[Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
rlanguy at hotmail.com
Wed Jan 14 07:50:52 GMT 2004
Yesterday I had to go to an "Israeli Post Office". I decide to look around.
This is what I saw:
The Comms cabinet in the managers room, was in clear view of all from the
reception area and was open.
There was a 16 port Hub or switch. (9 ports not used) I think it was
An ISDN TA Box
A stand alone Tower server with internal backup.
I also had to go to my HMO who have a similar setup, but:
The comms cabinet is in the recpetion area Locked but with the keys in the
lock and 3 steps away from the front door.
A 24 port managed switch, but I suspect that the 11 unused ports were still
A personal observation on Israel as a whole: Personal security is viewed as
very important, but physical and Personel security is extreme lax.
Last year there was a case of a bank employee who stole 250 Million Sheqels
($US60 Million) from her customer's accounts.
----- Original Message -----
From: <jan.muenther at nruns.com>
To: "Dave Paris" <dparis at w3works.com>
Cc: <John.Airey at rnib.org.uk>; <ge at egotistical.reprehensible.net>;
<bugtraq at securityfocus.com>; <full-disclosure at lists.netsys.com>
Sent: Tuesday, January 13, 2004 8:53 PM
Subject: Re: [Full-Disclosure] RE: [Fwd: [TH-research] OT: Israeli Post
> I can't resist - have to make a few comments on this one, despite us
> massively off topic.
> > > 1. How did they know which switch to connect to? Wouldn't this require
> > > some knowledge of network topology.
> Not necessarily. You'd be amazed by how many (even large) companies have a
> totally flat network topology, normally due to "historical growth".
> > if it's a managed switch, most have SPAN (or RSPAN) port capability.
> > other ports to the sniffer port as appropriate.
> Erm, common misconception. You don't need to have a span port to sniff in
> switched network. And no, you don't have to force the switch into 'hub'
> by flooding its CAM table. ARP cache poisoning works beautifully,
> particularly when you have operating systems which let you overwrite ARP
> entries without even the slightest warning (and no, not only Windows is
> guilty of that).
> > > 3. How did they get access to the switch. Shouldn't it have been
> > > away.
> > .. never underestimate the power of stupidity. :-)
> Indeed. Sometimes physical security of institutions where you'd expect it
> be good is abominable. Also, some basic social engineering can take you a
> long way.
> > > 4. How did they convert electrons to money? Was this by raiding bank
> > > accounts or collecting credit card numbers?
> If you make it into the backend transaction systems, there's a heck of a
> you can do.
> Cheers, J.
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.