Thursday, May 04, 2006
Why physical security should fascinate you
Last year, a bank in London let some crooks come in at night impersonating janitors.
The crooks unplugged the keyboards on the help desk computers and plugged them back in with a device added that records keystrokes (they're cheap and unobtrusive). That let them steal the helpdesk passwords. This included passwords for remote administration of other machines in the bank.
With that power they installed software keyloggers on a carefully selected set of other machines at the bank. This allowed them to steal all passwords typed into those machines. This included the passwords used for funds transfers.
Not just any funds transfers, either, but the international wholesale funds transfer network. When I say "wholesale", that means it handles about USD six trillion every day.
Their planned theft of 220 million pounds would have been utterly lost in the noise. The police stopped them, nobody's saying how. Had they succeeded, the bank would have lost almost half a billion dollars. Maybe they could have made it back by selling a diet book, "How I Lost 220 Million Pounds".
Physical security may seem boring because everything on TV is about network intrusions. If you've got money, enemies, or disgruntled former employees, physical security is very interesting.
|
The crooks unplugged the keyboards on the help desk computers and plugged them back in with a device added that records keystrokes (they're cheap and unobtrusive). That let them steal the helpdesk passwords. This included passwords for remote administration of other machines in the bank.
With that power they installed software keyloggers on a carefully selected set of other machines at the bank. This allowed them to steal all passwords typed into those machines. This included the passwords used for funds transfers.
Not just any funds transfers, either, but the international wholesale funds transfer network. When I say "wholesale", that means it handles about USD six trillion every day.
Their planned theft of 220 million pounds would have been utterly lost in the noise. The police stopped them, nobody's saying how. Had they succeeded, the bank would have lost almost half a billion dollars. Maybe they could have made it back by selling a diet book, "How I Lost 220 Million Pounds".
Physical security may seem boring because everything on TV is about network intrusions. If you've got money, enemies, or disgruntled former employees, physical security is very interesting.
# posted by Frederick @ 9:38 PM Email to a friend:
Haloscan: they provide trackback