graphics and video than they might be accustomed to, said Zeravica. She applauded station employees, including reporters, anchors and those working behind-the-scenes, for responding quickly and adapting to the new, old way of delivering the news.
“Everybody’s been very kind to us,” Zeravica said of viewers, who have mostly complimented the station for their work despite the technical issues.
McRae said it was unclear Tuesday afternoon where the attack originated and said it would be at least a couple more days before everything was back online at the three KHQ, Inc., stations in Washington and the eight affiliates in Montana owned by Cowles Montana Media.
A recent uptick in cyber attacks has the Cybersecurity and Infrastructure Agency, a division of the U.S. Department of Homeland Security, warning private citizens, municipal governments and private companies about hackers who trick users into allowing access into systems. They then freeze those systems and demand payment before letting others back in.
In 2017, the FBI reported so-called “ransomware” attacks accounted for losses of $2.3 million nationwide. In March, a local medical services company announced it had paid $15,000 to hackers who stole patient information, and in July, an industry group released a report that some 140 attacks in the past year had targeted local and state governments.
McRae declined to say Tuesday whether there were demands tied to the hacking of KHQ’s software. An FBI spokesman declined comment Tuesday afternoon.
The company has reached out to other news organizations to see if they’ve been victims of similar attacks and if they had any advice for combating the threat in the future, McRae said.
“They’ve had small breaches,” she said. “Nothing like what we’re dealing with.”
On Monday, KHQ’s reporters were filing stories through private social media accounts and accessing email on smartphones because of an internet shutdown, Zeravica said. Sydnee Stelle, a reporter and weather forecaster for the station, produced a weather report for stations in Montana because the station’s weather graphic systems were knocked out by the cyber attack.
Producers were huddling Tuesday to determine how to shoot live video simultaneously in two studios in the newsroom, after one of the control room computers was identified as at-risk of infection and taken out of commission. Zeravica floated from desk to desk with a fistful of zip drives that would contain videos for the nightly news broadcast, while night-side producers created scripts and lists of stories in Microsoft Word documents that would later be printed and transferred to control rooms.
Zeravica said producing the news without the software they’re used to was like driving home one way every day after work, then overnight shifting to a different route home.
“It’s a hurdle for us,” she said.
Subscribe to the Coronavirus newsletter
Get the day’s latest Coronavirus news delivered to your inbox by subscribing to our newsletter.