Archive for July 2008
San Francisco's network held hostage by network admin
Posted by: Tom
This is just a classic case of one administrator who managed to get all the "keys to the kingdom". From the San Francisco Chronicle:
"Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said."
As part of his plan he also:
"...engineered a tracing system to monitor what other administrators were saying and doing related to his personnel case, law enforcement officials said. "
As of right now all other administrators are locked out of the system and he has the only password! I also saw on CNN today that he still won't give up the password when a judge asked him in court today. Awesome...so how does this happen? While exact details still are not clear...lack of proper controls, proper monitoring of privileged users, oversight, separation of duties...are just a few things that comes to mind.
This should be a reminder for the corporate world that all privileged users (network administrators in this case) should be held to a higher standard then other users on the network. Thus, need more oversight and monitoring. Hopefully the city can get the password cracked or the guy eventually gives it up.
"Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said."
As part of his plan he also:
"...engineered a tracing system to monitor what other administrators were saying and doing related to his personnel case, law enforcement officials said. "
As of right now all other administrators are locked out of the system and he has the only password! I also saw on CNN today that he still won't give up the password when a judge asked him in court today. Awesome...so how does this happen? While exact details still are not clear...lack of proper controls, proper monitoring of privileged users, oversight, separation of duties...are just a few things that comes to mind.
This should be a reminder for the corporate world that all privileged users (network administrators in this case) should be held to a higher standard then other users on the network. Thus, need more oversight and monitoring. Hopefully the city can get the password cracked or the guy eventually gives it up.
What does a hacker...hear?
Posted by: Tom
Good post on Bloginfosec last week that talks about all the interesting security related sounds that go on in pretty much any environment just by listening.
If you saw Johnny Long's "No Tech Hacking" presentation then you will probably remember the line "What does a hacker see?" as Johnny pointed out items in pictures that wouldn't be a big deal to the average person but to a hacker this information becomes extremely valuable.
Russell Handorf who wrote the article on Bloginfosec also put together a pretty cool quiz that you can take online to see if you can recognize some typical and not so typical sounds from various computing devices. I would be interested in hearing more about cell phone defaults...for example, does your phone have a default sound for Bluetooth sync? Like Russell mentioned in his article, it is pretty easy to use a tool like hcidump or the soon to be released BTfind which will help identify and enumerate found Bluetooth devices.
Next time you are at a conference, on the bus, train or at your local coffee shop pay attention and listen...you might be amazed at what you hear.