Imagine for a moment the following scenario: you’re the manager for a busy bank branch in a major city. You come back from lunch and are told by one of your employees that someone from corporate IT dropped by to check on a reported problem with a branch PC. You don’t remember putting in a trouble ticket with IT, but apparently the guy left after looking under a desk and re-plugging a network cable or something. It took less than five minutes. You think nothing of it and go back to approving loans.
Three days later, you get a call from the head of corporate security, wanting to know why someone at your branch has been performing wire transfers from the accounts of customers who’ve never used your branch to accounts at offshore banks. A few hours later, you’re unplugging the bank’s network equipment while he’s shouting at you over the phone about gigabytes of corporate data being pulled down from something in your bank. And when the security team and police arrive to investigate, they find a little nondescript box plugged into a network port, connected to a broadband cellular modem.
Something like this happened to banks in London last year. A man posing as an IT contractor wired networked keyboard-video-monitor (KVM) switches connected to cellular routers into PCs at two bank branches. The ring involved with the thefts was only caught because they decided to go for a third score, and their “technician” was caught in the act. The digital heists were a variation on the hacker “drop box” strategy: boldly walking into a place of business and planting a device, often hidden in plain sight, to use as a Trojan horse to gain remote access to the business’ network.
Read 27 remaining paragraphs | Comments

Leave a Reply