Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]

[Ron DuFresne <dufresne () winternet com>]

This was not a remote attack, at least not the initial attack <setting up
the AP>  That was a physical, access to the site directly walking in the
door attack.  Certainly not an issue with a publically open port that was
being stepped upon, not until the AP was placed, and then seems to have
been accessed by those that placed it.  this is a physical security issue
if I read the original report properly.

Than again, perhaps I misread...

Thanks,

Ron DuFresne

On Tue, 13 Jan 2004 Frank_Kenisky () psc uscourts gov wrote:

> Without access to the entire article or knowing more than the media writes
> it's really not possible to tell.  But from what you've posted.  That is
> an interesting story.  With some configuration networks can be somewhat
> secure.  But leaving a port wide open to the public is not the best
> physical security.  I have seen this in hospitals.  The hospital remodels
> a public area but somehow leaves ports accessible to the public.  I've
> often thought that it would probablly be pretty easy for someone to say
> purchase a wireless AP (pretty inexpensive these days) sit in the public
> area (i.e. waiting room) with a laptop or PDA, connect to the AP and start
> surfing.
>
> This of course would require a bit of knowedge but not much.
>
> Frank Kenisky IV, CISSP, CISA
> Information Technology Security Specialist
> 210-301-6433
>
>
>
> John.Airey () rnib org uk
> 01/13/2004 03:10 AM
>
> To
> ge () egotistical reprehensible net, bugtraq () securityfocus com
> cc
> full-disclosure () lists netsys com
> Subject
> RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
>
>
>
>
>
>
> > -----Original Message-----
> > From: Gadi Evron [mailto:ge () egotistical reprehensible net]
> > Sent: 11 January 2004 04:07
> > To: bugtraq () securityfocus com
> > Cc: full-disclosure () lists netsys com
> > Subject: [Fwd: [TH-research] OT: Israeli Post Office break-in]
> >
> >
> > I thought this story might interest some of you. See
> > forwarded message
> > below.
> >
> >       Gadi Evron.
> >
> >
> > Date: Sat, 10 Jan 2004 19:23:15 -0800
> > From: Gadi Evron <ge () linuxbox org>
> > To: th-research
> > Subject: [TH-research] OT: Israeli Post Office break-in
> >
> >
> > Mail from Gadi Evron <ge () linuxbox org>
> >
> > This is completely off-topic, but very interesting.
> >
> > Apparently there was a break-in in a branch of the Israeli
> > Post Office.
> >
> > The offenders placed a wire-less gateway connected to a switch inside,
> > and through it stole a few tens of thousands of Shekels in
> > the few days
> > they were in operation (the Israeli Post Office is a sort of
> > a small bank).
> I can't resist any longer. I have to ask a few questions.
>
> 1. How did they know which switch to connect to? Wouldn't this require
> some
> knowledge of network topology.
> 2. If it is indeed a switch and not a hub, how did they obtain access to
> set
> this port to monitor traffic?
> 3. How did they get access to the switch. Shouldn't it have been locked
> away.
> 4. How did they convert electrons to money? Was this by raiding bank
> accounts or collecting credit card numbers?
> 5. How could they be unable to hide a WAP in a rack (assuming the switch
> was
> in a rack)? I can think of several ways to hide one without it being
> visible.
>
> Seems like a bit of an inside job to me, but I'm no Dick Tracy...
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk
>
> Even if you win the rat race, that will still only make you a rat.
>
>
>
> -
> DISCLAIMER:
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be privileged. If you are not the intended
> recipient you should not use, disclose, distribute or copy any of the
> content of it or of any attachment; you are requested to notify the
> sender immediately of your receipt of the email and then to delete it
> and any attachments from your system.
>
> RNIB endeavours to ensure that emails and any attachments generated by
> its staff are free from viruses or other contaminants. However, it
> cannot accept any responsibility for any  such which are transmitted.
> We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email and
> any attachments are those of the author and do not necessarily represent
> those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html