The worlds of physical and information security are quickly merging into one but people are still trying to take shortcuts.
By now most people have heard news reports about bizarre crimes where stores are receiving bomb threats over the phone and are forced to wire money to some unknown account or the store will get blown up. Evidently the anonymous caller convinces the store employees that they are being observed, makes them sit in a circle or take their clothes off and then wire the money. You can read about these crimes here, here and even here that are taking place across the country from Maine to Kansas.
So how is this possible? How can someone be observing store employees from outside the store? Some of the police officers in the above linked stories think it must obviously be the work of evil hackers who broke into the stores security systems over the Internet. I think it was said best by Hutchinson Kansas Police Chief Dick Heitschmidt when he said “If they can access the Internet, they can get to anything.” (Brilliant! Why is this man wasting his life in law enforcement?)
Actually Chief they don’t even need access to the whole internet, just Google. Take a look at these Google searches, like this one or this one. Those are default web pages for security cameras. Come on, you didn’t think people actually still used old VHS tape for those things anymore did you? It is all IP based and digital. Most people are just to lazy or stupid to setup a robots.txt page to even just change the default passwords. As a result the video feeds from the security cameras are available to anyone with a net connection.
So your criminal does a few Google searches, finds an interesting camera or two, figures out what store they belong to and then makes a phone call. Pretty simple, kinda surprised this hasn’t happened before now.
It is worse than that really. A lot of companies are connecting things like their electronic door card access systems, alarm systems and other security systems to the network. Bomb threats via telephone are what happens when they get access to the video cameras what would happen if they had access to everything else?
Just remember if you can access something over the net then the bad guys can to if they want to bad enough. The key is to make it hard for them, you can start by changing the default passwords.