cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Warshipping

OK, used to be you had to somehow physically get into an enterprise in order to install a hidden modem and then hack the system.

 

Now you just build a little computer, probably costing less than $100, with connection capabilities to both cellular data and wifi, and ship it to your target.

 

(From the wording in the article, I think this is just a research project ... for now ...)

 

 

screenshot-2019-08-06-at-12-20-49

 


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
10 Replies
Contributor III

Re: Warshipping

Seem likes an interesting spin on the original Trojan horse. Just think of the next steps...

Community Champion

Re: Warshipping

Does this mean the Post Office, would have to put in precautions and protective measures to seize such parcels?   Or would they have the smarts, to turn themselves off until they arrived at the destination?

 

On mass, a lot may initially get through - or organisations would have to arm their receptionists to deal with such threats on arrival? 

 

Think of the potential terrorism issues, GPS triggered once they get to the programmed destination - a modern turn on IED's - just send them to the target?  

 

The implications are horrendous, would the Post Office accept the Customs declaration, without the parcel going through an X-Ray machine or similar control to ensure they contents were as stated? 

 

I see additional costs associated with this potential threat.

 

Regards

 

Caute_cautim

Community Champion

Re: Warshipping

Amazon does a lot of delivery in the DC area with their own employees and subcontractors.  I would think that they would like to keep their systems secure and part of that would be detection equipment on the sorting lanes to see if sniffers are passing through.  If the sniffer isn't triggered until well after exiting the warehouse there's not much you can do.  Same with most other parcel companies.  

I had a delivery recently handed off from DHL to USPS.  DHL moved it cross country in 2 days.  It took 10 days to move from western Maryland center to the DC area.  I'm sure it was flagged and xrayed several times because it was my monthly shipment from Dollar Shave Club.  Those executive 6 blade razors are very dangerous.  I would like to think that the parcel companies would have many layers of detection employed for this very reason.

Community Champion

Re: Warshipping

> Flyslinger2 (Community Champion) posted a new reply in Industry News on

>   I would like to think that the parcel companies
> would have many layers of detection employed for this very reason.

Oh, you'd like to think so, would you? :-)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The best way to cheer yourself up is to try to cheer somebody
else up. - Mark Twain
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Warshipping

@rsladeI would agree, thinking additional costs, compliance and controls and possibly mandates.

 

Plus thinking would you like an executive six blade razor with your next Pizza delivery?

 

Food chain, Drone delivery and many other means - perhaps protecting the Courier personnel?

 

Or collect it from your local Post Office and the additional controls - flak jacket, metal detector, X-Ray machine, perhaps an EMF device to assist mitigating the a possible threat.

 

Early in the morning on Friday.

 

Regards

 

Caute_cautim

Community Champion

Re: Warshipping

 

For hackers on the lookout for vulnerabilities in physical and network security; this would let them make the best of both worlds... 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Community Champion

Re: Warshipping

@ShannonI agree, we have to think holistically, with innovation and think like the attackers themselves.  Now what could they do, now lets test the theory and then evaluate the risks.

 

Regards

 

Caute_cautim

Advocate I

Re: Warshipping


@rslade wrote:

OK, used to be you had to somehow physically get into an enterprise in order to install a hidden modem and then hack the system.

 

 


 

well, I believe THIS is the ultimate worshipping event!

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
Highlighted
Community Champion

Re: Warshipping


@CraginS wrote:

 

well, I believe THIS is the ultimate worshipping event!


As far as the glitter bomb goes, warshipping would definitely find out who was stealing your packages.  (And probably where they were ...)

 

As far as the ultimate worshipping event:

 

 

10836697_1

 


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468