Warshipping

rslade · ‎08-07-2019

OK, used to be you had to somehow physically get into an enterprise in order to install a hidden modem and then hack the system.

Now you just build a little computer, probably costing less than $100, with connection capabilities to both cellular data and wifi, and ship it to your target.

(From the wording in the article, I think this is just a research project ... for now ...)

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

AppDefects · ‎08-07-2019

Seem likes an interesting spin on the original Trojan horse. Just think of the next steps...

Caute_cautim · ‎08-07-2019

Does this mean the Post Office, would have to put in precautions and protective measures to seize such parcels? Or would they have the smarts, to turn themselves off until they arrived at the destination?

On mass, a lot may initially get through - or organisations would have to arm their receptionists to deal with such threats on arrival?

Think of the potential terrorism issues, GPS triggered once they get to the programmed destination - a modern turn on IED's - just send them to the target?

The implications are horrendous, would the Post Office accept the Customs declaration, without the parcel going through an X-Ray machine or similar control to ensure they contents were as stated?

I see additional costs associated with this potential threat.

Regards

Caute_cautim

Flyslinger2 · ‎08-08-2019

Amazon does a lot of delivery in the DC area with their own employees and subcontractors. I would think that they would like to keep their systems secure and part of that would be detection equipment on the sorting lanes to see if sniffers are passing through. If the sniffer isn't triggered until well after exiting the warehouse there's not much you can do. Same with most other parcel companies.

I had a delivery recently handed off from DHL to USPS. DHL moved it cross country in 2 days. It took 10 days to move from western Maryland center to the DC area. I'm sure it was flagged and xrayed several times because it was my monthly shipment from Dollar Shave Club. Those executive 6 blade razors are very dangerous. I would like to think that the parcel companies would have many layers of detection employed for this very reason.

rslade · ‎08-08-2019

> Flyslinger2 (Community Champion) posted a new reply in Industry News on

> I would like to think that the parcel companies
> would have many layers of detection employed for this very reason.

Oh, you'd like to think so, would you? 🙂

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The best way to cheer yourself up is to try to cheer somebody
else up. - Mark Twain
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Caute_cautim · ‎08-08-2019

@rsladeI would agree, thinking additional costs, compliance and controls and possibly mandates.

Plus thinking would you like an executive six blade razor with your next Pizza delivery?

Food chain, Drone delivery and many other means - perhaps protecting the Courier personnel?

Or collect it from your local Post Office and the additional controls - flak jacket, metal detector, X-Ray machine, perhaps an EMF device to assist mitigating the a possible threat.

Early in the morning on Friday.

Regards

Caute_cautim

Shannon · ‎08-08-2019

For hackers on the lookout for vulnerabilities in physical and network security; this would let them make the best of both worlds...

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz

Caute_cautim · ‎08-08-2019

@ShannonI agree, we have to think holistically, with innovation and think like the attackers themselves. Now what could they do, now lets test the theory and then evaluate the risks.

Regards

Caute_cautim

CraginS · ‎08-10-2019

@rslade wrote:
OK, used to be you had to somehow physically get into an enterprise in order to install a hidden modem and then hack the system.

well, I believe THIS is the ultimate worshipping event!

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

rslade · ‎08-10-2019

@CraginS wrote:

well, I believe THIS is the ultimate worshipping event!

As far as the glitter bomb goes, warshipping would definitely find out who was stealing your packages. (And probably where they were ...)

As far as the ultimate worshipping event:

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468