Thieves Hacking Security Cameras? 181
The FBI is investigating fifteen store robberies in eleven states, committed via phone and internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article, "A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened.""
"wire money to his bank account"? (Score:5, Interesting)
Strange.
CCTV (Score:5, Interesting)
Re:CCTV (Score:5, Interesting)
Many companies are cutting back on security staff by eliminating in-store people that watch the TV screens. The stores still have some roving security people, but the TV screen watching is now more automated, more centralized, and in some cases even pushed out to homes where people with broadband can be paid even less than the in-store people to sit and watch a bunch of TV camera images for hours, looking for suspect people.
It might be interesting if someone developed a way to fool those systems into thinking someone is watching (frequently clicking to see the next camera).
Re:CCTV (Score:5, Interesting)
Most of our clients are hell-bent on having internet access so that they can remotely view and control their cameras, card access systems, and PA systems.
Although it is possible to hack these systems, it is a remote chance if configured properly like anything else.
My guess is that these incidents are with default usernames and passwords on the DVR and other equipment.
However, my question is: how did they find the IP of a target store?
It's one thing to want to rob a store, but it's another to know this type of sensitive information.
And in many cases, even large stores are using DSL or Cable where they get a dynamic IP.
Sounds like an inside job to me.
Re:CCTV (Score:5, Interesting)
Two weeks after installation, the thieves broke in. When they saw the cameras and the DVR, they set fire to the place to destroy the evidence, but the still photos were enough to identify and convict them. They haven't had a problem since.
Re:Dumber than dumb (Score:5, Interesting)
Those who have a place in the system have no place in a jury.
Re:"wire money to his bank account"? (Score:1, Interesting)
In civilized countries, bank accounts are always tracked back to the owner. Even in Switzerland, Luxembourg, Liechtenstein, etc. They are required to do so by the FATF and the OECD.
Whether the bank will cooperate is another story. Swiss banks will cooperate in cases of serious crime, if the offense is a crime in Switzerland. This case sounds like it would be a crime in Switzerland.
However, tax evasion is not a serious crime in Switzerland, so a Swiss bank will not cooperate when investigating tax evasion. This is one reason Swiss banks are so popular with foreigners.
Wireless (Score:5, Interesting)
In my WarDriving travels, I've come apon many SSID-hidden wireless networks around stores. Sometimes they aren't even encrypted. My recent curiosity with these nets reveals a few wifi networked cameras in some locations, and sometimes if you log into these networks, you can find a nat. From there it's simply accessing a site that gives you a IP.
But why bother when you already have access to there cameras via a unsecured access point?
Anonymous for obvious reasons.
YOU FUCKING LOVE IT (Score:5, Interesting)
Re:Dumber than dumb (Score:4, Interesting)
They'd probably harbor a sleeper cell in the loading dock as long as their supply chain of cheap Chinese crap doesn't slow down.