Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]

From: "Lan Guy" <rlanguy () hotmail com>
Date: Wed, 14 Jan 2004 09:50:52 +0200
Yesterday I had to go to an "Israeli Post Office". I decide to look around.
This is what I saw:
The Comms cabinet in the managers room, was in clear view of all from the
reception area and was open.

There was a 16 port Hub or switch. (9 ports not used) I think it was
unmanaged
An ISDN TA Box
A stand alone Tower server with internal backup.

I also had to go to my HMO who have a similar setup, but:
The comms cabinet is in the recpetion area Locked but with the keys in the
lock and 3 steps away from the front door.
A 24 port managed switch, but I suspect that the 11 unused ports were still
active.

A personal observation on Israel as a whole: Personal security is viewed as
very important, but physical and Personel security is extreme lax.

Last year there was a case of a bank employee who stole 250 Million Sheqels
($US60 Million) from her customer's accounts.

Lan Guy


----- Original Message ----- 
From: <jan.muenther () nruns com>
To: "Dave Paris" <dparis () w3works com>
Cc: <John.Airey () rnib org uk>; <ge () egotistical reprehensible net>;
<bugtraq () securityfocus com>; <full-disclosure () lists netsys com>
Sent: Tuesday, January 13, 2004 8:53 PM
Subject: Re: [Full-disclosure] RE: [Fwd: [TH-research] OT: Israeli Post
Office break-in]



Howdy,

I can't resist - have to make a few comments on this one, despite us

moving

massively off topic.


1. How did they know which switch to connect to? Wouldn't this require
some knowledge of network topology.


Not necessarily. You'd be amazed by how many (even large) companies have a
totally flat network topology, normally due to "historical growth".


if it's a managed switch, most have SPAN (or RSPAN) port capability.

mirror

other ports to the sniffer port as appropriate.


Erm, common misconception. You don't need to have a span port to sniff in

a

switched network. And no, you don't have to force the switch into 'hub'

mode

by flooding its CAM table. ARP cache poisoning works beautifully,
particularly when you have operating systems which let you overwrite ARP
entries without even the slightest warning (and no, not only Windows is
guilty of that).


3. How did they get access to the switch. Shouldn't it have been

locked

away.


.. never underestimate the power of stupidity. :-)

Indeed. Sometimes physical security of institutions where you'd expect it

to

be good is abominable. Also, some basic social engineering can take you a
long way.



4. How did they convert electrons to money? Was this by raiding bank
accounts or collecting credit card numbers?


If you make it into the backend transaction systems, there's a heck of a

lot

you can do.

Cheers, J.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: