Happy October AKA Cybersecurity Awareness Month. It’s no coincidence that Cybersecurity Awareness Month happens during the spookiest time of year…the vulnerabilities that lie in the shadows can have some seriously haunting consequences. 

To celebrate, we’re excited to launch Bugcrowd’s brand new series, Unsolved Cyber Mysteries. Unsolved Cyber Mysteries is a micro docuseries that retells the real stories of everyday people who were swept up in extraordinary breaches, unexplained leaks, and outbreaks of sensitive data. This hair-raising series, hosted by Bugcrowd Founder and CTO (Chief Terror Officer) Casey Ellis, unites security practitioners and true crime junkies in the astounding, creepy, and downright terrifying stories of cybersecurity gone wrong. 

Episode 1: The Max Headroom Signal Hijacking

The year was 1987. The Simpsons just premiered on The Tracey Ullman Show, U.S. President Ronald Reagan delivered his famous speech at the Berlin Wall, and Guns N’ Roses released their career-making debut album. 

On the evening of November 22, Chicago locals tuned into WGN-TV’s 9 O’clock news. Just as WGN Sports Anchor, Dan Roan, began discussing the Chicago Bears win against the Detroit Lions at Soldier Field earlier that day, TV screens everywhere suddenly went black for 10 seconds. 

An unknown person in a Max Headroom mask appeared on screen for approximately 30 seconds, accompanied with the eerie noise of static. For those who don’t know, Max Headroom is a fictional character debuted in 1985 in the movie Max Headroom: 20 Minutes into the Future

The person in the mask appeared to be dancing in front of a swaying metal background. WGN engineers initially thwarted the attack by changing the studio-to-transmitter frequency used to transmit the broadcast signal. The total interruption lasted 33 seconds and left viewers, sound engineers, and broadcasters alike flummoxed. 

About two hours later during an episode of Dr. Who, airing on the WTTW network, the Max impersonator showed up again. This time, the video clip had sound. Viewers heard distorted audio of the hacker speaking and singing, although most of the statements were random and seemingly inexplicable, like quoting New Coke’s advertising slogan, “catch the wave.” 

Unfortunately, this hijack was less G-rated than the WGN one. Instead of just dancing, the Max impersonator raised the stakes, holding up a middle finger, exposing his rear end, and showing themselves getting spanked with a flyswatter. This intrusion lasted longer, for about 1 minute and 22 seconds. 

Feeling mystified? So was the rest of Chicago (and the world). Don’t miss the first episode of Unsolved Cyber Mysteries to learn more about this hijack, the reaction, explanations of possible motivations, and a breakdown of the impact.