Contractors Lose Jobs After Hacking CIA's In-House Vending Machines

An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.

Fed Contractors vs Fed Employees

[acoustix]

If these were federal employees they wouldn't have been fired. They would have been reassigned. Or asked to take early retirement. Of course this would have happened after being suspended with pay.

Re: Who wrote this?

[c]

If somebody is willing to steal a $1 candy bar, do you really want to trust them with information...

Yeah. My immediate thought is that it might even be intentional; having known and and easy-to-exploit vulnerability in a non-essential system would be a really great way to weed out these kinds of idiots. I don't think it's unreasonable for intelligence agencies to test their employees in one form or another.