Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thieves Hacking Security Cameras?

Posted by samzenpus on from the steal-from-home dept.

The FBI is investigating fifteen store robberies in eleven states, committed via phone and internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article, "A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened.""

12 of 181 comments (clear)

  1. Hacking security cameras, huh? by EveryNickIsTaken · · Score: 5, Funny

    I'm sure Jack Thompson will blame this on BioShock.

  2. Get the RIAA in on the case! by threaded · · Score: 5, Funny

    Why don't these stores copyright their video feed and then let loose the RIAA on the perps. That'll stop 'em!

    --

    threadeds blog

  3. CCTV by Recovering+Hater · · Score: 5, Interesting

    Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.

    --
    My humor is probably your flamebait
    1. Re:CCTV by Egonis · · Score: 5, Interesting

      I run a security consulting business, and one of the things we do is CCTV Camera Systems.

      Most of our clients are hell-bent on having internet access so that they can remotely view and control their cameras, card access systems, and PA systems.

      Although it is possible to hack these systems, it is a remote chance if configured properly like anything else.

      My guess is that these incidents are with default usernames and passwords on the DVR and other equipment.

      However, my question is: how did they find the IP of a target store?
      It's one thing to want to rob a store, but it's another to know this type of sensitive information.
      And in many cases, even large stores are using DSL or Cable where they get a dynamic IP.

      Sounds like an inside job to me.

  4. Re:"wire money to his bank account"? by morgan_greywolf · · Score: 5, Informative

    That depends on what country the bank account is in. In some countries, bank accounts can't necessarily be tracked back to the owner, they are secured only by a really, really fscking long account number.

    --
    My blog
  5. Why CCTV is on the internet by G4from128k · · Score: 5, Informative

    It's a valid question. Companies put security cameras on the internet to enable remote recording and control. It lets the central office or outsourced security firm handle all the digital video and dispatch police/fire services from a cost-efficient central location. If you owned 100 convenience stores in 10 states, where would you put the security office and how would you link them?

    Rather than build a dedicated hardwired telecom network, companies are using the internet to connect everything together (security systems, financial systems, medical records, industrial control, etc.) As we can see from this example, they think they've created their own virtual network (of some degree of privacy), but in practice, the system is extremely vulnerable. I'd bet that more than a few internet-connected security cameras run with factory-default passwords.

    --
    Two wrongs don't make a right, but three lefts do.
  6. Re:Dumber than dumb by KudyardRipling · · Score: 5, Interesting

    This is called a JURY POOL TAINTING STATEMENT. It is designed to predispose those eligible for jury service in the jurisdictions involved to convict by using the element of fear and terror. Whenever a statement made by law enforcement officials about an alleged criminal act is broadcast, it should be quoted in the voir dire process to screen out the rubberstampers. These are defined as those who (are carefully instructed to) worry about wives, kids, homes, SUV's entertainment systems, 401k's vacations, etc. Since the media as an institution is presumed diligent in publishing such statements, there is a presumption of contamination on the part of the jury pool. That is why one of the boilerplate questions asked by the parties in court deals with this issue of media contaminating his/her worldview or view of the defendant.

    Those who have a place in the system have no place in a jury.

    --
    Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
  7. Re:Dumber than dumb by endianx · · Score: 5, Informative

    And easily found if you know what to look for.

  8. Wireless by Anonymous Coward · · Score: 5, Interesting

    However, my question is: how did they find the IP of a target store?
    It's one thing to want to rob a store, but it's another to know this type of sensitive information.


    In my WarDriving travels, I've come apon many SSID-hidden wireless networks around stores. Sometimes they aren't even encrypted. My recent curiosity with these nets reveals a few wifi networked cameras in some locations, and sometimes if you log into these networks, you can find a nat. From there it's simply accessing a site that gives you a IP.

    But why bother when you already have access to there cameras via a unsecured access point?

    Anonymous for obvious reasons.
  9. YOU FUCKING LOVE IT by Anonymous Coward · · Score: 5, Interesting

    inurl:/view/index.shtml
    inurl:"ViewerFrame?Mode="
    inurl:netw_tcp.shtml
    intitle:"supervisioncam protocol"
    inurl:CgiStart?page=Single
    inurl:index Frame.shtml?newstyle=Quad
    intitle:liveapplet inurl:LvAppl
    inurl:/showcam.php?camid
    inurl:vide o.cgi?resolution=
    inurl:image?cachebust=
    intitle :"Live View / - AXIS"
    inurl:view/view.shtml
    intext:"MOBOTIX M1"
    intext:"Open Menu"
    intitle:snc-rz30
    inurl:home/
    inurl:"Multi CameraFrame?Mode="
    intitle:"EvoCam" inurl:"webcam.html"
    intitle:"Live NetSnap Cam-Server feed"
    intitle:"Live View / - AXIS 206M"
    intitle:"Live View / - AXIS 206W"
    intitle:"Live View / - AXIS 210"
    inurl:indexFrame.shtml Axis
    inurl:"ViewerFrame?Mode="
    inurl:"MultiCamer aFrame?Mode=Motion"
    intitle:start inurl:cgistart
    intitle:"WJ-NT104 Main Page"
    intext:"MOBOTIX M1" intext:"Open Menu"
    intext:"MOBOTIX M10" intext:"Open Menu"
    intext:"MOBOTIX D10" intext:"Open Menu"
    intitle:snc-z20 inurl:home/
    intitle:snc-cs3 inurl:home/
    intitle:snc-rz30 inurl:home/
    intitle:"sony network camera snc-p1"
    intitle:"sony network camera snc-m1"
    site:.viewnetcam.com -www.viewnetcam.com
    intitle:"Toshiba Network Camera" user login
    intitle:"netcam live image"
    intitle:"i-Catcher Console - Web Monitor"
    inurl:/home/home
  10. Re:Dumber than dumb by brian.gunderson · · Score: 5, Funny

    You just slashdotted a whole lotta webcams.

    --
    Appended to the end of comments you post. 120 chars.
  11. Re:Dumber than dumb by lordofthechia · · Score: 5, Funny

    From the article (Piro is the manager)....

    "He then demanded that one of Piros' fingers be cut off for every hour his demands were not met, and another employee got a butcher knife on his orders"

    Anybody wanna take bets on who was the first person fired after this incident?

    --
    Georgia Tech, the leader in Chia(tm) technology.