PCs Pilfered, Paralyzing Populace

Heywood Yabuzof writes "According to this Wired story, thieves in Chile caused traffic to grind to a halt when they decided to steal the computers (15 PCs and 2 servers) that control the traffic lights in Santiago. Funny how everyone worries so much about preventing "evil hackers" from breaking in to systems remotely and causing chaos, and then some burglars just go ahead and steal the critical computers to produce the same (unintended?) results."

This is a problem all over the world

[jedrek]

Sitting behind our screens, we sometimes forget that the entire network is actually a physical entity. We remind ourselves of it when a backhoe rips through our ISP's OC3, or when we're out of cable and can't connect our network card to our router or modem.

Well, at least I do.

Anyway, here in Poland there's a problem with people stealing cable. Not cable-tv, but telecommunication cables. Whole neighborhoods here in Warsaw have been cut off from telephony because of stolen inter-exchange cable. Railroad lights have been known to fail because of stolen equipment (this happens way too often). It's twice as bad in Russia, trust me.

Actually, at times, it seems like everything that isn't screwed or welded down in this country (this region) will get stolen. Ah... sucks pretty bad.

Physical Security

[SgtChaireBourne]

The theft in Santiago makes a good point about physical security and single point of failure. I stayed at a national record keeping agency a few years ago which got hit by thieves a few weeks before I arrived. In the areas they hit, they got every last CPU and piece of RAM and were out again before the alarm was respondend to.

Unlike the one in Santiago, this organization was very lucky that none of the hard drives were damaged or taken so there was no loss of working data, only expense and disruption of work. However, the building was sufficiently compartmentalized that they could only clean out a few administrative departments. They were already the model of security and efficiency for their primary charges. None of that is easily threatened by outsiders. However, after that they got religion about backups for even working material.

Fires, roof leaks, or clumsy people near the servers could have a similiar effect.

Could have been worse

[upper]

The lights could have been reprogrammed so to show everybody green lights all the time. Or to act almost normally, but to occasionally turn more lights green than their should be.

Or maybe that wouldn't have been possible -- it's not clear from the article whether the computers controlled the signals in detail or just sent sync signals to otherwise autonomous lights.

Happens with phone copper too

[bobobobo]

Similarly, another problem in 3rd world countries that are trying to develop any kind of widespread phone infrastructure, is that the actual copper itself is pulled out of the ground and stolen! This is one of the reasons India for example, is moving forward with satellite technology instead, as this practice tends to be commonplace and fairly frustrating.

Tangential Tidbit

[LionKimbro]

I have heard that the US phone companies store the telephone switching computers in carefully unmarked basements of various public buildings in the areas where they are performing switching.

I have also heard that these are typically UNIX systems, and- get this- your phone number represents a series of cd ("cd", as in "change directory") operations into a file tree.

So for example, if your phone number is 547-9510, then information about connecting to you is stored in directory ..../5/4/7/9/5/1/0/

I don't know if any of this is true, but I have heard it from a person who has business knowing such things, and it sounds plausible to me. =^_^=

Reply if you know better. Just a tangential tidbit.

Re:Physical Security

[Shiny+Metal+S.]

Other very common mistake is leaving a floppy drive set up as the first booting device, or not having password protected BIOS settings.

With e.g. Debian boot floppies or any other mini Linux and mini Unix distribution you can just insert a floppy, hit reset and wait a while until you got r00t and do whatever you want (like change the real root password in /etc/shadow on the main partition to whatever you want).

I'm talking about it, because it's much easier than trying to write a remote exploit, much easier than writing a local exploit and much easier than actually stealing the whole hardware. It's usually also much easier than social engineering.

It wouldn't be even hard to make a floppy which automatically do something to the system (like adding new users and adding them to every group, changing passwords, reading encrypted passwords for later cracking, leaving backdoors, etc.). When you have such a floppy, you only need few seconds to insert it, hit reset, come back after a minute when everything is done, take your floppy and hit reset again.

You can even prepare this floppy in a way, that when everything is done, your files from the floppy are deleted and "shutdown -r" is run. That way even when someone enters the room before you, he'll only find a normally working system with empty floppy in the drive. The chances are that no one will even go there to see what's wrong if the server was down for a minute and now it's OK, especially if it's a lunch brake or something.

Very dangerous and very easy if you can only go near a computer, and if it can boot the system from the floppy. And I've already seen servers without BIOS passwords and those set to boot in order of floppy,cd,hdd. It's very important and often forgotten issue, it's somewhere between physical and non-physical (logical?) security.

No one Uses Traffic Lights in Chile or South A

[puto]

I do not see what the big deal is.

I am part Colombian and the rest from New Orleans(go figure). And although I live and grew up in the states I have lived three of my 32 years in South America. AND DRIVEN THROUGH EVERY COUNTRY!

No one uses stoplights. They are a like pretty christmas decorations. If it is read you do

1.the "rolling Stop",
2.haul ass and hope you don't die
3.slow down but go through(most popular)

However, the funniest thing with all the hurrah is. All latin American countries have huge police forces. Chile is no exception. But it makes you wonder if the theives can rob a government building, what about the quality of protection for the regular guy?

Habitat for Humanity

[BlueboyX]

I see the same thing in Habitat for Humanity in the US. People steal everything that isn't nailed down, no matter how ugly or worthless it might be. They love to take scafolding. Old, messed up sawhoarses? Gone by the next morning. It's crazy.