(no title)
gwbas1c | 8 days ago
About a year later I learned that one of my users hacked an airport. At the time a few of my users would set their computers to dial random numbers and find modems answering. One of the numbers was a very strange system with no password. The story I heard was that they didn't know what the system was, because it had no identifying information. https://www.cnet.com/tech/services-and-software/doj-charges-...
Aurornis|8 days ago
> The attack on the branch of an unidentified major pharmacy chain occurred on four separate occasions from January through March of last year. The hacker acquired the names, contact information, and prescriptions for the pharmacy's customers
I think the story you heard was a watered down version of what they were doing. You can’t do things like exfiltrate data from a pharmacy database and not know what the system you’re attacking is for.
gwbas1c|7 days ago
They didn't tell me about the pharmacy! Remember, these were teenagers who were curious (and naive to the implications of their actions.)
In the case of the airport, they didn't know it was an airport or even what kind of system they were in. What happened was that one of them found a reboot command, and ran it, not knowing the consequences. (Remember, when a computer controls a "thing," there is often a complicated startup procedure when it reboots.)
So don't just blame foolish kids; whoever thought it was a good idea to allow modem access to an air traffic control program without a password was the bigger fool. I had stronger security on my dial-up BBS than an airport.