Thieves Hacking Security Cameras?

← Back to Stories (view on slashdot.org)

Thieves Hacking Security Cameras?

Posted by samzenpus on Thursday August 30, 2007 @12:04AM from the steal-from-home dept.

The FBI is investigating fifteen store robberies in eleven states, committed via phone and internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article, "A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened.""

31 of 181 comments (clear)

Dumber than dumb by BobTheLawyer · 2007-08-30 00:06 · Score: 4, Insightful

Has there ever been a more stupid quote than:

"If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."
1. Re:Dumber than dumb by Anonymous Coward · 2007-08-30 00:11 · Score: 3, Insightful
  
  Not TOO far from the truth. Often the security cameras are accessible to anyone with a browser and without password protection or with a password that's ridiculously easy to guess.
2. Re:Dumber than dumb by KudyardRipling · 2007-08-30 00:36 · Score: 5, Interesting
  
  This is called a JURY POOL TAINTING STATEMENT. It is designed to predispose those eligible for jury service in the jurisdictions involved to convict by using the element of fear and terror. Whenever a statement made by law enforcement officials about an alleged criminal act is broadcast, it should be quoted in the voir dire process to screen out the rubberstampers. These are defined as those who (are carefully instructed to) worry about wives, kids, homes, SUV's entertainment systems, 401k's vacations, etc. Since the media as an institution is presumed diligent in publishing such statements, there is a presumption of contamination on the part of the jury pool. That is why one of the boilerplate questions asked by the parties in court deals with this issue of media contaminating his/her worldview or view of the defendant.
  
  Those who have a place in the system have no place in a jury.
  
  --
  Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
3. Re:Dumber than dumb by endianx · 2007-08-30 00:39 · Score: 5, Informative
  
  And easily found if you know what to look for.
4. Re:Dumber than dumb by LarsWestergren · 2007-08-30 00:53 · Score: 4, Funny
  
  Has there ever been a more stupid quote than:
  "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."
  
  Yes. I think "No, it's not loaded! Here, I'll prove it to you!" beats it.
  
  --
  Being bitter is drinking poison and hoping someone else will die
5. Re:Dumber than dumb by WhatAmIDoingHere · 2007-08-30 00:55 · Score: 3, Funny
  
  "hackers on steroids"
  "internet hate machine"
  Wait until these stores get dogs and curtains, than we'll be REALLY fucked.
  
  --
  Not a Twitter sockpuppet... but I wish I was.
6. Re:Dumber than dumb by brian.gunderson · 2007-08-30 02:16 · Score: 5, Funny
  
  You just slashdotted a whole lotta webcams.
  
  --
  Appended to the end of comments you post. 120 chars.
7. Re:Dumber than dumb by lordofthechia · 2007-08-30 02:25 · Score: 5, Funny
  
  From the article (Piro is the manager)....
  
  "He then demanded that one of Piros' fingers be cut off for every hour his demands were not met, and another employee got a butcher knife on his orders"
  
  Anybody wanna take bets on who was the first person fired after this incident?
  
  --
  Georgia Tech, the leader in Chia(tm) technology.
8. Re:Dumber than dumb by 5KVGhost · 2007-08-30 03:37 · Score: 3, Insightful
  
  I don't see anything controversial about that case. If you actively participate in a violent crime and someone dies then you're just as responsible as the person who pulls the trigger. Don't want to be responsible for a murder? Then don't be a getaway driver for a gang of doped up armed robbers. It's not difficult.
9. Re:Dumber than dumb by CellBlock · 2007-08-30 03:38 · Score: 4, Interesting
  
  You're right, but this isn't about "any forward-looking organization," it's about Wal-Mart, a company that has decided that prosecuting shoplifters isn't worth their time unless they're stealing a lot.
  
  They'd probably harbor a sleeper cell in the loading dock as long as their supply chain of cheap Chinese crap doesn't slow down.
Hacking security cameras, huh? by EveryNickIsTaken · 2007-08-30 00:10 · Score: 5, Funny

I'm sure Jack Thompson will blame this on BioShock.
"wire money to his bank account"? by TheLink · 2007-08-30 00:13 · Score: 4, Interesting

Can't they follow the money trail from there?

Strange.
--
- Too many replies beneath your current threshold
1. Re:"wire money to his bank account"? by morgan_greywolf · 2007-08-30 00:24 · Score: 5, Informative
  
  That depends on what country the bank account is in. In some countries, bank accounts can't necessarily be tracked back to the owner, they are secured only by a really, really fscking long account number.
  
  --
  My blog
Get the RIAA in on the case! by threaded · 2007-08-30 00:14 · Score: 5, Funny

Why don't these stores copyright their video feed and then let loose the RIAA on the perps. That'll stop 'em!

--
threadeds blog
Is the footage on YouTube? by 140Mandak262Jamuna · 2007-08-30 00:14 · Score: 4, Funny

He did not record the security camera footage and upload it to You Tube? Dumb idiot. This is what dumbing down of America has done to the respectable profession of robbery.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
CCTV by Recovering+Hater · 2007-08-30 00:18 · Score: 5, Interesting

Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.

--
My humor is probably your flamebait
1. Re:CCTV by MyLongNickName · 2007-08-30 00:28 · Score: 4, Funny
  
  How else do you outsource your security work to India?
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
2. Re:CCTV by Skapare · 2007-08-30 00:28 · Score: 4, Interesting
  
  Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.
  
  Many companies are cutting back on security staff by eliminating in-store people that watch the TV screens. The stores still have some roving security people, but the TV screen watching is now more automated, more centralized, and in some cases even pushed out to homes where people with broadband can be paid even less than the in-store people to sit and watch a bunch of TV camera images for hours, looking for suspect people.
  
  It might be interesting if someone developed a way to fool those systems into thinking someone is watching (frequently clicking to see the next camera).
  
  --
  now we need to go OSS in diesel cars
3. Re:CCTV by Egonis · 2007-08-30 00:29 · Score: 5, Interesting
  
  I run a security consulting business, and one of the things we do is CCTV Camera Systems.
  
  Most of our clients are hell-bent on having internet access so that they can remotely view and control their cameras, card access systems, and PA systems.
  
  Although it is possible to hack these systems, it is a remote chance if configured properly like anything else.
  
  My guess is that these incidents are with default usernames and passwords on the DVR and other equipment.
  
  However, my question is: how did they find the IP of a target store?
  It's one thing to want to rob a store, but it's another to know this type of sensitive information.
  And in many cases, even large stores are using DSL or Cable where they get a dynamic IP.
  
  Sounds like an inside job to me.
4. Re:CCTV by canUbeleiveIT · 2007-08-30 00:36 · Score: 4, Interesting
  
  Last year we put a security camera system into a auto recycling yard using IP cameras. They had been suffering a rash of after-hours breakins to steal the platinum that is in old catalytic converters. The system recorded to a DVR, but also was hooked to motion sensors that, when activated, would call the manager's cell phone, as well as start pitching still shots across the internet to a remote ftp server.
  
  Two weeks after installation, the thieves broke in. When they saw the cameras and the DVR, they set fire to the place to destroy the evidence, but the still photos were enough to identify and convict them. They haven't had a problem since.
5. Re:CCTV by Ajehals · 2007-08-30 00:45 · Score: 4, Funny
  
  They haven't had a problem since. Is that on account of no longer having a business as it was destroyed by fire?
6. Re:CCTV by ptbarnett · 2007-08-30 00:56 · Score: 3, Informative
  
  Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.
  Read further in TFA:
  Initially, the caller led employees to believe he was observing them.
  "After a while, it sounded like he was just taking a shot in the dark at what they might be doing, or what they looked like or how they were reacting to his call," Prescott police Lt. Ken Morley said.
7. Re:CCTV by Fox_1 · 2007-08-30 03:44 · Score: 3, Informative
  
  Mod Parent up - this was actually withdrawn yesterday - the cops spread at little FUD with their Internet Hackers working the Security Camera Comments - but now they have backed off on this statement, particularly since the Hutchinson Incident was caused by locals who have been taken into custody.
  see here
  Oh and no bombs have ever been found, there are a lot of embarrassed people out there who have really overreacted to these 'menacing & scary' phone calls.
  
  --
  The rock, the vulture, and the chain
I was fooled too by clovis · 2007-08-30 00:29 · Score: 4, Funny

My wife came in a found me sitting on the floor in my underwear. I had only skimmed the slashdot article and thought that it was a disrobe-or-get-bombed threat against me. It seems that the Slashdot is only _reporting_ a bomb threat and isn't actually going to blow us up.
Also, would CowboyNeal please send back my $3,000?
Why CCTV is on the internet by G4from128k · 2007-08-30 00:30 · Score: 5, Informative

It's a valid question. Companies put security cameras on the internet to enable remote recording and control. It lets the central office or outsourced security firm handle all the digital video and dispatch police/fire services from a cost-efficient central location. If you owned 100 convenience stores in 10 states, where would you put the security office and how would you link them?

Rather than build a dedicated hardwired telecom network, companies are using the internet to connect everything together (security systems, financial systems, medical records, industrial control, etc.) As we can see from this example, they think they've created their own virtual network (of some degree of privacy), but in practice, the system is extremely vulnerable. I'd bet that more than a few internet-connected security cameras run with factory-default passwords.

--
Two wrongs don't make a right, but three lefts do.
Another law broken? by Ukab+the+Great · 2007-08-30 00:51 · Score: 4, Funny

I'm sure that in some states, 100 naked people in a store legally counts as an orgy.
In other news... by dark-br · 2007-08-30 01:10 · Score: 3, Informative

People are stupid. Google for: inurl:"ViewerFrame?Mode="

And have fun...
Wireless by Anonymous Coward · 2007-08-30 01:10 · Score: 5, Interesting

However, my question is: how did they find the IP of a target store?
It's one thing to want to rob a store, but it's another to know this type of sensitive information.

In my WarDriving travels, I've come apon many SSID-hidden wireless networks around stores. Sometimes they aren't even encrypted. My recent curiosity with these nets reveals a few wifi networked cameras in some locations, and sometimes if you log into these networks, you can find a nat. From there it's simply accessing a site that gives you a IP.

But why bother when you already have access to there cameras via a unsecured access point?

Anonymous for obvious reasons.
Re:Duh by Lumpy · 2007-08-30 01:15 · Score: 4, Informative

Mostly it's incompetent IT and store managers that have installed panasonic IP cameras and left them not only wide open but on the internet because the store managers are retarted and want to spend their life watching the employees.

ALL of this stuff goes right back to raging incompetence. It's incredible how little these stores pay for IT, I had to teach the IT specialists for Walmart how to do basic networking when we were helping a client set up their network for their restaurant inside a new walmart store. The Walmart head of networking, or so he claimed to be, told me it was impossible to tunnel IP traffic safely through a network, no. he did not understand what a VPN was and then told me that VPN is not allowed as it's insecure and unencrypted!.... and then I had to hold their hands and show them how easy is really is to patch a phone line to a cat 5 jack in the phone room. Their network engineer told me flat out that DSL will not work over cat-5e cable. "The phone company uses Cat6 to your house!" is what he said. I was amazed at how undereducated these IT and networking people were.

With that kind of incompetence due to very low pay, it does not surprise me that security cameras are put on the net directly.

--
Do not look at laser with remaining good eye.
Re:Duh by CmdrGravy · 2007-08-30 01:19 · Score: 4, Funny

Have you tried

"Hi, I am ze plumber. I haf com to examine ze pipework, ver can I place my tooool ? It is ver huge and I can't keep it in here much longer"
YOU FUCKING LOVE IT by Anonymous Coward · 2007-08-30 01:30 · Score: 5, Interesting

inurl:/view/index.shtml inurl:"ViewerFrame?Mode=" inurl:netw_tcp.shtml intitle:"supervisioncam protocol" inurl:CgiStart?page=Single inurl:index Frame.shtml?newstyle=Quad intitle:liveapplet inurl:LvAppl inurl:/showcam.php?camid inurl:vide o.cgi?resolution= inurl:image?cachebust= intitle :"Live View / - AXIS" inurl:view/view.shtml intext:"MOBOTIX M1" intext:"Open Menu" intitle:snc-rz30 inurl:home/ inurl:"Multi CameraFrame?Mode=" intitle:"EvoCam" inurl:"webcam.html" intitle:"Live NetSnap Cam-Server feed" intitle:"Live View / - AXIS 206M" intitle:"Live View / - AXIS 206W" intitle:"Live View / - AXIS 210" inurl:indexFrame.shtml Axis inurl:"ViewerFrame?Mode=" inurl:"MultiCamer aFrame?Mode=Motion" intitle:start inurl:cgistart intitle:"WJ-NT104 Main Page" intext:"MOBOTIX M1" intext:"Open Menu" intext:"MOBOTIX M10" intext:"Open Menu" intext:"MOBOTIX D10" intext:"Open Menu" intitle:snc-z20 inurl:home/ intitle:snc-cs3 inurl:home/ intitle:snc-rz30 inurl:home/ intitle:"sony network camera snc-p1" intitle:"sony network camera snc-m1" site:.viewnetcam.com -www.viewnetcam.com intitle:"Toshiba Network Camera" user login intitle:"netcam live image" intitle:"i-Catcher Console - Web Monitor" inurl:/home/home