RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]

John.Airey_at_rnib.org.uk
Date: 01/13/04

  • Next message: Cisco Systems Product Security Incident Response Team: "[Full-Disclosure] Cisco Security Advisory: Vulnerabilities in H.323 Message Processing" 
    To: ge@egotistical.reprehensible.net, bugtraq@securityfocus.com
Date: Tue, 13 Jan 2004 09:10:14 -0000

    > -----Original Message-----
    > From: Gadi Evron [mailto:ge@egotistical.reprehensible.net]
    > Sent: 11 January 2004 04:07
    > To: bugtraq@securityfocus.com
    > Cc: full-disclosure@lists.netsys.com
    > Subject: [Fwd: [TH-research] OT: Israeli Post Office break-in]
    >
    >
    > I thought this story might interest some of you. See
    > forwarded message
    > below.
    >
    > Gadi Evron.
    >
    >
    > Date: Sat, 10 Jan 2004 19:23:15 -0800
    > From: Gadi Evron <ge@linuxbox.org>
    > To: th-research
    > Subject: [TH-research] OT: Israeli Post Office break-in
    >
    >
    > Mail from Gadi Evron <ge@linuxbox.org>
    >
    > This is completely off-topic, but very interesting.
    >
    > Apparently there was a break-in in a branch of the Israeli
    > Post Office.
    >
    > The offenders placed a wire-less gateway connected to a switch inside,
    > and through it stole a few tens of thousands of Shekels in
    > the few days
    > they were in operation (the Israeli Post Office is a sort of
    > a small bank).
    >
    I can't resist any longer. I have to ask a few questions.

    1. How did they know which switch to connect to? Wouldn't this require some
    knowledge of network topology.
    2. If it is indeed a switch and not a hub, how did they obtain access to set
    this port to monitor traffic?
    3. How did they get access to the switch. Shouldn't it have been locked
    away.
    4. How did they convert electrons to money? Was this by raiding bank
    accounts or collecting credit card numbers?
    5. How could they be unable to hide a WAP in a rack (assuming the switch was
    in a rack)? I can think of several ways to hide one without it being
    visible.

    Seems like a bit of an inside job to me, but I'm no *** Tracy...

    -
    John Airey, BSc (Jt Hons), CNA, RHCE
    Internet systems support officer, ITCSD, Royal National Institute of the
    Blind,
    Bakewell Road, Peterborough PE2 6XU,
    Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

    Even if you win the rat race, that will still only make you a rat.

     

    -
    DISCLAIMER:

    NOTICE: The information contained in this email and any attachments is
    confidential and may be privileged. If you are not the intended
    recipient you should not use, disclose, distribute or copy any of the
    content of it or of any attachment; you are requested to notify the
    sender immediately of your receipt of the email and then to delete it
    and any attachments from your system.

    RNIB endeavours to ensure that emails and any attachments generated by
    its staff are free from viruses or other contaminants. However, it
    cannot accept any responsibility for any such which are transmitted.
    We therefore recommend you scan all attachments.

    Please note that the statements and views expressed in this email and
    any attachments are those of the author and do not necessarily represent
    those of RNIB.

    RNIB Registered Charity Number: 226227

    Website: http://www.rnib.org.uk

  • Next message: Cisco Systems Product Security Incident Response Team: "[Full-Disclosure] Cisco Security Advisory: Vulnerabilities in H.323 Message Processing"