The Mob's IT Department

An anonymous reader writes: An article at Bloomberg relates the story of two IT professionals who reluctantly teamed up with an organized criminal network in building a sophisticated drug smuggling operation. "[The criminals were] clever, recruiting Van De Moere and Maertens the way a spymaster develops a double agent. By the time they understood what they were involved in, they were already implicated." The pair were threatened, and afraid to go to the police. They were asked to help with deploying malware and building "pwnies" — small computers capable of intercepting network traffic that could be disguised as power strips and routers. In 2012, authorities lucked into some evidence that led them to investigate the operation. "Technicians found a bunch of surveillance devices on [the network of large shipping company MSC]. There were two pwnies and a number of Wi-Fi keyloggers—small devices installed in USB ports of computers to record keystrokes—that the hackers were using as backups to the pwnies. MSC hired a private investigator, who called PricewaterhouseCoopers' digital forensics team, which learned that computer hackers were intercepting network traffic to steal PIN codes and hijack MSC's containers."

Re:MITM or unencrypted

[DigiShaman]

Now, at my new job, I get to experience the joys of a locked down laptop that requires an RSA secrurid to log into the network, web is locked down, and no read/write access on the usb ports.

Just as an FYI, if a company is going to restrict local I/O resources to and from a computer, then using a computer is the wrong tool; they should be using thin-clients to a terminal server of some sort.