Slashdot Mirror
Thieves Hacking Security Cameras?
The FBI is investigating fifteen store robberies in eleven states, committed via phone and internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article, "A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened.""
Has there ever been a more stupid quote than:
"If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."
What kind of retarded security system puts the live security cameras on the internet? It's like a bad Holywood plot. I'm not buying it.
It's called "Google hacking", you do it by searching with secret undergound hacker keywords and finding open remote camera viewer applets. Some applets even let you control the camera.
I'm sure Jack Thompson will blame this on BioShock.
/b/ does robbery.
Now THAT'S what I call social engineering.
Can't they follow the money trail from there?
Strange.
Why don't these stores copyright their video feed and then let loose the RIAA on the perps. That'll stop 'em!
threadeds blog
He did not record the security camera footage and upload it to You Tube? Dumb idiot. This is what dumbing down of America has done to the respectable profession of robbery.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.
My humor is probably your flamebait
My wife came in a found me sitting on the floor in my underwear. I had only skimmed the slashdot article and thought that it was a disrobe-or-get-bombed threat against me. It seems that the Slashdot is only _reporting_ a bomb threat and isn't actually going to blow us up.
Also, would CowboyNeal please send back my $3,000?
It's a valid question. Companies put security cameras on the internet to enable remote recording and control. It lets the central office or outsourced security firm handle all the digital video and dispatch police/fire services from a cost-efficient central location. If you owned 100 convenience stores in 10 states, where would you put the security office and how would you link them?
Rather than build a dedicated hardwired telecom network, companies are using the internet to connect everything together (security systems, financial systems, medical records, industrial control, etc.) As we can see from this example, they think they've created their own virtual network (of some degree of privacy), but in practice, the system is extremely vulnerable. I'd bet that more than a few internet-connected security cameras run with factory-default passwords.
Two wrongs don't make a right, but three lefts do.
This could be one of the first, and certainly not the last, case of people using security devices against the people whom they were designed to protect.
How are those net-enabled security cameras working out for you?
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
"officials were investigating whether the caller was out of state and may have hacked into the store's security system"
...
"If they can access the Internet, they can get to anything"
"Anyone in the whole world could have access, if that's what really happened"
What kind of idiot would connect the security system to the Internet so that 'they' could get to anything. Didn't they put it on a private VPN or use a password even?
"The FBI was looking into whether the calls to the banks and stores were being placed from overseas"
I thought DCSNet was designed to provide instant access to such information. Provides absolutly no evidence of any such hacking. Sounds to me like a low level extortion plot apart from the mention of the (scary) Internet and hackers (even more scary). Since when do sophisticated thieves use Western Union and wire themselves $3,000 with a $150 service charge. Who paid the charge I wonder.
We get bomb threats here all the time, so don't take any notice
davecb5620@gmail.com
Thanks for the laugh.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
You mean like this one ...
davecb5620@gmail.com
There are many store monitor camera systems that are installed with poor defaults and wide open access. Several makers' web interfaces have easy formulaic URLs to select different store views, and these commonly can be searched with plain old web search engines. This was a fun thing to do a few years back, with whole sites dedicated to lists of web cams that were likely not intended for global viewership. Without any real evidence that the web cameras were "hacked" I think it's a big stretch to assume any skill was involved here.
[
Slashdot Burying Stories About Slashdot Media Owned
I'm sure that in some states, 100 naked people in a store legally counts as an orgy.
People are stupid. Google for: inurl:"ViewerFrame?Mode="
And have fun...
In my WarDriving travels, I've come apon many SSID-hidden wireless networks around stores. Sometimes they aren't even encrypted. My recent curiosity with these nets reveals a few wifi networked cameras in some locations, and sometimes if you log into these networks, you can find a nat. From there it's simply accessing a site that gives you a IP.
But why bother when you already have access to there cameras via a unsecured access point?
Anonymous for obvious reasons.
I usually have Security Expert I & II equipped, so I have significantly less alarm and overload tiles. Every camera I see I take a few pictures of because then I can see the 'weaknesses' of the camera.
Of course when I have positioned myself directly under the camera I can't see me anymore and if it hangs too high I can just jump up and finish my hack in mid air.
Unfortunatly, the guards are a bitch. For them it always seems to be "bring your daugther to work day".
Other then that, hacking cameras is a breeze, like I said, with just a simple minigame they are asking for it.
Meanwhile, I'm glad that the video feed is secured by passwords as strong as "admin" or my favorite "1234". Sometimes they throw a "5" on there for added security...(it's Comcastic!)
This unbiased moderation brought to you by the Porcine Aviation Group!
Ignoring the funny side of it, why were the customers made to disrobe?
I can't begin to imagine a real reason at all here. I very much doubt that you seek titillation while carrying out a heist, and I don't think there was anyone present to gather in the wallets, nor was this to disarm potential gun carriers.
There's something very strange about this event.
The only thing that comes to mind is insanity, lol. Which I guess is quite possible.
Found on Google here
(And yes, it is surprisingly SFW, at least the frames I've seen so far are)
... System Shock 2.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
The commentary makes no sense at all. A bunch of disconnected factoids, that may or may not be true. I would need to hear a more convincing means, opportunity and motive before I swallowed a word of it.
"Oh, there's a bomb? In our store? How nice! Have a nice day."
.. a bomb. We got that. Good day!"
.. I know, it's probably a very nice bomb. Noooo, we're not looking for it. We don't really care, see? We figure one of our customers will probably buy it. Hmmm .. there's a thought .. got any more? Maybe we can work something out here .. hello? Hello?"
"Oh, it's you again? Yeah, right, like you said
"What? Again? Money? Are you crazy? Man, we'd rather have the bomb! Now go away!"
"Look
It worked a few centuries ago: "Millions for defense, not one penny for tribute."
.. all faces where covered with the text
"I thought what I'd do was, I'd pretend I was one of those deaf-mutes."
Well, not the crime part but the poking around with cameras. :) I was taking a computer class and one of the guys there mentioned this. I hit the google and had a string of candidates to look at within seconds. After about five minutes of searching, I found an unsecured and controllable camera. Its purpose was to monitor the construction of a new building at a California college. However, the camera had such a range of motion that I could easily turn it to observe the intersection across from it.
If any of you guys have viewed the gigapixel camera demos online, you know what I'm talking about when I say the zoom is phenomenal. Technology has now matched Hollywood. I turn the camera to look at the buildings across the street, the windows are all tiny, all I can see is they're lit. I start zooming in and I can eventually see the face of the guy working late, he's got his PC turned on his desk so I see his face in profile. Holy shit, I bet he wouldn't even be able to find the camera outside his window if I called him up and told him I could see him. And that idea, of course, made me want to call him up and tell him I could see him! The crazy thing is I probably could have, too. Find name of building the camera is attached to, pull it up on google maps and find the name of the building across the street from him, call the main switchboard there, get transfered to the right floor and that guy's extension, plus his name but first I'd need one of those creepy voice modulators...either that or learn how to do Stewie's voice properly. "Hello, Steve -- may I call you Steve? Forgive me for being a bit forward but I feel it's pointless to stand on politeness when I'm going to kill you anyway. Victory is mine!"
But on a more serious note, miniaturization just means we'll see cameras like this that can operate on solar power, have permanent wireless access to the net and can remain operational for days. The zoom potential means there's no limit to the line of sight. Oh, and how do you mount them? Have you seen the advances made in battery-operated RC choppers? With the way technology is advancing, the future is five minutes from now.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
FTA:
FBI spokesman Rich Kolko said the threat appears to be related to a plot in recent days focusing on banks and stores in places like Detroit, Phoenix, Salt Lake City, Philadelphia and Newport, R.I.
It sounds like they are randomly finding these cameras all over the place. They aren't hitting just one chain or anything like that. It's different types of businesses in completely different cities.
I think it's highly unlikely that they have an inside connection in 11+ states spread across the US. It's more likely they are scanning through Google or maybe they've managed to get access to a security company that manages many of these remote cameras as a service to businesses.
Aside from the criminal aspect of these incidents, it sounds like something I'd have done back in my IRC days while on a phone conference as a prank.
But, I don't work in the security industry. You probably have more insight into this kind of thing. Is it normal for businesses to outsource their security cameras to large, national security companies like this?
It should be legal to appear naked in public places if one has been ordered to do so over the Internet. That way, naked customers can exit hacked stores without fear of prosecution.
One of the things that "The Laughing Man" did in the GITS TV series was that he could hack video feeds in near-real-time. On one occasion he ghost-hacked someone's cybernetic eyes and became effectively invisible. More commonly, he would simultaneously hack all of the security cameras in a public place and overlay this funny "animated gif" over the top of his head to conceal his identity.
Nobody could figure out who he was because nobody had ever actually "seen" him.
Many video cameras now transmit mjpeg or mpeg-4 over http instead of an NTSC video signal down coax.
We keep getting closer to the level of pervasive internet connectivity and dependance that is the foundation of the GITS world. One could imagine a list of things required both technically and societally to get us from "here" to "there", and the list is always getting shorter a bit sooner than I'd expect.
My opinions are my own, and do not necessarily represent those of my employer.
You're no better than the terrorists! Ten or so homes and businesses are likely to be burned to the ground after their AXIS Network Cameras catch fire after a thorough Slashdotting. Bravo.
Although it is possible to hack these systems, it is a remote chance if configured properly like anything else.
I've seen these systems being sold to Casinos and what not. The fancy video cards only work with Winblows, so hacking them is only as hard as that.
how did they find the IP of a target store?
You look for the web page they serve with Google. If you don't customize every page and eliminate the keyword combinations, your site can be found.
This is an issue people need to be aware of. Security is only as strong as it's weakest link. People should demand video systems that work with a better OS.
Friends don't help friends install M$ junk.
They just picked out tidbits from the actual news story of someone making bomb threats to multiple stores and banks and demanding money be transferred to a bank account or they would blow up the store/bank. They think they might have had access to the security cameras OR possibly were within eyesight of the places they were threatening because they forced the customers to disrobe. Flimsy evidence at best I think, but it's certainly possible: http://www.google.com/search?hl=en&q=inurl%3A%22Vi ewerFrame%3FMode%3D%22&btnG=Google+Search
http://www.google.com/search?hl=en&q=inurl%3A%22Vi ewerFrame%3FMode%3D%22&btnG=Google+Search
Plenty of unsecured network security cameras out there. You can even control them over the internet - pan, zoom, etc. Good fun when you absolutely having nothing better to do.
As in "Hackers" (movie, not real people)
"If still these truths be held to be
Self evident."
-Edna St. Vincent Millay
Yeah, wire me the money - I'll get it someday when the police aren't looking...
This was a hoax, a prank. Somebody was just having fun jerking people around.
And see how easy it was. Anybody remember the Chinese Fire Drill in the book "Illuminatus?" Act authoritative - or threatening in this case - and spew out some orders, and everybody falls right into line like lemmings.
The first response to the bomb threat should have been, "Fine - set it off. We'll settle up later, asshole."
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
An obliquely related story; I bought a security webcam, wasn't happy with it, thought I did a factory reset, but I guess I didn't. When it was purchased, suddenly I was bombarded with emailed images from a strangers house :S The only ones who could track it down was the ISP Eastlink, who ignored my pleading for months.
Then CTV ran a story on it, and they magically found the customer, informed them, and the problem was solved. Amazing (and sad) how a bit of media attention will get the job done.
Link here with video.
Ironically, while CTV blurred out the new owner's images for their privacy, they clearly showed my email address on national TV. D'oh. My previously clean account has been getting a load of spam since then. (Who harvests email addresses for spam from TV segments??!?!?!?)
Love many, trust a few, do harm to none.
Each of the three most common metals used in catalytic converters (palladium, platinum and rhodium) are worth a bundle. But you'd be hard pressed to get more than about $50 worth of material from each catalyst. Aa lot of work with a lot of risk for such a low return.
Ok. I'll bite. I hereby order you to get naked. Just don't scare the kiddies, mmmkay? ;)
At least in Nevada, the phrase "Jewish lightning" is *not* ethnic. Rather, it's a reference to Meyer Lanski, who was a master of the convenient fire during the mob days here.
awk
h
Just saw this on the TV: there are reports the FBI asked for help to at least one european police to find the thiefs, as they have tracked at least one call from one european country. Stupid arses! The exchange rate for Euro against the US dollar is too low. The banks will get the lion share of this scam, with all the charges and transfer costs. Ah! Ah!
You do not use XP. personal computer based systems are the lowest end and we refuse to sell them. you buy a dedicated pvr box. they record faster are virus immune and are designed for one task. Actually most run Linux even the ones that claim differently (pop their hard drive in a PC and discover its a Linux disk format). If you want a cheapie digital video recorder based on consumer computer parts, I suggest looking for Zoneminder. its the only one that is worth using. I have tried and threw away every windows based PVR recording solutions out there. All of them are hokey and not really useable for real security. you need event recording based on camera motion detection and it needs to rate that motion in a grade so you can sort by larger scores to find real events instead of the 10,000 recorded events during partly cloudy days for outdoor cameras.
If you want a good cheap dedicated system, go looking at supercircuits (google that name) they have some low end digital mpeg4 pvr's that are acceptable.
Do not look at laser with remaining good eye.